Please Help ..... [RESOLVED] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Please Help ..... [RESOLVED] Got some more viruses

#1 amritanshu2003

  • Group: Member
  • Posts: 17
  • Joined: 31-July 07

  Posted 01 August 2007 - 03:34 PM

Hi,
I ran VundoFix.exe and it says virus has been fixed but actually it is not.
When I HijackThis I got some new entries. And new windows still pop-up.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:59 PM, on 8/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe
C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = svlproxy.spansion.com:74
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {606DFC55-7A56-4482-8C64-1DF3CC95412A} - (no file)
O2 - BHO: (no name) - {7753DB66-6974-4F1F-AC53-DA268249CBA3} - C:\WINDOWS\system32\jkklm.dll (file missing)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\rfcovrob.dll
O2 - BHO: (no name) - {DCD53738-C4F9-414A-A03C-C7405A4AC844} - C:\WINDOWS\system32\fccyvss.dll (file missing)O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\jiwvuoep.dll",sitypnow
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Spansion VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://myemail.span...ries/stcweb.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168575108468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185941774531
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://hcl.webex.co...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spansion.com
O17 - HKLM\Software\..\Telephony: DomainName = spansion.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spansion.com
O20 - Winlogon Notify: fccyvss - fccyvss.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10415 bytes

#2 RiP

  • Group: Retired Staff
  • Posts: 8,430
  • Joined: 05-December 05

Posted 02 August 2007 - 10:26 AM

Hello amritanshu2003,

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#3 amritanshu2003

  • Group: Member
  • Posts: 17
  • Joined: 31-July 07

Posted 02 August 2007 - 11:21 AM

Hi,
I ran "VirtumundoBeGone.exe" and deleted few registry entry using HiJackThis.
So now I am not getting any popup windows but I still dont know whether virus is gone or not.
And I will run this ComboFix today evening and update u on that.

Can you please take a look into bellow log file and tell me whther its clean log or still doubtful :whistling:

Here is my latest HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:02 AM, on 8/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ussvlpxy01:74
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Spansion VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://myemail.span...ries/stcweb.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168575108468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185941774531
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://hcl.webex.co...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spansion.com
O17 - HKLM\Software\..\Telephony: DomainName = spansion.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spansion.com
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8391 bytes

#4 RiP

  • Group: Retired Staff
  • Posts: 8,430
  • Joined: 05-December 05

Posted 02 August 2007 - 12:04 PM

Hello amritanshu2003,

There's probably still stuff on there, did you delete all of those lines you had bolded?

#5 amritanshu2003

  • Group: Member
  • Posts: 17
  • Joined: 31-July 07

Posted 02 August 2007 - 12:09 PM

Yes I did delete all the bold entries as well as
O20 - Winlogon Notify: fccyvss - fccyvss.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)

Because i found them doubtful.

Is there any other doubtful entry there???

#6 RiP

  • Group: Retired Staff
  • Posts: 8,430
  • Joined: 05-December 05

Posted 02 August 2007 - 12:31 PM

Hello amritanshu2003,

Please don't fix entries unless you are positive about them being bad, one of the lines you deleted was legit and needed to be left alone. This line here:
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

Trust me, we'll get your computer cleaned out, but we need to make sure it's done corrrectly.
  • Open HiJackThis
  • Click on "View the list of Backups"
  • Place a check mark next to everything in that window
  • Click Restore
  • Click Yes
  • Reboot your computer
  • Run HiJackThis and post a new HiJackThis log for review.

#7 amritanshu2003

  • Group: Member
  • Posts: 17
  • Joined: 31-July 07

Posted 02 August 2007 - 11:46 PM

I ll post the log tomorrow...thanks a lot :whistling:

#8 amritanshu2003

  • Group: Member
  • Posts: 17
  • Joined: 31-July 07

Posted 03 August 2007 - 12:38 AM

Hi,
I retored and here is the updated HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:00 PM, on 8/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ussvlpxy01:74
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {606DFC55-7A56-4482-8C64-1DF3CC95412A} - (no file)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\rfcovrob.dll
O2 - BHO: (no name) - {DCD53738-C4F9-414A-A03C-C7405A4AC844} - C:\WINDOWS\system32\fccyvss.dll (file missing)
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Spansion VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://myemail.span...ries/stcweb.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168575108468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185941774531
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://hcl.webex.co...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spansion.com
O17 - HKLM\Software\..\Telephony: DomainName = spansion.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spansion.com
O20 - Winlogon Notify: fccyvss - fccyvss.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8861 bytes

