Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help! HijackThis results and uninstall list

Started by JamesWoo , Feb 12 2007 12:24 PM

  • Please log in to reply

#1
JamesWoo
Posted 12 February 2007 - 12:24 PM

JamesWoo

    Member

  • Member
  • PipPip
  • 14 posts
HijackThis results and uninstall list are as follows. Please help me! I thank you very much!

Regard,

James

-----------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:02:49 PM, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\res.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uky.edu/S...dweb/index.html
R3 - URLSearchHook: 8b03 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4f0antos.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: ʵÓÃËÑË÷ - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:\Program Files\superutilbar\superutilbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\SCIntruder32.dll
O2 - BHO: (no name) - {9fe24f0d-2b1b-4ea6-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4ea6cfsb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: EyeOnIE - {C14393E1-95FF-4DFF-9BE0-EA008D4EF930} - C:\WINDOWS\system32\atsldr.dll
O2 - BHO: 8b03 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4f0antos.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: 8b03 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4f0antos.dll
O3 - Toolbar: ʵÓÃËÑË÷¹¤¾ßÌõ2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:\Program Files\superutilbar\superutilbar.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [res] C:\WINDOWS\system32\res.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDAT\Update.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sdafdsafds] D;]XJOEPXT]ufnq]te265/fyf
O4 - HKLM\..\Run: [dfsf] RUNDLL32.EXE C:\WINDOWS\system\Mvvp.dll,DImmcv
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [System] C:\Program Files\Common Files\System\Updaterun.exe
O4 - HKLM\..\RunOnce: [drvubm41] %systemroot%\system32\Rundll32.exe %systemroot%\system32\drvubm41.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [oldlvkw] %systemroot%\system32\rundll32.exe %systemroot%\system32\oldlvkw.dll,Run
O4 - HKLM\..\RunOnce: [kwhfbkf] %systemroot%\system32\rundll32.exe %systemroot%\system32\kwhfbkf.dll,Run
O4 - HKLM\..\RunOnce: [frjn_h] %systemroot%\system32\rundll32.exe %systemroot%\system32\frjn_h.dll,Run
O4 - HKLM\..\RunOnce: [bp_kzu] %systemroot%\system32\rundll32.exe %systemroot%\system32\bp_kzu.dll,Run
O4 - HKLM\..\RunOnce: [arjd_w] %systemroot%\system32\rundll32.exe %systemroot%\system32\arjd_w.dll,Run
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [UUpdate] C:\Program Files\UUSee\UUpdate.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &RSDN Search - res://C:\Program Files\ScanToolbar\ScanBar.dll/GoRSDN.dll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ?????? - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\CoolWebsite\QuickLink.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: ??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\Program Files\²Æ¸»Í¨\caifu.dll (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BUSINESS.UKY
O17 - HKLM\Software\..\Telephony: DomainName = BUSINESS.UKY
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BF516C5-DE38-4AE0-AF0F-7EE92DB65C7B}: NameServer = 128.163.26.16,128.163.3.10,128.163.1.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BUSINESS.UKY
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BUSINESS.UKY
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: cryptimg - cryptig.dll (file missing)
O21 - SSODL: WebSecurity - {3DD78ACF-0745-4532-94F8-A574457E1A81} - C:\WINDOWS\system32\PvSec.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


------------------------------------------------------------------------------------------------------


1st Email Address Spider 2005
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Adobe Reader Japanese Fonts
DivX
DivX Converter
DivX Player
DivX Web Player
ʵÓÃËÑË÷¹¤¾ßÌõ
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Logitech ImageStudio
McAfee VirusScan Enterprise
Microsoft FrontPage 2000
Microsoft Office Professional Edition 2003
Mozilla Firefox (1.0.7)
MSN Messenger 7.5
MSN Toolbar
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
NVIDIA Windows 2000/XP Display Drivers
plsgraph
PrimoPDF
QuickTime
RealPlayer
Research Insight
SAS 9.1
SAS Private JRE (J2SE™ Java Runtime Environment 1.4.1)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SPSS 14.0 for Windows
SSH Secure Shell
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR ???????
WinStdup
  • 0

Advertisements

#2
Tigger93
Posted 12 February 2007 - 04:58 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hello and Welcome. :whistling:

1. Download ComboFix.exe using either of these links:

BleepingComputer

Techsupportforum.com

2. Double click on combofix.exe & follow the prompts to allow the tool to run.

3. When it has finished, it will produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
  • 0

#3
JamesWoo
Posted 12 February 2007 - 07:27 PM

JamesWoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Tigger93,

Thanks for your help! The following is the ComboFix log.

