[umbra1114]

Logfile of HijackThis v1.99.1
Scan saved at 12:35:49 AM, on 10/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LxrJD31s.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wwSecure.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ismini.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\{A04231CA-07CB-1033-0507-041023030001}\Update.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [razer] "C:\Program Files\Razer\razerhid.exe"
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NAV CfgWiz] "c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe" /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1132725892\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [rnvvhif.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\rnvvhif.dll,wpfegr
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] "c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe"
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\spysub.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferi...21e28f59_35.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...oad/tgctlcm.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) - https://go5f.wspan.c...s/WSFileIO2.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go5f.wspan.c...owserConfig.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

[Advertisements]

Hi umbra1114 and Welcome to GeekstoGo!


Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

[Wizard]

Hi umbra1114 and Welcome to GeekstoGo!


Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

[umbra1114]

thank you for the quick reply. i really appreciate it


VundoFix V6.2.2

Checking Java version...

Java version is 1.4.2.3

Java version is 1.4.2.6

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 11:48:17 AM 10/13/2006

Listing files found while scanning....

C:\WINDOWS\system32\cbxwust.dll
C:\WINDOWS\system32\lbbjxhl.dll
C:\WINDOWS\system32\wwdncvtf.dll
C:\WINDOWS\system32\yayaxvt.dll
C:\WINDOWS\system32\xxfhsbcj.exe
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbxwust.dll
C:\WINDOWS\system32\cbxwust.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lbbjxhl.dll
C:\WINDOWS\system32\lbbjxhl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wwdncvtf.dll
C:\WINDOWS\system32\wwdncvtf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayaxvt.dll
C:\WINDOWS\system32\yayaxvt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxfhsbcj.exe
C:\WINDOWS\system32\xxfhsbcj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\ddcyy.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\yycdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\yycdd.bak2
C:\WINDOWS\system32\yycdd.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\ddcyy.dll Has been deleted!

Performing Repairs to the registry.
Done!


***********************************************************

Logfile of HijackThis v1.99.1
Scan saved at 12:12:19 PM, on 10/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LxrJD31s.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wwSecure.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Razer\razertra.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\InterMute\IMStart.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {311CCE62-DDF7-4903-9094-F574703530C4} - C:\WINDOWS\system32\ddcyy.dll (file missing)
O2 - BHO: (no name) - {35AE0503-75C2-BA3C-6D44-00D1D6D5B591} - C:\WINDOWS\system32\lbbjxhl.dll (file missing)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{304231CA-07CB-1033-0507-041023030001}\MyToolBar.dll
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{304231CA-07CB-1033-0507-041023030001}\MyToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [razer] "C:\Program Files\Razer\razerhid.exe"
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NAV CfgWiz] "c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe" /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1132725892\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [rnvvhif.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\rnvvhif.dll,wpfegr
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] "c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe"
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\spysub.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferi...21e28f59_35.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...oad/tgctlcm.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) - https://go5f.wspan.c...s/WSFileIO2.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go5f.wspan.c...owserConfig.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

[Wizard]

Download smitRem.exe ©noahdfear, and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.


Next, please reboot your computer in SafeMode

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Go to Add\Remove Programs and Remove Toolbar888


Make sure Windows is Showing Hidden Files and Folders
http://www.xtra.co.n...16458,00.html#5

Locate and Delete this folder

C:\Program Files\Common Files\{304231CA-07CB-1033-0507-041023030001}

• Still in Safe Mode--> Double-click VundoFix.exe to run it again.
• Right Click inside the listbox (white box) and click add more files
• Copy&Paste the entries below into the open boxes
  • C:\WINDOWS\SYSTEM32\winjyp32.dll
• Click Add Files and Click Close Window
• Click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot,allow the computer to reboot and VundoFix to load.

Just add the very same files as before and Click Remove Vundo.


Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O2 - BHO: (no name) - {311CCE62-DDF7-4903-9094-F574703530C4} - C:\WINDOWS\system32\ddcyy.dll (file missing)

O2 - BHO: (no name) - {35AE0503-75C2-BA3C-6D44-00D1D6D5B591} - C:\WINDOWS\system32\lbbjxhl.dll (file missing)

O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll

O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{304231CA-07CB-1033-0507-041023030001}\MyToolBar.dll

O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)

O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{304231CA-07CB-1033-0507-041023030001}\MyToolBar.dll

O4 - HKLM\..\Run: [rnvvhif.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\rnvvhif.dll,wpfegr

O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferi...21e28f59_35.exe

O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Restart the machine and post back with a fresh HijackThis log along with vundofix.txt and smitfiles.txt

[umbra1114]

hi thanks again.

Logfile of HijackThis v1.99.1
Scan saved at 4:05:45 PM, on 10/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LxrJD31s.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wwSecure.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Razer\razertra.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\InterMute\IMStart.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [razer] "C:\Program Files\Razer\razerhid.exe"
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NAV CfgWiz] "c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe" /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1132725892\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] "c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe"
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\spysub.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...oad/tgctlcm.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) - https://go5f.wspan.c...s/WSFileIO2.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go5f.wspan.c...owserConfig.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

*******************************


VundoFix V6.2.2

Checking Java version...

Java version is 1.4.2.3

Java version is 1.4.2.6

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 11:48:17 AM 10/13/2006

Listing files found while scanning....

C:\WINDOWS\system32\cbxwust.dll
C:\WINDOWS\system32\lbbjxhl.dll
C:\WINDOWS\system32\wwdncvtf.dll
C:\WINDOWS\system32\yayaxvt.dll
C:\WINDOWS\system32\xxfhsbcj.exe
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbxwust.dll
C:\WINDOWS\system32\cbxwust.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lbbjxhl.dll
C:\WINDOWS\system32\lbbjxhl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wwdncvtf.dll
C:\WINDOWS\system32\wwdncvtf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayaxvt.dll
C:\WINDOWS\system32\yayaxvt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxfhsbcj.exe
C:\WINDOWS\system32\xxfhsbcj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\ddcyy.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\yycdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\yycdd.bak2
C:\WINDOWS\system32\yycdd.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\ddcyy.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\winjyp32.dll
C:\WINDOWS\SYSTEM32\winjyp32.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\winjyp32.dll
C:\WINDOWS\SYSTEM32\winjyp32.dll Has been deleted!

Performing Repairs to the registry.
Done!


*****************************


smitRem © log file
version 3.2

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Fri 10/13/2006
The current time is: 15:41:50.06

Running from
C:\Documents and Settings\Owner\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe ©2000-2004 Markus Stephany
REGEDIT4

[Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"AppInit_DLLs"=""

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XP Firewall allowed access

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Steam\\SteamApps\\[email protected]\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\[email protected]\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Kazaa Lite K++\\Kazaa.kpp"="C:\\Program Files\\Kazaa Lite K++\\Kazaa.kpp:*:Enabled:Kazaa"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Steam\\SteamApps\\[email protected]\\half-life\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\[email protected]\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\[email protected]\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\[email protected]\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1132725892\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1132725892\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1132725892\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1132725892\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Steam\\SteamApps\\[email protected]\\half-life 2\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\[email protected]\\half-life 2\\hl2.exe:*:Enabled:hl2"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Steam\\SteamApps\\[email protected]\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\[email protected]\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Diablo II\\Diablo II.exe"="C:\\Program Files\\Diablo II\\Diablo II.exe:*:Enabled:Diablo II"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\MAIET\\Gunz\\Gunz.exe"="C:\\Program Files\\MAIET\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url
Security Troubleshooting.url


~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

amcompat.tlb
ishost.exe
ismini.exe
issearch.exe
ixt*.dll
nscompat.tlb
logfiles


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 860 'explorer.exe'
Killing PID 860 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~

CLEAN!

[Wizard]

Excellent Work!!


Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

• Follow the Instruction on the F-Secure page for proper installation.
• Accept the License Agreement.
• Once the ActiveX installs,Click Full System Scan
• Once the download completes,the scan will begin automatically.
• The scan will take some time to finish,so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.
• Click the Show Report button and Copy&Paste the entire report in your next reply.

[umbra1114]

infinite thank yous

****************

Scanning Report
Friday, October 13, 2006 17:34:23 - 19:00:42

Computer name: YOUR-46E94OWX6A
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 1 malware found
W32/Malware (virus)

* C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE (Submitted)

Statistics
Scanned:

* Files: 43080
* System: 5437
* Not scanned: 12

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 1

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\$NTUNINSTALLQ828026$\MSDXM.OCX
* C:\WINDOWS\$NTUNINSTALLQ828026$\WMP.DLL
* C:\WINDOWS\$NTUNINSTALLKB839645$\FLDRCLNR.DLL
* C:\WINDOWS\$NTUNINSTALLKB837001$\DAO360.DLL
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EA563F5ED0B8EA72081A19B9B561DD25_DEC66183-90B7-4B1C-B466-FDF5AF76D60A

Options
Scanning engines:

* F-Secure AVP: 6.0.171, 2006-10-13
* F-Secure Libra: 2.4.1, 2006-10-13
* F-Secure Orion: 1.2.37, 2006-10-13
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Pegasus: 1.19.0, 2006-08-29
* F-Secure Draco: 1.0.35, 0259-24-212

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

[Wizard]

Lets have a look at what else is laying around in there.


Please download Combofix to your desktop.
http://download.blee...Bs/combofix.exe

Doubleclick combo.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt

Please post that log in the next reply.

[umbra1114]

Owner - 06-10-14 9:40:41.64 Service Pack 2
ComboFix 06.10.08W - Running from: C:\Documents and Settings\Owner\Desktop

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\Inetget2
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{A04231CA-07CB-1033-0507-041023030001}


((((((((((((((((((((((((((((((( Files Created from 2006-09-14 to 2006-10-14 ))))))))))))))))))))))))))))))))))


2006-10-13 00:51 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-10 21:19 93,696 --a------ C:\WINDOWS\system32\rnvvhif.dll
2006-09-17 12:21 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-17 12:21 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-17 12:21 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-17 12:21 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-17 12:21 23,424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-14 09:41 -------- d-------- C:\Program Files\Common Files
2006-10-14 09:33 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-13 00:51 -------- d-------- C:\Program Files\Grisoft
2006-10-10 21:25 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-10 21:25 -------- d-------- C:\Program Files\Ultimate Defender
2006-10-10 21:25 -------- d-------- C:\Program Files\Extensis
2006-10-10 21:24 -------- d-------- C:\Program Files\VSToolbar
2006-10-10 21:24 -------- d-------- C:\Documents and Settings\Owner\Application Data\SearchToolbarCorp
2006-10-09 20:55 -------- d-------- C:\Program Files\Diablo II
2006-10-05 09:52 -------- d-------- C:\Program Files\iTunes
2006-10-05 09:52 -------- d-------- C:\Program Files\iPod
2006-10-05 09:50 -------- d-------- C:\Program Files\QuickTime
2006-10-05 09:48 -------- d-------- C:\Program Files\Apple Software Update
2006-10-01 21:44 -------- d-------- C:\Program Files\Steam
2006-09-24 00:46 24597 --a------ C:\Documents and Settings\Owner\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
2006-09-23 14:44 -------- d-------- C:\Program Files\HP
2006-09-23 13:36 -------- d-------- C:\Program Files\Common Files\HP
2006-09-22 22:46 -------- d-------- C:\Program Files\Overland
2006-09-22 22:21 -------- d-------- C:\Program Files\Hewlett-Packard
2006-09-17 12:21 -------- d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2006-09-17 10:48 -------- d-------- C:\Documents and Settings\Owner\Application Data\G-Force
2006-09-17 10:45 -------- d-------- C:\Program Files\SoundSpectrum
2006-09-16 22:09 -------- d-------- C:\Program Files\Windows Media Player
2006-09-16 22:09 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-09-16 21:46 -------- d-------- C:\Program Files\Viewpoint
2006-09-15 02:53 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-09-15 02:28 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-09-15 02:25 -------- d-------- C:\Program Files\Common Files\System
2006-09-15 02:25 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-15 02:09 -------- d-------- C:\Program Files\Online Services
2006-09-12 22:13 -------- d-------- C:\Documents and Settings\Owner\Application Data\Media Player Classic
2006-09-12 22:12 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-09-12 22:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 17:15 183296 --a-s---- C:\WINDOWS\NDNuninstall7_22.exe
2006-09-12 17:12 8464 --a------ C:\WINDOWS\system32\sporder.dll
2006-09-12 17:12 50688 --a-s---- C:\WINDOWS\NDNuninstall6_38.exe
2006-09-09 17:44 -------- d-------- C:\Documents and Settings\Owner\Application Data\FileMaker
2006-09-05 17:10 -------- d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2006-09-02 17:24 -------- d-------- C:\Program Files\Zero Knowledge
2006-09-02 17:24 -------- d-------- C:\Program Files\Messenger
2006-09-02 17:24 -------- d-------- C:\Program Files\Internet Explorer
2006-09-02 17:24 -------- d-------- C:\Program Files\InterMute
2006-09-02 17:24 -------- d-------- C:\Program Files\InterActual
2006-09-02 14:19 -------- d-------- C:\Program Files\NimoCodec Pack
2006-09-02 14:11 -------- d-------- C:\Program Files\IntelliMover Data Transfer Demo
2006-09-02 12:09 -------- d-------- C:\Program Files\Adobe
2006-09-02 11:18 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-01 10:41 -------- d-------- C:\Program Files\FLVPlayer
2006-08-29 23:10 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-08-25 08:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-08-24 22:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-24 22:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-24 22:30 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 22:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-24 22:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 22:30 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-08-24 22:30 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-24 22:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 22:30 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 22:30 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-08-24 22:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll
2006-08-24 22:30 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 22:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-24 22:30 532992 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 22:30 428032 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 22:30 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 22:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-24 22:30 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-08-24 22:30 349184 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-08-24 22:30 347648 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 22:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-24 22:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-24 22:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 22:30 314368 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-08-24 22:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll
2006-08-24 22:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-08-24 22:30 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-08-24 22:30 276480 --a------ C:\WINDOWS\system32\audiodev.dll
2006-08-24 22:30 27648 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 22:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 22:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll
2006-08-24 22:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-08-24 22:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-08-24 22:30 242176 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-08-24 22:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-24 22:30 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-08-24 22:30 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-08-24 22:30 211968 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-08-24 22:30 210432 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-24 22:30 204800 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 22:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 22:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-24 22:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-24 22:30 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-08-24 22:30 1660416 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-08-24 22:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-08-24 22:30 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-08-24 22:30 1539584 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 22:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 22:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 22:30 133120 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-08-24 22:30 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 22:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 22:30 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-08-24 22:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-08-24 22:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-08-24 22:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 20:31 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-24 20:27 249344 --------- C:\WINDOWS\system32\drmupgds.exe
2006-08-24 20:26 95288 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-08-24 20:26 38656 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2006-08-24 20:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-24 19:22 90112 --------- C:\WINDOWS\system32\drivers\WudfRd.sys
2006-08-24 19:19 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-08-24 19:19 145920 --------- C:\WINDOWS\system32\WudfHost.exe
2006-08-24 19:18 84864 --------- C:\WINDOWS\system32\drivers\WudfPf.sys
2006-08-24 19:18 56320 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-08-24 19:18 168448 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-08-22 21:53 594450 --a------ C:\WINDOWS\system32\x264vfw.dll
2006-08-21 05:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 02:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 02:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-19 11:31 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-17 08:30 160138 --a------ C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
2006-08-17 08:30 -------- d-------- C:\Program Files\Sqirlz Water Reflections
2006-08-16 04:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-16 02:37 225664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2006-08-14 03:34 332928 --a------ C:\WINDOWS\system32\drivers\srv.sys
2006-08-11 20:14 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-07-28 04:28 3054080 --a------ C:\WINDOWS\system32\mshtml(2).dll
2006-07-27 06:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 13:33 613888 --a------ C:\WINDOWS\system32\urlmon(4).dll
2006-07-25 13:33 613888 --a------ C:\WINDOWS\system32\urlmon(3).dll
2006-07-21 01:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NCLaunch"="C:\\WINDOWS\\NCLAUNCH.EXe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BackupNotify"="\"c:\\Program Files\\HP\\Digital Imaging\\bin\\backupnotify.exe\""
"Steam"=""
"Window Washer"="\"C:\\Program Files\\Webroot\\Washer\\wwDisp.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"razer"="\"C:\\Program Files\\Razer\\razerhid.exe\""
"WildTangent CDA"="\"C:\\Program Files\\WildTangent\\Apps\\CDA\\GameDrvr.exe\" /startup \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0500.dll\""
"UpdateManager"="\"c:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"nwiz"="\"nwiz.exe\" /install"
"NAV CfgWiz"="\"c:\\Program Files\\Common Files\\Symantec Shared\\CfgWiz.exe\" /GUID NAV /CMDLINE \"REBOOT\""
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HostManager"="\"C:\\Program Files\\Common Files\\AOL\\1132725892\\ee\\AOLSoftware.exe\""
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"AlcxMonitor"="ALCXMNTR.EXE"
"AGRSMMSG"="AGRSMMSG.exe"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"AVG7_CC"="\"C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe\" /STARTUP"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{0E24427B-DF2A-40EB-980B-A819F5FF3DD0}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Lexmark X5100 Series"="\"C:\\Program Files\\Lexmark X5100 Series\\lxbabmgr.exe\""


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Sat 10/14/2006 9:42:12.79
C:\ComboFix.txt ... 10/14/2006 09:42 AM

[Wizard]

• Double-click VundoFix.exe to run it again.
• Right Click inside the listbox (white box) and click add more files
• Copy&Paste the entries below into the open boxes
  • C:\WINDOWS\system32\rnvvhif.dll
  • C:\WINDOWS\NDNuninstall7_22.exe
  • C:\WINDOWS\NDNuninstall6_38.exe
• Click Add Files and Click Close Window
• Click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot,allow the computer to reboot and VundoFix to load.

Just add the very same files as before and Click Remove Vundo.



Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
• Post the contents of the ActiveScan report along with a fresh HijackThis log.

[umbra1114]

thanks again


Incident Status Location

Adware:adware/ist.istbar Not disinfected c:\program files\common files\Totem Shared
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Adware:adware/brands Not disinfected Windows Registry
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[ad.yieldmanager.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.valueclick.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[ad.yieldmanager.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.adultfriendfinder.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.tribalfusion.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.maxserving.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.zedo.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.c5.zedo.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.zedo.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.realmedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.trafficmp.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.as-us.falkag.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.trafficmp.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.as-us.falkag.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.trafficmp.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.mediaplex.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.ath.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.ath.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.dist.belnk.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.com.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.z1.adserver.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.ads.addynamix.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.casalemedia.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[statse.webtrendslive.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.hitbox.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.ads.pointroll.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.serving-sys.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.adrevolver.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.statcounter.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.questionmarket.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.2o7.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.tradedoubler.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[data.coremetrics.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.qksrv.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.atwola.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[stat.onestat.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.tickle.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.peel.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.revenue.net/]
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.kmpads.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.xiti.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.bluestreak.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies-1.txt[.target.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.overture.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.com.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.winantivirus.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.zedo.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67d1fxd9.default\cookies.txt[.bluestreak.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Common Files\Symantec Shared\VirusDefs\Savrt\0021NAV~.TMP[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Common Files\Symantec Shared\VirusDefs\Savrt\0022NAV~.TMP[smitRem/Process.exe]
Adware:Adware/Lop Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Bpk.dll.130
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.041
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.043
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\Program Files\VSToolbar\VSToolBar.dll
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\cbxwust.dll.bad
Spyware:Spyware/New.net Not disinfected C:\VundoFix Backups\NDNuninstall6_38.exe.bad
Spyware:Spyware/New.net Not disinfected C:\VundoFix Backups\NDNuninstall7_22.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\xxfhsbcj.exe.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\yayaxvt.dll.bad
Dialer:Dialer.HOI Not disinfected C:\WINDOWS\Downloaded Program Files\ActiveSecurity.INF
************************

Logfile of HijackThis v1.99.1
Scan saved at 5:24:03 PM, on 10/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LxrJD31s.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wwSecure.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [razer] "C:\Program Files\Razer\razerhid.exe"
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NAV CfgWiz] "c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe" /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1132725892\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] "c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe"
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\spysub.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...oad/tgctlcm.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) - https://go5f.wspan.c...s/WSFileIO2.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go5f.wspan.c...owserConfig.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

[Wizard]

You will find it difficult to locate the file below so if you like,just run vundo fix without using the scan feature.

Just use the Add Files part and delete this file

C:\WINDOWS\Downloaded Program Files\ActiveSecurity.INF

Locate and Delete this folder

c:\program files\common files\Totem Shared


Open Firefox and Click Tools--> Options--> Privacy

Either Click the Clear All tab near the bottom or click Clear next to every item except Saved Passwords.


Please Install these 2 to add to the Security of the PC

SpywareBlaster:
http://www.javacools.../downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/...2002/hosts2.htm



So how is the computer acting today?

[umbra1114]

thank you so much for everything. so far everything is working quite well. my computer is finally able to restart again i have a few questions though. is it all right if i delete all the programs i installed? (vundofix.exe, hijackthis.exe, etc...) should i post another hijackthis log or am i good to go? and do you have any other tips on how to keep my computer running at its full potential. its a 2 year old machine but it has proven its worth way too many times. and i will also donate some money when i can. once again, infinite thank yous i appreciate it so much.

Edited by umbra1114, 15 October 2006 - 05:31 AM.

[Wizard]

You can remove any programs that were downloaded to assist us in cleaning up the machine.

Also,delete this folder--> C:\VundoFix Backups

Are you familiar with using Msconfig?

If you look at all the 04s in HijackThis,you will see alot of items that arent needed at Startup.

Examples:

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

A simple google query of the file names associated with the 04s will yield the information you need to determine whether you want these items loading at startup.

Most everything I listed above is not really needed when the machine boots up.


Let me know what you decide?

[umbra1114]

thanks again

Edited by umbra1114, 15 October 2006 - 05:56 AM.