#9 RiP

  • Group: Retired Staff
  • Posts: 8,430
  • Joined: 05-December 05

Posted 03 August 2007 - 12:00 PM

Hello amritanshu2003,

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#10 amritanshu2003

  • Group: Member
  • Posts: 17
  • Joined: 31-July 07

Posted 06 August 2007 - 02:21 PM

I downloaded and ran the combofix.exe and then HiJackThis.
Here is the log for both :

---------------------------------
--ComboFix log file

---------------------------------
ComboFix 07-08-03.4 - "admin" 2007-08-06 13:30:16.1 [GMT -7:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\admin\APPLIC~1.\macromedia\Flash Player\#SharedObjects\KARV4YZW\www.broadcaster.com
C:\DOCUME~1\admin\APPLIC~1.\macromedia\Flash Player\#SharedObjects\KARV4YZW\www.broadcaster.com\played_list.sol
C:\DOCUME~1\admin\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\admin\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\tempc2
C:\tempc2\tmpFF.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\WINDOWS\b103.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\L1
C:\WINDOWS\system32\L11
C:\WINDOWS\system32\L3
C:\WINDOWS\system32\L5
C:\WINDOWS\system32\L7
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\rfcovrob.dll
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\win
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\core


((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))


2007-08-06 13:28 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-01 18:21 <DIR> d-------- C:\VundoFix Backups
2007-08-01 12:24 <DIR> d-------- C:\Program Files\WinSCP
2007-08-01 08:11 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-31 23:15 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-31 23:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-31 21:58 <DIR> d-------- C:\WINDOWS\SQLTools9_KB932557_ENU
2007-07-31 17:07 5,093 --a------ C:\WINDOWS\system32\uugkwifs.dll
2007-07-31 14:44 5,093 --a------ C:\WINDOWS\system32\lcwxncxy.dll
2007-07-31 11:36 5,093 --a------ C:\WINDOWS\system32\mngwcrgu.dll
2007-07-31 09:14 5,093 --a------ C:\WINDOWS\system32\miosbhnc.dll
2007-07-31 08:43 5,093 --a------ C:\WINDOWS\system32\ohbsdvix.dll
2007-07-30 16:54 <DIR> d-------- C:\HiJackThis
2007-07-30 16:32 5,093 --a------ C:\WINDOWS\system32\vtiobset.dll
2007-07-30 15:50 5,093 --a------ C:\WINDOWS\system32\iaurbcbf.dll
2007-07-30 12:15 5,093 --a------ C:\WINDOWS\system32\lkoxhgld.dll
2007-07-29 00:17 126,016 --a------ C:\WINDOWS\system32\jiwvuoep.dll
2007-07-27 11:11 5,091 --a------ C:\WINDOWS\system32\olqtxwwl.dll
2007-07-27 11:08 5,093 --a------ C:\WINDOWS\system32\yflysmed.dll
2007-07-27 09:35 5,093 --a------ C:\WINDOWS\system32\pbyppdss.dll
2007-07-27 09:29 5,091 --a------ C:\WINDOWS\system32\albtxinx.dll
2007-07-26 10:44 5,091 --a------ C:\WINDOWS\system32\ggqrsaja.dll
2007-07-26 10:41 5,093 --a------ C:\WINDOWS\system32\hbefqoxl.dll
2007-07-25 10:42 5,093 --a------ C:\WINDOWS\system32\ycpijetk.dll
2007-07-25 10:08 5,093 --a------ C:\WINDOWS\system32\swsinkjt.dll
2007-07-24 12:35 5,472 --a------ C:\WINDOWS\system32\ddabx.dll
2007-07-24 10:35 5,472 --a------ C:\WINDOWS\system32\pmnnn.dll
2007-07-24 09:09 5,472 --a------ C:\WINDOWS\system32\awtsr.dll
2007-07-23 23:41 6,471 --ahs---- C:\WINDOWS\system32\bdeeg.ini2
2007-07-23 22:30 6,471 --ahs---- C:\WINDOWS\system32\mpqss.bak1
2007-07-22 20:10 8,778 --ahs---- C:\WINDOWS\system32\ybeeg.ini2
2007-07-22 20:02 6,489 --ahs---- C:\WINDOWS\system32\ybeeg.bak1
2007-07-21 23:33 <DIR> d-------- C:\Program Files\InterActual
2007-07-13 10:50 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-07-13 10:50 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-13 10:49 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-07-13 10:49 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-07-13 08:57 <DIR> d-------- C:\DOCUME~1\admin\APPLIC~1\WinRAR
2007-07-10 15:11 <DIR> d-------- C:\HCL Mails
2007-07-08 14:51 36,944 --a------ C:\WINDOWS\system32\stcevent.dll
2007-07-08 14:51 22,136 --a------ C:\WINDOWS\system32\drivers\CSVirtA.sys
2007-07-07 10:50 <DIR> d-------- C:\DOCUME~1\admin\APPLIC~1\ZoomBrowser EX
2007-07-07 10:48 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-07-07 10:48 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-07-07 10:48 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-07-07 10:48 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-07 10:41 <DIR> d-------- C:\Program Files\Canon
2007-07-07 10:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZoomBrowser
2007-07-07 10:40 <DIR> d-------- C:\Program Files\Common Files\Canon