Regards,

James


------------------------------------------------------------------------------------
"jimingwu" - 07-02-12 20:03:37 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\jimingwu\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\spted.dll
C:\WINDOWS\system32\vjnbq.dll
C:\WINDOWS\system32\wbem\IRJIT.DLL
C:\Documents and Settings\All Users\Templates\temp.exe
C:\Program Files\Common Files\System\Updaterun.exe
C:\WINDOWS\system32\advport.dll
C:\WINDOWS\system32\d3d1caps.SRG
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\ncxml.dll
C:\WINDOWS\system32\nt.sys
C:\WINDOWS\system32\pyintau.exe
C:\WINDOWS\system32\Score.txt
C:\WINDOWS\system32\spted.dll
C:\WINDOWS\system32\stdact.ini
C:\WINDOWS\system32\stdup.uni
C:\WINDOWS\system32\toolset.ini
C:\WINDOWS\system32\UniBar.exe
C:\WINDOWS\system32\wbem\IRJIT.DLL
C:\WINDOWS\system32\wbem\ocmor.dat
C:\WINDOWS\system32\wbem\ocmor.dll
C:\WINDOWS\system32\winttrs
C:\WINDOWS\system32\WsReource.dll
C:\INSTALL.LOG
C:\WINDOWS\AppPatch\AcJava.sdb
C:\WINDOWS\Debug\bmhrt.log
C:\WINDOWS\Help\starter\help.htm
C:\WINDOWS\Help\WinMail.chm
C:\WINDOWS\inf\1394dbg.inf
C:\WINDOWS\bar.exe
C:\WINDOWS\system32\drivers\ws2ifsd.sys
C:\WINDOWS\system32\kwbuf.ini
C:\Program Files\Common Files\CPush
C:\WINDOWS\system32\ContentTemp
C:\WINDOWS\system32\winup
C:\\WINDOWS\system32\drivers\drvubm41.sys
C:\WINDOWS\system32\rundllfromwin2000.exe
C:\WINDOWS\system32\scia.dll
C:\WINDOWS\system32\SCIntruder32.dll
C:\WINDOWS\system32\atsldr.dll
C:\Program Files\CoolWebsite
C:\Program Files\superutilbar
C:\WINDOWS\system32\albus.dat
C:\WINDOWS\system32\albus.dll
C:\WINDOWS\system32\alsmt.exe
C:\WINDOWS\system32\alstd.dat
C:\WINDOWS\system32\Drivers\albus.sys
C:\WINDOWS\system32\std.ini
C:\WINDOWS\system32\stdd.ini
C:\WINDOWS\system32\updadini.ini
C:\WINDOWS\system32\updateSC.exe
C:\WINDOWS\system32\updstdex.ini
C:\WINDOWS\system32\updstdup.ini
C:\~de*.tmp
C:\WINDOWS\system32\4f0antos.dll
C:\WINDOWS\system32\4ea6cfsb.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools
C:\WINDOWS\system32\wbem\ctjpb.dll
C:\WINDOWS\system32\drivers\Albus.SYS
C:\WINDOWS\system32\drivers\bp_kzu.sys
C:\WINDOWS\system32\bp_kzu.dll
C:\WINDOWS\system32\drivers\dqguudu.sys
C:\WINDOWS\system32\dqguudu.dll
C:\WINDOWS\system32\drivers\kwhfbkf.sys
C:\WINDOWS\system32\kwhfbkf.dll
C:\WINDOWS\system32\drivers\oldlvkw.sys
C:\WINDOWS\system32\oldlvkw.dll
C:\WINDOWS\system32\arjd_w.dll
C:\WINDOWS\system32\drivers\arjd_w.sys
C:\WINDOWS\system32\bp_kzu.dll
C:\WINDOWS\system32\drivers\bp_kzu.sys
C:\WINDOWS\system32\frjn_h.dll
C:\WINDOWS\system32\drivers\frjn_h.sys
C:\WINDOWS\system32\BandRes.dll
C:\WINDOWS\system32\cacheur.exe
C:\WINDOWS\system32\drivers\ast.sys
C:\WINDOWS\system32\drivers\AST.sys
C:\WINDOWS\system32\drivers\ffpbek.sys
C:\WINDOWS\system32\drivers\MSUSBBUX.sys
C:\WINDOWS\system32\drivers\parCLS.sys
C:\WINDOWS\system32\drivers\wspipe.sys
C:\WINDOWS\system32\mctet.dll
C:\WINDOWS\system32\ntxml.dll
C:\WINDOWS\system32\PvSec.dll
C:\WINDOWS\system32\stdplay.dll
C:\WINDOWS\system32\stdstub.dll
C:\WINDOWS\system32\stdupnet.dll
C:\WINDOWS\system32\stdvote.dll
C:\WINDOWS\system32\szdj.dll
C:\WINDOWS\system32\umtcap.dll
C:\WINDOWS\system32\wbem\smtpconfs.dll
C:\WINDOWS\system32\STDCACHE
C:\WINDOWS\system32\updadini
C:\WINDOWS\system32\UPDSTDEX
C:\WINDOWS\system32\updstdup
C:\Program Files\Common Files\Updat


