Scan saved at 11:44:36 AM, on 2/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\mswnt.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jabber\My Documents\DOWNLOADS\hijackthis\Activate.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Jabber
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {044B50AA-3792-4582-BDC5-00B2349E83DA} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55E6172B-A8D3-4BE2-B313-E6AA19B2A819} - (no file)
O2 - BHO: (no name) - {5C5ACBDA-2200-4707-B435-EED35A1B2467} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7F5A2699-38CD-4B98-B193-5916D6566B01} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O20 - Winlogon Notify: opnno - C:\WINDOWS\
O20 - Winlogon Notify: qomjh - C:\WINDOWS\system32\qomjh.dll (file missing)
O20 - Winlogon Notify: ssqnnll - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Print Spooler Service (uuiy84eiye0iuo) - Unknown owner - C:\WINDOWS\system32\rsbmsc.exe (file missing)
O23 - Service: Windows Zero Connection (WinZConn) - Unknown owner - C:\WINDOWS\system32\mswnt.exe
Activescan.txt 2/17/2007
Incident Status Location
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jabber\Local Settings\Temporary Internet Files\Content.IE5\EFRXL6FD\smitRem[1].exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jabber\My Documents\DOWNLOADS\NEW DOWNLOADS\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jabber\My Documents\DOWNLOADS\NEW DOWNLOADS\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\fmogueth.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\gmlssrhl.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\sehaaihe.exe.bad
smitRem © log file (smitfiles.txt 2/15/07)
version 3.2
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
"IE"="7.0000"
The current date is: Thu 02/15/2007
The current time is: 22:23:47.91
Running from
C:\Documents and Settings\Jabber\Desktop\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Appinitdll check ........ Thank you Grinler!
dumphive.exe ©2000-2004 Markus Stephany
REGEDIT4
[Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"SecureDesktop"=dword:00000000
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
XP Firewall allowed access
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Documents and Settings\\Jabber\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Jabber\\Desktop\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Documents and Settings\\Jabber\\My Documents\\DOWNLOADS\\NEW DOWNLOADS\\webui_v0.300_beta_1\\utorrent-1.6.1-beta-build-481.exe"="C:\\Documents and Settings\\Jabber\\My Documents\\DOWNLOADS\\NEW DOWNLOADS\\webui_v0.300_beta_1\\utorrent-1.6.1-beta-build-481.exe:*:Enabled:æTorrent"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\Outlook Express\\msimn.exe"="C:\\Program Files\\Outlook Express\\msimn.exe:LocalSubNet:Disabled:Outlook Express"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Wal-Mart\\Wal-Mart Digital Photo Manager\\PhotoApp.exe"="C:\\Program Files\\Wal-Mart\\Wal-Mart Digital Photo Manager\\PhotoApp.exe:*:Enabled:Wal-Mart Digital Photo Manager"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\Mathematica.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\Mathematica.exe:*:Enabled:Mathematica 5.2 for Students"
"C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\MathKernel.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\MathKernel.exe:*:Enabled:Mathematica 5.2 for Students Kernel"
"C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\math.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\math.exe:*:Enabled:math.exe"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
checking for drsmartload2 key
drsmartload2 key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present
AntiVermins uninstaller NOT present
VirusBursters uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
amcompat.tlb
nscompat.tlb
logfiles
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1520 'explorer.exe'
Killing PID 1520 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
VundoFix V6.3.6 (VundoFix.txt 2/15/07)
Checking Java version...
Java version is 1.5.0.3
Java version is 1.5.0.8
Java version is 1.5.0.9
Scan started at 10:45:35 PM 2/15/2007
Listing files found while scanning....
C:\WINDOWS\system32\crdffjqj.dll
C:\WINDOWS\system32\fmogueth.exe
C:\WINDOWS\system32\gmlssrhl.exe
C:\WINDOWS\system32\isnjmagx.dll
C:\WINDOWS\system32\jqjffdrc.ini
C:\WINDOWS\system32\onnpo.bak1
C:\WINDOWS\system32\onnpo.bak2
C:\WINDOWS\system32\onnpo.ini
C:\WINDOWS\system32\opnno.dll
C:\WINDOWS\system32\qhyudanr.dll
C:\WINDOWS\system32\qomjh.dll
C:\WINDOWS\system32\qwedvlkt.dll
C:\WINDOWS\system32\rnaduyhq.ini
C:\WINDOWS\system32\rvidyohl.dll
C:\WINDOWS\system32\sehaaihe.exe
C:\WINDOWS\system32\ssqnnll.dll
C:\WINDOWS\system32\tklvdewq.ini
C:\WINDOWS\system32\xgamjnsi.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\crdffjqj.dll
C:\WINDOWS\system32\crdffjqj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fmogueth.exe
C:\WINDOWS\system32\fmogueth.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\gmlssrhl.exe
C:\WINDOWS\system32\gmlssrhl.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\isnjmagx.dll
C:\WINDOWS\system32\isnjmagx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jqjffdrc.ini
C:\WINDOWS\system32\jqjffdrc.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\onnpo.bak1
C:\WINDOWS\system32\onnpo.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\onnpo.bak2
C:\WINDOWS\system32\onnpo.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\onnpo.ini
C:\WINDOWS\system32\onnpo.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnno.dll
C:\WINDOWS\system32\opnno.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\qhyudanr.dll
C:\WINDOWS\system32\qhyudanr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qwedvlkt.dll
C:\WINDOWS\system32\qwedvlkt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rnaduyhq.ini
C:\WINDOWS\system32\rnaduyhq.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\sehaaihe.exe
C:\WINDOWS\system32\sehaaihe.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqnnll.dll
C:\WINDOWS\system32\ssqnnll.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\tklvdewq.ini
C:\WINDOWS\system32\tklvdewq.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\xgamjnsi.ini
C:\WINDOWS\system32\xgamjnsi.ini Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\opnno.dll
C:\WINDOWS\system32\opnno.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqnnll.dll
C:\WINDOWS\system32\ssqnnll.dll Has been deleted!
Performing Repairs to the registry.
Done!
I quarantine Backdoor.Agent.adj "WARNING" by AVG Spyware, then Teatimer requests resident deletion of
swg (Program Files\Google\Google toolbar Notifier)
screensave.exe (C:\Windows\System32\Mal-PC.scr)
NWEReboot
value added or deleted letters & numbers (Windows\System32\rsbmsc.exe)