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-06 13:39 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-07-31 22:43 --------- d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-31 22:00 --------- d-------- C:\Program Files\Microsoft SQL Server
2007-07-31 11:21 --------- d-------- C:\Program Files\Google
2007-07-31 09:13 --------- d-------- C:\Program Files\Yahoo!
2007-07-31 09:12 --------- d-------- C:\Program Files\Skype
2007-07-22 19:57 --------- d-------- C:\Program Files\Messenger
2007-07-08 14:51 --------- d-------- C:\Program Files\Cisco Systems
2007-07-02 21:26 4190 --a------ C:\WINDOWS\mozver.dat
2007-07-01 21:53 --------- d-------- C:\Program Files\DivX
2007-06-27 00:19 --------- d-------- C:\Program Files\Common Files\Real
2007-06-26 01:27 363520 --a--c--- C:\WINDOWS\system32\dllcache\w3svc.dll
2007-06-23 05:02 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-23 04:38 --------- d-------- C:\Program Files\Real
2007-05-16 08:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 08:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 08:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 08:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-01-30 01:43 679 --a--c--- C:\Program Files\INSTALL.LOG


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{606DFC55-7A56-4482-8C64-1DF3CC95412A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 22:06]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-12-23 19:23]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-14 13:10]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22]
"TOSHIBA Accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-12-07 06:24]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-15 16:03]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-06-29 19:04]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 19:07]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-11-29 10:10]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 04:44]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 07:40]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-12-27 20:20:30]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2007-01-19 13:58:56]
Spansion VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-01-31 11:21:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyvss]
fccyvss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeby]
C:\WINDOWS\system32\geeby.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk
backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
C:\WINDOWS\system32\ElkCtrl.exe /automation

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryManager]
rundll32.exe "C:\WINDOWS\system32\jiwvuoep.dll",sitypnow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoomingHook]
ZoomingHook.exe

R1 EKECioCtl;ECioCtl;\??\C:\Program Files\TOSHIBA\E-KEY\EKECioCtl.sys
R1 HWSCtrl;TOSHIBA Hardware Setup;\??\C:\Program Files\TOSHIBA\TOSHIBA Applet\HWS_IoDispatch.sys
R1 meiudf;meiudf;C:\WINDOWS\system32\Drivers\meiudf.sys
R1 SPCtl;TOSHIBA Supervisor Password;\??\C:\Program Files\Toshiba\Windows Utilities\spDispatch.sys
R1 SrvcEKIOMngr;SrvcEKIOMngr;\??\C:\Program Files\TOSHIBA\E-KEY\EKIoMngr.sys
R1 SrvcSSIOMngr;SrvcSSIOMngr;\??\C:\Program Files\TOSHIBA\E-KEY\SSIoMngr.sys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R1 StickyMesger;StickyMesger;\??\C:\Program Files\Toshiba\Accessibility\StickyMesger.sys
R1 TPECioCtl;TPECioCtl;\??\C:\Program Files\TOSHIBA\TouchPad\TPECioCtl.sys
R1 TPwSav;Toshiba Power Saver Driver;C:\WINDOWS\system32\DRIVERS\TPwSav.sys
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
R2 CVPNDRVA;Spansion IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
R2 DritekPortIO;Dritek General Port I/O;\??\C:\DRIVERS\FN-ESSE\DPortIO.sys
R2 IISADMIN;IIS Admin;C:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\netdevio.sys
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys
R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 tifm21;tifm21;C:\WINDOWS\system32\drivers\tifm21.sys
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;C:\WINDOWS\system32\Drivers\BULKUSB.sys
S3 CA500AV;Digital Camera Manager(Video);C:\WINDOWS\system32\DRIVERS\CA500AV.SYS
S3 CSVirtA;Cisco Systems SSL VPN Adapter;C:\WINDOWS\system32\DRIVERS\CSVirtA.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63d85e26-e216-11db-9c97-0013cecdb8b3}]
AutoRun\command- E:\JDSecure\Windows\JDSecure20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c142f8cd-c6ae-11db-9c1b-0013cecdb8b3}]
AutoRun\command- E:\LaunchU3.exe


Contents of the 'Scheduled Tasks' folder
2007-08-06 20:40:26 C:\WINDOWS\Tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 13:38:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-06 13:42:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-06 13:41

--- E O F ---
**************************************************************************

Content of ComboFix-quarantined-files.txt

2007-02-10 22:50	  89	--a--c---	C:\Qoobox\Quarantine\C\DOCUME~1\admin\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol.vir
2007-02-10 22:51	  131	--a--c---	C:\Qoobox\Quarantine\C\DOCUME~1\admin\APPLIC~1\Macromedia\Flash Player\#SharedObjects\KARV4YZW\www.broadcaster.com\played_list.sol.vir
2007-04-24 09:21	  9248	--a------	C:\Qoobox\Quarantine\C\Tempc2\tmpFF.log.vir
2007-07-11 00:29	  28160	--a------	C:\Qoobox\Quarantine\C\WINDOWS\b103.exe.vir
2007-07-22 20:00	  40183	--a------	C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir
2007-07-22 20:00	  930	--a------	C:\Qoobox\Quarantine\C\Temp\brr\tmpZTF.log.vir
2007-07-22 20:15	  515	--a------	C:\Qoobox\Quarantine\C\WINDOWS\wr.txt.vir
2007-07-23 10:50	  5472	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\sstqp.dll.vir
2007-07-23 12:51	  5472	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\mllmm.dll.vir
2007-07-23 13:51	  5472	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\mllml.dll.vir
2007-07-23 14:51	  5472	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\jkhhh.dll.vir
2007-07-23 15:51	  5472	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\geeda.dll.vir
2007-07-23 16:51	  5472	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\pmkhe.dll.vir
2007-07-24 11:35	  5472	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\vtutt.dll.vir
2007-07-28 11:09	  69184	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\rfcovrob.dll.vir
2007-08-06 13:34	  692	--a------	C:\Qoobox\Quarantine\Registry_backups\services_core.reg.cf


Folder PATH listing for volume S3A2053D001
Volume serial number is 3133-E664
C:\QOOBOX
\---Quarantine
	+---C
	|   +---DOCUME~1
	|   |   \---admin
	|   |	   \---APPLIC~1
	|   |		   \---Macromedia
	|   |			   \---Flash Player
	|   |				   +---#SharedObjects
	|   |				   |   \---KARV4YZW
	|   |				   |	   \---www.broadcaster.com
	|   |				   |			   played_list.sol.vir
	|   |				   |			   
	|   |				   \---macromedia.com
	|   |					   \---support
	|   |						   \---flashplayer
	|   |							   \---sys
	|   |								   \---#www.broadcaster.com
	|   |										   settings.sol.vir
	|   |										   
	|   +---Program Files
	|   |   \---Common Files
	|   |		   Yazzle1281OinUninstaller.exe.vir
	|   |		   
	|   +---Temp
	|   |   +---0c2
	|   |   |	   tmpFF.log.vir
	|   |   |	   
	|   |   \---brr
	|   |		   tmpZTF.log.vir
	|   |		   
	|   \---WINDOWS
	|	   |   b103.exe.vir
	|	   |   wr.txt.vir
	|	   |   
	|	   \---system32
	|			   geeda.dll.vir
	|			   jkhhh.dll.vir
	|			   mllml.dll.vir
	|			   mllmm.dll.vir
	|			   pmkhe.dll.vir
	|			   rfcovrob.dll.vir
	|			   sstqp.dll.vir
	|			   vtutt.dll.vir
	|			   
	\---Registry_backups
			services_core.reg.cf


********************************************************************************
************
HiJackThis's log file
********************************************************************************
************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:01 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ussvlpxy01:74
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {606DFC55-7A56-4482-8C64-1DF3CC95412A} - (no file)
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Spansion VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://myemail.span...ries/stcweb.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168575108468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185941774531
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://hcl.webex.co...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spansion.com
O17 - HKLM\Software\..\Telephony: DomainName = spansion.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spansion.com
O20 - Winlogon Notify: fccyvss - fccyvss.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8795 bytes

********************************************************************************
********************

Thanks a lot,
Amritanshu

#11 RiP

  • Group: Retired Staff
  • Posts: 8,430
  • Joined: 05-December 05

Posted 07 August 2007 - 01:19 PM

Hello amritanshu2003,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Please download OTMoveIt by Oldtimer and save it to your desktop.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {606DFC55-7A56-4482-8C64-1DF3CC95412A} - (no file)
O20 - Winlogon Notify: fccyvss - fccyvss.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.

Open notepad and copy (Ctrl C) and paste (Ctrl V) the following text in the quote:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryManager]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63d85e26-e216-11db-9c97-0013cecdb8b3}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c142f8cd-c6ae-11db-9c1b-0013cecdb8b3}]


Save it to your desktop as fix133.reg and as Type "All files"
Double click on fix133.reg and allow when prompted to let it merge with the registry.

Run ATF Cleaner:
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Run OTMoveIt:
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\VundoFix Backups
C:\WINDOWS\system32\uugkwifs.dll
C:\WINDOWS\system32\lcwxncxy.dll
C:\WINDOWS\system32\mngwcrgu.dll
C:\WINDOWS\system32\miosbhnc.dll
C:\WINDOWS\system32\ohbsdvix.dll
C:\WINDOWS\system32\vtiobset.dll
C:\WINDOWS\system32\iaurbcbf.dll
C:\WINDOWS\system32\lkoxhgld.dll
C:\WINDOWS\system32\jiwvuoep.dll
C:\WINDOWS\system32\olqtxwwl.dll
C:\WINDOWS\system32\yflysmed.dll
C:\WINDOWS\system32\pbyppdss.dll
C:\WINDOWS\system32\albtxinx.dll
C:\WINDOWS\system32\ggqrsaja.dll
C:\WINDOWS\system32\hbefqoxl.dll
C:\WINDOWS\system32\ycpijetk.dll
C:\WINDOWS\system32\swsinkjt.dll
C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\bdeeg.ini2
C:\WINDOWS\system32\mpqss.bak1
C:\WINDOWS\system32\ybeeg.ini2
C:\WINDOWS\system32\ybeeg.bak1
C:\WINDOWS\system32\jiwvuoep.dll
C:\Program Files\Cisco Systems
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)
Click the red Moveit! button.
Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Reboot into Normal Mode.

In your next reply please include the following:
  • A new Hijackthis log.
  • The OTMoveIt log.

#12 amritanshu2003

  • Group: Member
  • Posts: 17
  • Joined: 31-July 07

Posted 07 August 2007 - 02:54 PM

Hi executed all the steps in the given sequence.
Here is the new log files:
************************
HiJackThis Log
************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:52 PM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ussvlpxy01:74
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Spansion VPN Client.lnk = C:\_OTMoveIt\MovedFiles\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://myemail.span...ries/stcweb.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168575108468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185941774531
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://hcl.webex.co...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spansion.com
O17 - HKLM\Software\..\Telephony: DomainName = spansion.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spansion.com
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Unknown owner - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Unknown owner - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8474 bytes

********************
OTMoveIt log
********************
C:\VundoFix Backups moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\uugkwifs.dll
C:\WINDOWS\system32\uugkwifs.dll NOT unregistered.
C:\WINDOWS\system32\uugkwifs.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\lcwxncxy.dll
C:\WINDOWS\system32\lcwxncxy.dll NOT unregistered.
C:\WINDOWS\system32\lcwxncxy.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\mngwcrgu.dll
C:\WINDOWS\system32\mngwcrgu.dll NOT unregistered.
C:\WINDOWS\system32\mngwcrgu.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\miosbhnc.dll
C:\WINDOWS\system32\miosbhnc.dll NOT unregistered.
C:\WINDOWS\system32\miosbhnc.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ohbsdvix.dll
C:\WINDOWS\system32\ohbsdvix.dll NOT unregistered.
C:\WINDOWS\system32\ohbsdvix.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\vtiobset.dll
C:\WINDOWS\system32\vtiobset.dll NOT unregistered.
C:\WINDOWS\system32\vtiobset.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\iaurbcbf.dll
C:\WINDOWS\system32\iaurbcbf.dll NOT unregistered.
C:\WINDOWS\system32\iaurbcbf.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\lkoxhgld.dll
C:\WINDOWS\system32\lkoxhgld.dll NOT unregistered.
C:\WINDOWS\system32\lkoxhgld.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jiwvuoep.dll
C:\WINDOWS\system32\jiwvuoep.dll NOT unregistered.
C:\WINDOWS\system32\jiwvuoep.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\olqtxwwl.dll
C:\WINDOWS\system32\olqtxwwl.dll NOT unregistered.
C:\WINDOWS\system32\olqtxwwl.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\yflysmed.dll
C:\WINDOWS\system32\yflysmed.dll NOT unregistered.
C:\WINDOWS\system32\yflysmed.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\pbyppdss.dll
C:\WINDOWS\system32\pbyppdss.dll NOT unregistered.
C:\WINDOWS\system32\pbyppdss.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\albtxinx.dll
C:\WINDOWS\system32\albtxinx.dll NOT unregistered.
C:\WINDOWS\system32\albtxinx.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ggqrsaja.dll
C:\WINDOWS\system32\ggqrsaja.dll NOT unregistered.
C:\WINDOWS\system32\ggqrsaja.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\hbefqoxl.dll
C:\WINDOWS\system32\hbefqoxl.dll NOT unregistered.
C:\WINDOWS\system32\hbefqoxl.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ycpijetk.dll
C:\WINDOWS\system32\ycpijetk.dll NOT unregistered.
C:\WINDOWS\system32\ycpijetk.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\swsinkjt.dll
C:\WINDOWS\system32\swsinkjt.dll NOT unregistered.
C:\WINDOWS\system32\swsinkjt.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\ddabx.dll NOT unregistered.
C:\WINDOWS\system32\ddabx.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\pmnnn.dll NOT unregistered.
C:\WINDOWS\system32\pmnnn.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awtsr.dll NOT unregistered.
C:\WINDOWS\system32\awtsr.dll moved successfully.
C:\WINDOWS\system32\bdeeg.ini2 moved successfully.
C:\WINDOWS\system32\mpqss.bak1 moved successfully.
C:\WINDOWS\system32\ybeeg.ini2 moved successfully.
C:\WINDOWS\system32\ybeeg.bak1 moved successfully.
File/Folder C:\WINDOWS\system32\jiwvuoep.dll not found.
C:\Program Files\Cisco Systems\VPN Client\shared moved successfully.
C:\Program Files\Cisco Systems\VPN Client\Setup moved successfully.
C:\Program Files\Cisco Systems\VPN Client\search moved successfully.
C:\Program Files\Cisco Systems\VPN Client\Resources moved successfully.
C:\Program Files\Cisco Systems\VPN Client\profiles moved successfully.
C:\Program Files\Cisco Systems\VPN Client\Logs moved successfully.
C:\Program Files\Cisco Systems\VPN Client\Languages moved successfully.
C:\Program Files\Cisco Systems\VPN Client\include moved successfully.
C:\Program Files\Cisco Systems\VPN Client\Help moved successfully.
C:\Program Files\Cisco Systems\VPN Client\Certificates moved successfully.
C:\Program Files\Cisco Systems\VPN Client\accessible moved successfully.
Folder cleanup failed. C:\Program Files\Cisco Systems\VPN Client scheduled to be deleted on reboot.
C:\Program Files\Cisco Systems\SSL VPN Client moved successfully.
Folder cleanup failed. C:\Program Files\Cisco Systems scheduled to be deleted on reboot.

Created on 08/07/2007 13:41:15

#13 amritanshu2003

  • Group: Member
  • Posts: 17
  • Joined: 31-July 07

Posted 09 August 2007 - 11:16 AM

Hi RipChain,
Are these log files are clean or still some infection is there???
Thanks a lot for ur help
Amritanshu

#14 RiP

  • Group: Retired Staff
  • Posts: 8,430
  • Joined: 05-December 05

Posted 09 August 2007 - 12:38 PM

Hello amritanshu2003,

Your HJT log looks good, how is your computer currently running?

#15 amritanshu2003

  • Group: Member
  • Posts: 17
  • Joined: 31-July 07

Posted 09 August 2007 - 12:54 PM

It running fine without any popups :whistling:
So Is it cleaned??

Thanks a lot

Share this topic:


  • 2 Pages +
  • 1
  • 2