((((((((((((((((((((((((((((((( Files Created from 2007-01-12 to 2007-02-12 ))))))))))))))))))))))))))))))))))


2007-02-12 20:07 <DIR> d-------- C:\WINDOWS\ERDNT
2007-02-12 12:56 <DIR> d-------- C:\HJT
2007-02-11 13:31 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-02-11 13:23 <DIR> d-------- C:\DOCUME~1\jimingwu\Application Data\Google
2007-02-11 13:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-02-11 13:22 <DIR> d-------- C:\Program Files\Google
2007-02-05 21:09 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-02-05 21:09 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-02-05 21:09 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-02-05 21:09 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-02-05 21:09 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-02-05 21:09 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-02-05 21:09 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-02-05 21:09 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-02-05 21:09 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-11 13:26 -------- d-------- C:\Documents and Settings\jimingwu\Application Data\google
2007-02-06 09:37 -------- d-------- C:\Program Files\logitech
2007-02-05 10:42 -------- d-------- C:\Program Files\spss
2007-02-05 10:41 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-02-05 09:08 49152 --a------ C:\WINDOWS\system32\drvubm41.dll
2007-01-25 23:10 -------- d-------- C:\Documents and Settings\jimingwu\Application Data\adobeum
2007-01-18 09:02 -------- d-------- C:\Program Files\java
2007-01-10 15:00 -------- d-------- C:\Program Files\microsoft antispyware
2007-01-10 14:33 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-01-06 21:38 0 --a------ C:\BOOT.DAT
2007-01-06 20:51 -------- d-------- C:\Program Files\plsgraph
2006-12-21 13:24 -------- d-------- C:\Program Files\maillist king


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"WebCamRT.exe"=""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.EXE"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\tbmon.exe\""
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"dfsf"="RUNDLL32.EXE C:\\WINDOWS\\system\\Mvvp.dll,DImmcv"
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\ImageStudio\\ISStart.exe"
"LogitechImageStudioTray"="C:\\Program Files\\Logitech\\ImageStudio\\LogiTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"drvubm41"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,52,75,6e,64,6c,6c,33,32,2e,65,78,65,20,25,73,79,73,74,65,6d,72,6f,6f,\
74,25,5c,73,79,73,74,65,6d,33,32,5c,64,72,76,75,62,6d,34,31,2e,64,6c,6c,2c,\
44,6c,6c,55,6e,72,65,67,69,73,74,65,72,53,65,72,76,65,72,00


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"=dword:00000001
"Intellimenus"=dword:00000001
"NoSimpleStartMenu"=dword:00000001
"NoDesktopCleanupWizard"=dword:00000001
"ForceClassicControlPanel"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ws2ifsd

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
AtWork

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ATWORK
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_REMOTE_ACCESS_CONNECTION_MANAGEMENT


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-12 20:11:55
  • 0

#4
Tigger93
Posted 12 February 2007 - 07:45 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hi again,

Can you go here:
www.virustotal.com

and upload and scan this file and post the results?
C:\WINDOWS\system32\drvubm41.dll

After that post the scan results and a new HJT log please. :whistling:

Edited by Tigger93, 12 February 2007 - 07:53 PM.

  • 0

#5
JamesWoo
Posted 12 February 2007 - 10:29 PM

JamesWoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Tigger93,

Thank you very much! The following is the scan results and a new HJT log.

Best regards,

James

---------------------------------------------------------------------------------
STATUS: FINISHEDComplete scanning result of "drvubm41.dll", received in VirusTotal at 02.13.2007, 05:11:03 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.36 02.12.2007 no virus found
Authentium 4.93.8 02.12.2007 no virus found
Avast 4.7.936.0 02.12.2007 Win32:QQhelper-V
AVG 386 02.12.2007 no virus found
BitDefender 7.2 02.13.2007 no virus found
CAT-QuickHeal 9.00 02.13.2007 no virus found
ClamAV devel-20060426 02.12.2007 no virus found
DrWeb 4.33 02.12.2007 DLOADER.Trojan
eSafe 7.0.14.0 02.12.2007 Win32.Downloader
eTrust-Vet 30.4.3393 02.13.2007 Win32/Livuto.S
Ewido 4.0 02.12.2007 no virus found
Fortinet 2.85.0.0 02.12.2007 Adware/AdClicker
F-Prot 4.2.1.29 02.12.2007 no virus found
F-Secure 6.70.13030.0 02.12.2007 no virus found
Ikarus T3.1.0.31 02.12.2007 no virus found
Kaspersky 4.0.2.24 02.13.2007 no virus found
McAfee 4961 02.12.2007 no virus found
Microsoft 1.2204 02.13.2007 no virus found
NOD32v2 2056 02.12.2007 no virus found
Norman 5.80.02 02.12.2007 no virus found
Panda 9.0.0.4 02.12.2007 Suspicious file
Prevx1 V2 02.13.2007 Dropper.Payload
Sophos 4.13.0 02.12.2007 no virus found
Sunbelt 2.2.907.0 02.09.2007 Trojan-Downloader.Gen
Symantec 10 02.13.2007 Downloader
TheHacker 6.1.6.056 02.11.2007 no virus found
UNA 1.83 02.09.2007 no virus found
VBA32 3.11.2 02.12.2007 no virus found
VirusBuster 4.3.19:9 02.12.2007 no virus found


Aditional Information
File size: 49152 bytes
MD5: 142e481c62a8ed7c073cdf9ac8915cd1
SHA1: ced8e85049d8869bc48abb812ca845f5a893e630
Prevx info: http://fileinfo.prev...XC=0ae074425804
Sunbelt info: Trojan-Downloader.Gen is a group of Trojan Downloaders which install download and install multiple unwanted applications of adware and malware from remote servers.



----------------------------------------------------------------------------------

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uky.edu/S...dweb/index.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dfsf] RUNDLL32.EXE C:\WINDOWS\system\Mvvp.dll,DImmcv
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &RSDN Search - res://C:\Program Files\ScanToolbar\ScanBar.dll/GoRSDN.dll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\Program Files\²Æ¸»Í¨\caifu.dll (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BUSINESS.UKY
O17 - HKLM\Software\..\Telephony: DomainName = BUSINESS.UKY
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BF516C5-DE38-4AE0-AF0F-7EE92DB65C7B}: NameServer = 128.163.26.16,128.163.3.10,128.163.1.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BUSINESS.UKY
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BUSINESS.UKY
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: DNS Cache (SoSCAR) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
  • 0

#6
Tigger93
Posted 13 February 2007 - 07:57 AM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hi again,

Please open HJT and put a check next to these:
O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\Program Files\²Æ¸»Í¨\caifu.dll (file missing) (HKCU)

O23 - Service: DNS Cache (SoSCAR) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)

Close all open windows and click "Fix Checked".

Go to Start > Run and type Services.msc then hit Ok
Scroll down and find the below service:

DNS Cache (SoSCAR)

When you find it, double-click on it. In the next window that opens, under the General tab click the Stop button, then click the drop-down box to change the Startup Type to Disabled. Now hit Apply and then Ok.

Open HiJackThis, click on None of the above, just start the program. Now, click on the Config button (bottom right), click on Misc Tools, then click on Delete an NT Service. A window will pop up. Enter the below item into that field (make sure there are NO spaces before or after the name):

SoSCAR

Click OK.

It should pull up information about the service, then ask if you want to reboot. Click YES.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\drvubm41.dll


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Restart your computer and post a new HJT log please and a new Combofix log. :whistling:
  • 0

#7
JamesWoo
Posted 13 February 2007 - 02:01 PM

JamesWoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Tigger93,

Again, thanks! I do not receive the "message PendingFileRenameOperations."

The following is the new HJT log and new Combofix log.

Regards,

James

-----------------------------------------------------------------
Scan saved at 2:48:13 PM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uky.edu/S...dweb/index.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dfsf] RUNDLL32.EXE C:\WINDOWS\system\Mvvp.dll,DImmcv
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &RSDN Search - res://C:\Program Files\ScanToolbar\ScanBar.dll/GoRSDN.dll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BUSINESS.UKY
O17 - HKLM\Software\..\Telephony: DomainName = BUSINESS.UKY
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BF516C5-DE38-4AE0-AF0F-7EE92DB65C7B}: NameServer = 128.163.26.16,128.163.3.10,128.163.1.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BUSINESS.UKY
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BUSINESS.UKY
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


--------------------------------------------------------------------------
"jimingwu" - 07-02-13 14:53:18 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\jimingwu\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\winup


((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


2007-02-13 14:39 <DIR> d-------- C:\!KillBox
2007-02-12 20:07 <DIR> d-------- C:\WINDOWS\ERDNT
2007-02-12 20:02 <DIR> d-------- C:\rename_this_folder_back_to_sUBs_
2007-02-12 12:56 <DIR> d-------- C:\HJT
2007-02-11 13:31 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-02-11 13:23 <DIR> d-------- C:\DOCUME~1\jimingwu\Application Data\Google
2007-02-11 13:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-02-11 13:22 <DIR> d-------- C:\Program Files\Google
2007-02-05 21:09 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-02-05 21:09 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-02-05 21:09 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-02-05 21:09 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-02-05 21:09 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-02-05 21:09 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-02-05 21:09 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-02-05 21:09 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-02-05 21:09 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-13 10:56 -------- d-------- C:\Program Files\spss
2007-02-13 10:53 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-02-06 09:37 -------- d-------- C:\Program Files\logitech
2007-01-25 23:10 -------- d-------- C:\DOCUME~1\jimingwu\Application Data\adobeum
2007-01-18 09:02 -------- d-------- C:\Program Files\java
2007-01-10 15:00 -------- d-------- C:\Program Files\microsoft antispyware
2007-01-10 14:33 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-01-06 21:38 0 --a------ C:\BOOT.DAT
2007-01-06 20:51 -------- d-------- C:\Program Files\plsgraph
2006-12-21 13:24 -------- d-------- C:\Program Files\maillist king


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"WebCamRT.exe"=""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.EXE"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\tbmon.exe\""
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"dfsf"="RUNDLL32.EXE C:\\WINDOWS\\system\\Mvvp.dll,DImmcv"
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\ImageStudio\\ISStart.exe"
"LogitechImageStudioTray"="C:\\Program Files\\Logitech\\ImageStudio\\LogiTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"=dword:00000001
"Intellimenus"=dword:00000001
"NoSimpleStartMenu"=dword:00000001
"NoDesktopCleanupWizard"=dword:00000001
"ForceClassicControlPanel"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ws2ifsd

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
AtWork



********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-13 14:56:59
C:\ComboFix2.txt ... 07-02-12 20:11
  • 0

#8
Tigger93
Posted 13 February 2007 - 03:17 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Looking better. :whistling:

Go Start > Control Panel > Add/Remove Programs and uninstall:
J2SE Runtime Environment 5.0 Update 6

============================================

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system\Mvvp.dll


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

==================================================
After the reboot, find and delete these folders:
C:\!KillBox
C:\rename_this_folder_back_to_sUBs_

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Registry Modifications

Open Notepad and copy and paste in the following:

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"dfsf"=-


Save it as Fix1.reg to the desktop. Double-Click on it and if it asks to merge with registry, allow it to.

===========================================
Can you go here:
www.virustotal.com

and upload and scan these files?
C:\WINDOWS\system32\xinput1_3.dll
C:\WINDOWS\system32\xactengine2_6.dll

Save the results and post them in your next post please.


Restart your computer and post a new HJT log and the Virustotal logs please. :blink:

Edited by Tigger93, 13 February 2007 - 03:18 PM.

  • 0

#9
JamesWoo
Posted 13 February 2007 - 06:27 PM

JamesWoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Tigger93,

I need to use Java Environment. Will I still have it after deleting the file "J2SE Runtime Environment 5.0 Update 6"?

Best regards,

James
  • 0

#10
Tigger93
Posted 13 February 2007 - 07:32 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Do you need this version though? You have a later version (10) that will work?
  • 0

#11
JamesWoo
Posted 14 February 2007 - 01:46 PM

JamesWoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Tigger93,

Thank you very much! The following is the HJT log and the Virustotal logs.

Best regards,

James

-------------------------------------------------------------------------------------
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &RSDN Search - res://C:\Program Files\ScanToolbar\ScanBar.dll/GoRSDN.dll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BUSINESS.UKY
O17 - HKLM\Software\..\Telephony: DomainName = BUSINESS.UKY
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BF516C5-DE38-4AE0-AF0F-7EE92DB65C7B}: NameServer = 128.163.26.16,128.163.3.10,128.163.1.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BUSINESS.UKY
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BUSINESS.UKY
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


----------------------------------------------------------------------------------
STATUS: FINISHEDComplete scanning result of "xactengine2_6.dll", received in VirusTotal at 02.14.2007, 19:42:31 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.37 02.14.2007 no virus found
Authentium 4.93.8 02.14.2007 no virus found
Avast 4.7.936.0 02.14.2007 no virus found
AVG 386 02.14.2007 no virus found
BitDefender 7.2 02.14.2007 no virus found
CAT-QuickHeal 9.00 02.14.2007 no virus found
ClamAV devel-20060426 02.14.2007 no virus found
DrWeb 4.33 02.14.2007 no virus found
eSafe 7.0.14.0 02.14.2007 no virus found
eTrust-Vet 30.4.3397 02.14.2007 no virus found
Ewido 4.0 02.14.2007 no virus found
Fortinet 2.85.0.0 02.14.2007 no virus found
F-Prot 4.2.1.29 02.14.2007 no virus found
F-Secure 6.70.13030.0 02.14.2007 no virus found
Ikarus T3.1.0.31 02.14.2007 no virus found
Kaspersky 4.0.2.24 02.14.2007 no virus found
McAfee 4963 02.14.2007 no virus found
Microsoft 1.2204 02.14.2007 no virus found
NOD32v2 2061 02.14.2007 no virus found
Norman 5.80.02 02.14.2007 no virus found
Panda 9.0.0.4 02.14.2007 no virus found
Prevx1 V2 02.14.2007 no virus found
Sophos 4.14.0 02.13.2007 no virus found
Sunbelt 2.2.907.0 02.09.2007 no virus found
Symantec 10 02.14.2007 no virus found
TheHacker 6.1.6.057 02.14.2007 no virus found
UNA 1.83 02.14.2007 no virus found
VBA32 3.11.2 02.13.2007 no virus found
VirusBuster 4.3.19:9 02.14.2007 no virus found


Aditional Information
File size: 255848 bytes
MD5: 39000e033d39d19ccce21aeafcce2476
SHA1: 6e7823e689a9b720a049a260380805a235ddbf75
packers: embedded

-------------------------------------------------------------------------



STATUS: FINISHEDComplete scanning result of "xinput1_3.dll", received in VirusTotal at 02.14.2007, 20:10:47 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.37 02.14.2007 no virus found
Authentium 4.93.8 02.14.2007 no virus found
Avast 4.7.936.0 02.14.2007 no virus found
AVG 386 02.14.2007 no virus found
BitDefender 7.2 02.14.2007 no virus found
CAT-QuickHeal 9.00 02.14.2007 no virus found
ClamAV devel-20060426 02.14.2007 no virus found
DrWeb 4.33 02.14.2007 no virus found
eSafe 7.0.14.0 02.14.2007 no virus found
eTrust-Vet 30.4.3397 02.14.2007 no virus found
Ewido 4.0 02.14.2007 no virus found
Fortinet 2.85.0.0 02.14.2007 no virus found
F-Prot 4.2.1.29 02.14.2007 no virus found
F-Secure 6.70.13030.0 02.14.2007 no virus found
Ikarus T3.1.0.31 02.14.2007 no virus found
Kaspersky 4.0.2.24 02.14.2007 no virus found
McAfee 4963 02.14.2007 no virus found
Microsoft 1.2204 02.14.2007 no virus found
NOD32v2 2061 02.14.2007 no virus found
Norman 5.80.02 02.14.2007 no virus found
Panda 9.0.0.4 02.14.2007 no virus found
Prevx1 V2 02.14.2007 no virus found
Sophos 4.14.0 02.13.2007 no virus found
Sunbelt 2.2.907.0 02.09.2007 no virus found
Symantec 10 02.14.2007 no virus found
TheHacker 6.1.6.057 02.14.2007 no virus found
UNA 1.83 02.14.2007 no virus found
VBA32 3.11.2 02.13.2007 no virus found
VirusBuster 4.3.19:9 02.14.2007 no virus found


Aditional Information
File size: 68888 bytes
MD5: da9506e800e13da0abba32bb0c105382
SHA1: 78447c8fc4633b86d3cea374fb619fb53e9f9ad7

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees
  • 0

#12
Tigger93
Posted 14 February 2007 - 05:23 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Everything looks good. :whistling: Still having any problems?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP