Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Spyware pop up problems [RESOLVED]

Started by crob27 , Oct 21 2006 12:28 PM

This topic is locked

#1
crob27

Posted 21 October 2006 - 12:28 PM

Member

Member
10 posts

I keep getting spyware pop ups coming up that want me to download their sofware. I have ran ad-aware, spy-bot, McAfee, AVG and a few others and it does not get rid of them. Some of the programs find something called command service or something like that but it can never delete it. I would really appreciate the help. Here is my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 2:09:43 PM, on 21/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Windows\xpupdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Chris Robinson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,orksnoi.exe
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\aaadcbuj.dll (file missing)
O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\system32\pmnki.dll
O2 - BHO: (no name) - {2F4A53E1-E797-7823-DE84-0B0FADF786D7} - C:\WINDOWS\system32\tdfdymf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [lqphnxk.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lqphnxk.dll,ssjexm
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Score Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\SCOREP~1\client.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161207820381
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45B7DEFD-A0F2-492C-B38B-91D6A203037C}: NameServer = 206.47.244.101 209.226.175.152
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\m0pola731d.dll (file missing)
O20 - Winlogon Notify: pmnki - C:\WINDOWS\system32\pmnki.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WDOV - Unknown owner - C:\DOCUME~1\CHRISR~1\LOCALS~1\Temp\WDOV.exe (file missing)

#2
Trevuren

Posted 21 October 2006 - 07:37 PM

Old Dog

Retired Staff
18,699 posts

Hi crob27 and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Regards,

Trevuren

#3
crob27

Posted 22 October 2006 - 12:07 PM

Member

Topic Starter
Member
10 posts

Thanks for the help here is my vundofix log

VundoFix V6.2.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 1:50:42 AM 22/10/2006

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\kaojuuxx.dll
C:\WINDOWS\SYSTEM32\pmnki.dll
C:\WINDOWS\SYSTEM32\iknmp.ini
C:\WINDOWS\SYSTEM32\iknmp.bak1
C:\WINDOWS\SYSTEM32\iknmp.bak2
C:\WINDOWS\SYSTEM32\iknmp.ini2
C:\WINDOWS\SYSTEM32\iknmp.tmp
C:\WINDOWS\SYSTEM32\tdfdymf.dll

VundoFix V6.2.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 11:21:18 AM 22/10/2006

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\kaojuuxx.dll
C:\WINDOWS\SYSTEM32\pmnki.dll
C:\WINDOWS\SYSTEM32\iknmp.ini
C:\WINDOWS\SYSTEM32\iknmp.bak1
C:\WINDOWS\SYSTEM32\iknmp.bak2
C:\WINDOWS\SYSTEM32\iknmp.ini2
C:\WINDOWS\SYSTEM32\iknmp.tmp
C:\WINDOWS\SYSTEM32\tdfdymf.dll
C:\WINDOWS\SYSTEM32\ajlrollp.exe
C:\WINDOWS\SYSTEM32\tvfxigkb.exe
C:\WINDOWS\SYSTEM32\ssrscxyj.exe
C:\WINDOWS\SYSTEM32\engqmdjw.exe
C:\WINDOWS\SYSTEM32\jshjoruk.exe
C:\WINDOWS\SYSTEM32\prmkfqpc.exe
C:\WINDOWS\SYSTEM32\apueujwu.exe
C:\WINDOWS\SYSTEM32\lhmhsnwy.exe
C:\WINDOWS\SYSTEM32\lsnqhtti.exe
C:\WINDOWS\SYSTEM32\msrbbkrr.exe
C:\WINDOWS\SYSTEM32\oecewoqg.exe
C:\WINDOWS\SYSTEM32\guvgbktr.exe
C:\WINDOWS\SYSTEM32\ierklamx.exe
C:\WINDOWS\SYSTEM32\vmawbijh.exe
C:\WINDOWS\SYSTEM32\lmqqsgly.exe
C:\WINDOWS\SYSTEM32\cslhvgjl.exe
C:\WINDOWS\SYSTEM32\intvtmgr.exe
C:\WINDOWS\SYSTEM32\lrvinjfk.exe
C:\WINDOWS\SYSTEM32\vscvwohx.exe
C:\WINDOWS\SYSTEM32\ncijkhwn.exe
C:\WINDOWS\SYSTEM32\iogkwovy.exe
C:\WINDOWS\SYSTEM32\fpgpymbj.exe
C:\WINDOWS\SYSTEM32\kxbtgldr.exe
C:\WINDOWS\SYSTEM32\pwjornrj.exe
C:\WINDOWS\SYSTEM32\pyqiomwq.exe
C:\WINDOWS\SYSTEM32\qbdyvsda.exe
C:\WINDOWS\SYSTEM32\ynqntfmu.exe
C:\WINDOWS\SYSTEM32\eydjaspt.exe
C:\WINDOWS\system32\pmnki.dll
C:\WINDOWS\SYSTEM32\iknmp.ini
C:\WINDOWS\SYSTEM32\iknmp.bak1
C:\WINDOWS\SYSTEM32\iknmp.bak2
C:\WINDOWS\SYSTEM32\iknmp.ini2
C:\WINDOWS\SYSTEM32\iknmp.tmp
C:\WINDOWS\system32\iknmp.ini
C:\WINDOWS\system32\iknmp.bak1
C:\WINDOWS\system32\iknmp.bak2
C:\WINDOWS\system32\iknmp.ini2
C:\WINDOWS\system32\iknmp.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\kaojuuxx.dll
C:\WINDOWS\SYSTEM32\kaojuuxx.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\pmnki.dll
C:\WINDOWS\SYSTEM32\pmnki.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iknmp.ini
C:\WINDOWS\SYSTEM32\iknmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iknmp.bak1
C:\WINDOWS\SYSTEM32\iknmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iknmp.bak2
C:\WINDOWS\SYSTEM32\iknmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iknmp.ini2
C:\WINDOWS\SYSTEM32\iknmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iknmp.tmp
C:\WINDOWS\SYSTEM32\iknmp.tmp Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\tdfdymf.dll
C:\WINDOWS\SYSTEM32\tdfdymf.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ajlrollp.exe
C:\WINDOWS\SYSTEM32\ajlrollp.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\tvfxigkb.exe
C:\WINDOWS\SYSTEM32\tvfxigkb.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ssrscxyj.exe
C:\WINDOWS\SYSTEM32\ssrscxyj.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\engqmdjw.exe
C:\WINDOWS\SYSTEM32\engqmdjw.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jshjoruk.exe
C:\WINDOWS\SYSTEM32\jshjoruk.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\prmkfqpc.exe
C:\WINDOWS\SYSTEM32\prmkfqpc.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\apueujwu.exe
C:\WINDOWS\SYSTEM32\apueujwu.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lhmhsnwy.exe
C:\WINDOWS\SYSTEM32\lhmhsnwy.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lsnqhtti.exe
C:\WINDOWS\SYSTEM32\lsnqhtti.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\msrbbkrr.exe
C:\WINDOWS\SYSTEM32\msrbbkrr.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\oecewoqg.exe
C:\WINDOWS\SYSTEM32\oecewoqg.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\guvgbktr.exe
C:\WINDOWS\SYSTEM32\guvgbktr.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ierklamx.exe
C:\WINDOWS\SYSTEM32\ierklamx.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\vmawbijh.exe
C:\WINDOWS\SYSTEM32\vmawbijh.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lmqqsgly.exe
C:\WINDOWS\SYSTEM32\lmqqsgly.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cslhvgjl.exe
C:\WINDOWS\SYSTEM32\cslhvgjl.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\intvtmgr.exe
C:\WINDOWS\SYSTEM32\intvtmgr.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lrvinjfk.exe
C:\WINDOWS\SYSTEM32\lrvinjfk.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\vscvwohx.exe
C:\WINDOWS\SYSTEM32\vscvwohx.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ncijkhwn.exe
C:\WINDOWS\SYSTEM32\ncijkhwn.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iogkwovy.exe
C:\WINDOWS\SYSTEM32\iogkwovy.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fpgpymbj.exe
C:\WINDOWS\SYSTEM32\fpgpymbj.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\kxbtgldr.exe
C:\WINDOWS\SYSTEM32\kxbtgldr.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\pwjornrj.exe
C:\WINDOWS\SYSTEM32\pwjornrj.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\pyqiomwq.exe
C:\WINDOWS\SYSTEM32\pyqiomwq.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qbdyvsda.exe
C:\WINDOWS\SYSTEM32\qbdyvsda.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ynqntfmu.exe
C:\WINDOWS\SYSTEM32\ynqntfmu.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\eydjaspt.exe
C:\WINDOWS\SYSTEM32\eydjaspt.exe Has been deleted!

Performing Repairs to the registry.
Done!

Here is my Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 2:06:07 PM, on 22/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Windows\xpupdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\Chris Robinson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,orksnoi.exe
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\aaadcbuj.dll (file missing)
O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\system32\pmnki.dll (file missing)
O2 - BHO: (no name) - {2F4A53E1-E797-7823-DE84-0B0FADF786D7} - C:\WINDOWS\system32\tdfdymf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [lqphnxk.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lqphnxk.dll,ssjexm
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Score Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\SCOREP~1\client.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161207820381
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45B7DEFD-A0F2-492C-B38B-91D6A203037C}: NameServer = 206.47.244.101 209.226.175.152
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\m0pola731d.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WDOV - Unknown owner - C:\DOCUME~1\CHRISR~1\LOCALS~1\Temp\WDOV.exe (file missing)

#4
Trevuren

Posted 22 October 2006 - 12:19 PM

Old Dog

Retired Staff
18,699 posts

Please download this file - combofix.exe by sUBs

Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

Regards,

Trevuren

#5
crob27

Posted 22 October 2006 - 01:12 PM

Member

Topic Starter
Member
10 posts

This is all i could find for the combo log.

Chris Robinson - 06-10-22 15:02:17.34 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Chris Robinson\Desktop"

Heres the hijack log

Logfile of HijackThis v1.99.1
Scan saved at 15:10, on 06-10-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\Chris Robinson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,orksnoi.exe
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\aaadcbuj.dll (file missing)
O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\system32\pmnki.dll (file missing)
O2 - BHO: (no name) - {2F4A53E1-E797-7823-DE84-0B0FADF786D7} - C:\WINDOWS\system32\tdfdymf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [lqphnxk.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lqphnxk.dll,ssjexm
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Score Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\SCOREP~1\client.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161207820381
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45B7DEFD-A0F2-492C-B38B-91D6A203037C}: NameServer = 206.47.244.101 209.226.175.152
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\m0pola731d.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WDOV - Unknown owner - C:\DOCUME~1\CHRISR~1\LOCALS~1\Temp\WDOV.exe (file missing)

#6
Trevuren

Posted 22 October 2006 - 01:18 PM

Old Dog

Retired Staff
18,699 posts

Please try running the program again. Walk away and let it do its work. The log often takes some time (minutes) to be produced.

Trevuren

#7
crob27

Posted 22 October 2006 - 04:50 PM

Member

Topic Starter
Member
10 posts

I did it again and let it sit for about half an hour and it looks like the same thing happened. The program would run and after about 5 mintues it was finished. here is the log

Chris Robinson - 06-10-22 16:12:57.10 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Chris Robinson\Desktop"

hers my hijack log

Logfile of HijackThis v1.99.1
Scan saved at 18:50, on 06-10-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Documents and Settings\Chris Robinson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,orksnoi.exe
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\aaadcbuj.dll (file missing)
O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\system32\pmnki.dll (file missing)
O2 - BHO: (no name) - {2F4A53E1-E797-7823-DE84-0B0FADF786D7} - C:\WINDOWS\system32\tdfdymf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [lqphnxk.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lqphnxk.dll,ssjexm
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Score Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\SCOREP~1\client.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161207820381
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45B7DEFD-A0F2-492C-B38B-91D6A203037C}: NameServer = 206.47.244.101 209.226.175.152
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\m0pola731d.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WDOV - Unknown owner - C:\DOCUME~1\CHRISR~1\LOCALS~1\Temp\WDOV.exe (file missing)

#8
Trevuren

Posted 22 October 2006 - 06:53 PM

Old Dog

Retired Staff
18,699 posts

A.
1. Go to Start->Run and type in notepad and hit OK.

2. Then copy and paste the content of the following codebox into Notepad:

sc stop WDOV
sc delete WDOV
del delete.bat

3. Save the file as "delete.bat". Make sure to save it with the quotes.

4. Double click delete.bat.

B. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

C. Please download Look2Me-Destroyer.exe to your desktop.

Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

If Look2Me-Destroyer does not reopen automatically, reboot and try again.

Regards,

Trevuren

#9
crob27

Posted 23 October 2006 - 03:13 PM

Member

Topic Starter
Member
10 posts

Ok i followed all the steps but Look2Me-Destoryer did not reopen automatically when i rebooted.
Here is the Look2Me.txt

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 06-10-23 16:51:12

Infected! C:\WINDOWS\system32\m0pola731d.dll

Attempting to delete infected files...

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{912F58F5-9A5C-4A48-A0FB-839260234DB7}"
HKCR\Clsid\{912F58F5-9A5C-4A48-A0FB-839260234DB7}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9E27822E-3312-4CA0-BFFE-E1EEC8441FE3}"
HKCR\Clsid\{9E27822E-3312-4CA0-BFFE-E1EEC8441FE3}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FA8EA99B-A8A8-462E-8AA4-59A3BF8A042B}"
HKCR\Clsid\{FA8EA99B-A8A8-462E-8AA4-59A3BF8A042B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{898E0231-5138-4913-8C63-3BE82DCAFF25}"
HKCR\Clsid\{898E0231-5138-4913-8C63-3BE82DCAFF25}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B3E5C7D4-15AC-4CF4-BA32-24BF2409F5FD}"
HKCR\Clsid\{B3E5C7D4-15AC-4CF4-BA32-24BF2409F5FD}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7166E465-55BB-48FA-BA19-FCF48B23DA92}"
HKCR\Clsid\{7166E465-55BB-48FA-BA19-FCF48B23DA92}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{86AFA1EF-DF0F-4C56-94A0-A92114A8F15A}"
HKCR\Clsid\{86AFA1EF-DF0F-4C56-94A0-A92114A8F15A}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{05DE7073-A50F-45A4-8579-AA2452592A86}"
HKCR\Clsid\{05DE7073-A50F-45A4-8579-AA2452592A86}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{180E0446-8E61-4306-81A7-F7EA938E96E5}"
HKCR\Clsid\{180E0446-8E61-4306-81A7-F7EA938E96E5}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7423EA02-3B8D-47CE-90BF-FDA71D208719}"
HKCR\Clsid\{7423EA02-3B8D-47CE-90BF-FDA71D208719}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6A931EFA-18F5-437B-9E58-C02E2E0617A3}"
HKCR\Clsid\{6A931EFA-18F5-437B-9E58-C02E2E0617A3}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded

Here is the Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 17:11, on 06-10-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris Robinson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,orksnoi.exe
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\aaadcbuj.dll (file missing)
O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\system32\pmnki.dll (file missing)
O2 - BHO: (no name) - {2F4A53E1-E797-7823-DE84-0B0FADF786D7} - C:\WINDOWS\system32\tdfdymf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [lqphnxk.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lqphnxk.dll,ssjexm
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Score Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\SCOREP~1\client.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161207820381
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45B7DEFD-A0F2-492C-B38B-91D6A203037C}: NameServer = 206.47.244.101 209.226.175.152
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

#10
Trevuren

Posted 23 October 2006 - 04:05 PM

Old Dog

Retired Staff
18,699 posts

A. Please provide a list of uninstallable programs.

To Provide a List of Installed Programs

Run HijackThis.
Click Config>>Miscellaneous Tools>>Open Uninstall Manager>>Save List
Save list to Desktop
Copy the Notepad list and Paste it into this thread.

B.
Please now download AVG AntiSpyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

Once you have downloaded AVG AntiSpyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete, run AVG AntiSpyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

Close AVG AntiSpyware, Do Not run a scan just yet, we will shortly.

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG AntiSpyware is scanning, it may interfere with the scanning proccess:
Launch AVG AntiSpyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG AntiSpyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG AntiSpyware and reboot your system back into Normal Mode and post the results of the report scan along with a fresh HJT log for review.

Regards,

Trevuren

#11
crob27

Posted 23 October 2006 - 05:21 PM

Member

Topic Starter
Member
10 posts

Here is my AVG report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:04 06-10-23

+ Scan result:

C:\Program Files\BraveSentry -> Adware.Bravesentry : Cleaned with backup (quarantined).
C:\Program Files\BraveSentry\BraveSentry.exe -> Adware.Bravesentry : Cleaned with backup (quarantined).
C:\Program Files\BraveSentry\BraveSentry.lic -> Adware.Bravesentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP358\A0104266.dll -> Adware.Searchcolours : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sandlot Shared\slghex.dll -> Adware.SpywareStorm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP358\A0104301.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP358\A0104303.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP358\A0104299.exe -> Downloader.Small.cxx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP358\A0104300.exe -> Downloader.Small.cxx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP358\A0104297.exe -> Downloader.Small.cyb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP358\A0104295.exe -> Downloader.Small.dht : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP358\A0104296.exe -> Downloader.Small.dwx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104533.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104534.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dlh9jkdq2.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dlh9jkdq6.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dlh9jkdq7.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\lo1842629129.exe -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
C:\Program Files\Common Files\romi\romid\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP358\A0104302.exe -> Dropper.Agent.axo : Cleaned with backup (quarantined).
C:\Documents and Settings\Chris Robinson\Local Settings\Temp\rbfttvaj.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\jqudeywe.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mctdwhao.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\nokvrkut.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\tgtkatjt.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\abowinpn.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\acatfelb.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\aeceejax.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\afwjfrcf.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\akgmagor.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\divbqsxf.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\doiymvjg.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ehlititn.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\elixojfc.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\eqywiqsh.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\erxeixke.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\gaujlvbl.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ggpdgnhq.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\gofekeif.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\htidmexs.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ibjolxwj.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\igrrtnwn.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\itecqwyp.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ivvvfdxo.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\jmrkbpix.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\jpdngwux.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\kdnkawws.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\kmnivrms.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\kouhnvlh.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\kylgxsbh.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\lirfdocj.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\lqkspseo.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mwsiofmh.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\nerclkhs.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\oxqpnobb.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\palmacpm.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\pfuqnwrp.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\phergbxs.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\pjmgwsfq.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\poijibdm.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\puvbwguh.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\qayjjegg.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\qdibhsxc.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\qdtagpsx.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\qlewdnqk.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\qrmjqpco.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\qxqtwjuc.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\rowtaybi.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\rpylgbon.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\saidxfcn.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\tpcxltle.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\tqhfxiri.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\untfipwj.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\upoqdbac.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\uxaakuqy.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\uysodjej.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wgtlqhvr.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wvpnslwo.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\xcicjkwt.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\xqbiojxb.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\yrhyfcgp.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\yxnttduy.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104502.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104503.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104504.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104505.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104506.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104507.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104508.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104509.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104510.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104511.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104512.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104513.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104514.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104515.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104516.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104517.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104518.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104519.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104520.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104521.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104522.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104523.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104524.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104525.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104526.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104527.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104528.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\apueujwu.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\cslhvgjl.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\engqmdjw.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\eydjaspt.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\fpgpymbj.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\guvgbktr.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\ierklamx.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\intvtmgr.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\iogkwovy.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\jshjoruk.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\kxbtgldr.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\lhmhsnwy.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\lmqqsgly.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\lrvinjfk.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\lsnqhtti.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\msrbbkrr.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\ncijkhwn.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\oecewoqg.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\prmkfqpc.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\pwjornrj.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\pyqiomwq.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\qbdyvsda.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\ssrscxyj.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\tvfxigkb.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\vmawbijh.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\vscvwohx.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\ynqntfmu.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\desktop.html -> Not-A-Virus.Hoax.Win32.Renos.cy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP358\A0104298.exe -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\Documents and Settings\Chris Robinson\Cookies\chris robinson@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Chris Robinson\Cookies\chris [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Chris Robinson\Cookies\chris robinson@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Chris Robinson\Cookies\chris robinson@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Chris Robinson\Cookies\chris robinson@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Chris Robinson\Cookies\chris robinson@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Chris Robinson\Cookies\chris robinson@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\System Volume Information\_restore{C5DE0F03-BB33-4F4E-97D8-52FD48B305E7}\RP362\A0104535.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).

::Report end

And here is my Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 19:20, on 06-10-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris Robinson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,orksnoi.exe
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\aaadcbuj.dll (file missing)
O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\system32\pmnki.dll (file missing)
O2 - BHO: (no name) - {2F4A53E1-E797-7823-DE84-0B0FADF786D7} - C:\WINDOWS\system32\tdfdymf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [lqphnxk.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lqphnxk.dll,ssjexm
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Score Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\SCOREP~1\client.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161207820381
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45B7DEFD-A0F2-492C-B38B-91D6A203037C}: NameServer = 206.47.244.101 209.226.175.152
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

Another thing, my background seems to keep changing color. Does It have anything to do with these programs?

#12
Trevuren

Posted 23 October 2006 - 06:22 PM

Old Dog

Retired Staff
18,699 posts

A. Please provide a list of uninstallable programs.

To Provide a List of Installed Programs

1. Run HijackThis.
2. Click Config>>Miscellaneous Tools>>Open Uninstall Manager>>Save List
3. Save list to Desktop
4. Copy the Notepad list and Paste it into this thread.

Please post the above as previously requested.

In addition,

You need to update the version of Java that is currently on your system

Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9 from HERE
- Scroll down to where it says "Windows Offline Installation"
- Click the "Download" button to the right.
Once the program has finished downloading:
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
Go back into the Control Panel and double-click the Java Icon.
- Under Temporary Internet Files, click the Delete Files button.
- There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
  Downloaded Applications
  Other Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.

Regards,

Trevuren

#13
crob27

Posted 23 October 2006 - 07:04 PM

Member

Topic Starter
Member
10 posts

Sorry here is the uninstall list:

ACDSee
Acoustica MP3 CD Burner
Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Acrobat 5.0
Adobe Shockwave Player
AVG Anti-Spyware 7.5
AVG Free Edition
CleanUp!
DivX
DivX Player
Easy CD Creator 5 Basic
Efficient Networks SpeedStream DSL
FL Studio 6
Google Toolbar for Internet Explorer
HijackThis 1.99.1
HP Photo Imaging Software
J2SE Runtime Environment 5.0 Update 9
LimeWire 4.9.19
Macromedia Flash Player 8
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft Office Professional Edition 2003
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
MSN Messenger 7.5
NetAssistant
Network Play System (Patching)
RealArcade
Sandlot Games Client Services
Score Poker
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sonic Foundry ACID 4.0
Sony ACID Pro 5.0
StumbleUpon IE Toolbar
Sytrus
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Visual IP InSight(Sympatico Consumer)
VSToolbar for Internet Explorer
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinZip
Yahoo! Messenger

Heres my hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 21:03, on 06-10-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Chris Robinson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,orksnoi.exe
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\aaadcbuj.dll (file missing)
O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\system32\pmnki.dll (file missing)
O2 - BHO: (no name) - {2F4A53E1-E797-7823-DE84-0B0FADF786D7} - C:\WINDOWS\system32\tdfdymf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [lqphnxk.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lqphnxk.dll,ssjexm
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Score Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\SCOREP~1\client.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161207820381
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45B7DEFD-A0F2-492C-B38B-91D6A203037C}: NameServer = 206.47.244.101 209.226.175.152
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

#14
Trevuren

Posted 23 October 2006 - 08:19 PM

Old Dog

Retired Staff
18,699 posts

A. Please disable AVG AntiSpyware by opening the program and on the Status page - beside "Resident Shield" click on "change status" so that it says "inactive" for it may interfere with our HJT fix.

Remember to reactivate this feature when all our work is finished.

B. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

First we need to make all files and folders VISIBLE:
- Go to start>control panel>folder options>view (tab)
- Choose to "show hidden files and folders,"
- Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
- Close the window with ok
Please RUN HijackThis.
. Click the SCAN button to produce a log.
Place a check mark beside each one of the following items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,orksnoi.exe
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\aaadcbuj.dll (file missing)
O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\system32\pmnki.dll (file missing)
O2 - BHO: (no name) - {2F4A53E1-E797-7823-DE84-0B0FADF786D7} - C:\WINDOWS\system32\tdfdymf.dll (file missing)
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [lqphnxk.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lqphnxk.dll,ssjexm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.
Reboot Your System in Safe Mode

How to use the F8 method to Start Your Computer in Safe Mode
- Restart the computer.
- As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
- Use the arrow keys to select the Safe mode menu item
- Press Enter.
Using the Add/Remove Programs module in your Control Panel, please UNINSTALL the following program(s). These programs are either malware or come bundled with malware or they are foistware, i-e programs that are usually installed without the user's consent.

VSToolBar.dll

See the following if you want a more in-depth explanation:

http://www.bleepingc...nstall/all.html

and/or

http://www.spywarewa...re.htm#products
Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):

C:\Windows\system32\orksnoi.exe<==File
C:\Program Files\VSToolbar<==Folder
C:\WINDOWS\system32\lqphnxk.dll<==File
C:\Program Files\PartyGaming<==Folder
Exit Explorer, and REBOOT BACK INTO NORMAL MODE
Finally, RUN Hijackthis again and produce a new HJT log. Post it in this thread so we can check how everything looks now.

Regards,

Trevuren

#15
crob27

Posted 23 October 2006 - 09:10 PM

Member

Topic Starter
Member
10 posts

Alright here is my Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 23:08, on 06-10-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris Robinson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Score Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\SCOREP~1\client.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161207820381
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45B7DEFD-A0F2-492C-B38B-91D6A203037C}: NameServer = 206.47.244.101 209.226.175.152
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe