Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WinFixer and Vundo Variant


  • Please log in to reply

#1
DSK965

DSK965

    New Member

  • Member
  • Pip
  • 7 posts
Hi,

My computer has been infected with Winfixer and Vundo Variants. I have spybot search and destroy and am promted that hgghfec and sstgr want to be added as a winlogin notifiers and also prompts came up to add BHO's. Also I tried to restore my computer using a restore point and an error came up and said unable to complete.. I tried with a few more earlier restore points and had the same results. I also did a scan with norton online scan and it did come up with an infection and took care of it. Also I am not able to update my AVG Anti Virus. Then I came to the forum looking for help. I tried to install the winfixer download but an error came up and was unable to download but did run the Vundofix. I read the intial steps to be taken and followed them to a T. I ran the AVG AntiSpyware and changed the setting. When it was complete it deleted what it found. I went back to make sure I did in fact follow the instuctions of Quarrentining the infections and posting a log on all scans and that was done, not sure why it deleted them ( I did write down what infections were listed but dont have their locations.) After this happened I went throught the rest of the steps and have all the logs. I went and did all the steps over again from the begining. The second time around the AVG AntiSpyware came up with no results. I have both logs from the SuperAntispyware 1st and 2nd logs along with the 1st and 2nd logs for the Panda scan. My computer is running Window XP Media Edition Version 2002 Service Pack 2, I have AVG AntiVirus, AVG AntiSpyware and Spybot Search and Destroy. Thanks for any help you can give me.

Logfile of HijackThis v1.99.1
Scan saved at 2:05:22 PM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Common Files\AOL\1158287302\ee\AOLSoftware.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\davidk\LOCALS~1\Temp\Rar$EX00.750\crusty.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,[email protected]
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158287302\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PictureProject In Touch.lnk = C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar4.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) - http://msx.mlxchange...FileCruiser.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://msx.mlxchange...ol/Specfile.cab
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - http://org.mlxchange...ontrol/SISC.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://midhudsonmls....ch/XMLCache.CAB
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://org.mlxchange...ectComboBox.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://org.mlxchange...ClientUtils.cab
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - http://msx.mlxchange...ol/LiteGrid.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://org.mlxchange...ol/IRCSharc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CBF95A06-D408-46E3-8077-37E5B098EB84} (EnClickLoanWF Control) - https://ilnet.wellsf...clickloanwf.cab
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - http://msx.mlxchange...CustomCtrls.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)

On the first scan with AVG AntiSpyware the threats were listed as followed:
Hijacker.small
Tracking cookies; .2o7, specificclick, pointroll, questionmarket, realmedia, reusci, trafficmp, tribalfusion, yieldmanager and liveperson.
these were deleted the second scan come up with nothing.



SUPERAntiSpyware Scan Log

Generated 08/06/2007 at 10:48 PM



Application Version : 3.6.1000



Core Rules Database Version : 3279

Trace Rules Database Version: 1290



Scan type : Complete Scan

Total Scan Time : 03:04:12



Memory items scanned : 636

Memory threats detected : 2

Registry items scanned : 7189

Registry threats detected : 18

File items scanned : 83429

File threats detected : 60



Adware.Vundo Variant

C:\WINDOWS\SYSTEM32\HGGHFEC.DLL

C:\WINDOWS\SYSTEM32\HGGHFEC.DLL

C:\WINDOWS\SYSTEM32\VTSTS.DLL

C:\WINDOWS\SYSTEM32\VTSTS.DLL

HKLM\Software\Classes\CLSID\{3964D8D6-86D0-493A-B460-A805B5401114}

HKCR\CLSID\{3964D8D6-86D0-493A-B460-A805B5401114}

HKCR\CLSID\{3964D8D6-86D0-493A-B460-A805B5401114}\InprocServer32

HKCR\CLSID\{3964D8D6-86D0-493A-B460-A805B5401114}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{CB6EBEED-93E5-4C82-B105-5C21DE6DAF27}

HKCR\CLSID\{CB6EBEED-93E5-4C82-B105-5C21DE6DAF27}

HKCR\CLSID\{CB6EBEED-93E5-4C82-B105-5C21DE6DAF27}\InprocServer32

HKCR\CLSID\{CB6EBEED-93E5-4C82-B105-5C21DE6DAF27}\InprocServer32#ThreadingModel

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3964D8D6-86D0-493A-B460-A805B5401114}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{3964D8D6-86D0-493A-B460-A805B5401114}

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\hgghfec

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\vtsts

HKCR\CLSID\{3964D8D6-86D0-493A-B460-A805B5401114}



Unclassified.Unknown Origin

HKLM\Software\Classes\CLSID\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}

HKCR\CLSID\{C6039E6C-BDE9-4DE5-BB40-768CAA584FDC}

HKCR\CLSID\{C6039E6C-BDE9-4DE5-BB40-768CAA584FDC}\InprocServer32

HKCR\CLSID\{C6039E6C-BDE9-4DE5-BB40-768CAA584FDC}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\CDGUAEOU.DLL

HKCR\CLSID\{C6039E6C-BDE9-4DE5-BB40-768CAA584FDC}



Adware.Tracking Cookie

C:\Documents and Settings\davidk\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][1].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\David\Cookies\[email protected][2].txt

C:\Documents and Settings\david.PC325862970629\Cookies\[email protected][1].txt

C:\Documents and Settings\david.PC325862970629\Cookies\[email protected][2].txt

C:\Documents and Settings\david.PC325862970629\Cookies\[email protected][1].txt

C:\Documents and Settings\david.PC325862970629\Cookies\[email protected][2].txt

C:\Documents and Settings\david.PC325862970629\Cookies\[email protected][2].txt

C:\Documents and Settings\david.PC325862970629\Cookies\[email protected][1].txt

C:\Documents and Settings\david.PC325862970629\Cookies\[email protected][1].txt



Adware.k8l

C:\PROGRAM FILES\MICROSOFT FRONTPAGE\RTEMEBORT.HTML





SUPERAntiSpyware Scan Log

http://www.superantispyware.com



Generated 08/07/2007 at 09:10 AM



Application Version : 3.9.1008



Core Rules Database Version : 3279

Trace Rules Database Version: 1290



Scan type : Complete Scan

Total Scan Time : 01:41:35



Memory items scanned : 590

Memory threats detected : 0

Registry items scanned : 7206

Registry threats detected : 15

File items scanned : 81231

File threats detected : 3



Adware.Vundo Variant

HKLM\Software\Classes\CLSID\{F8B6B953-B6F0-4272-96D6-F16E416FE39B}

HKCR\CLSID\{F8B6B953-B6F0-4272-96D6-F16E416FE39B}

HKCR\CLSID\{F8B6B953-B6F0-4272-96D6-F16E416FE39B}\InprocServer32

HKCR\CLSID\{F8B6B953-B6F0-4272-96D6-F16E416FE39B}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\VTSTS.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3964D8D6-86D0-493A-B460-A805B5401114}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8B6B953-B6F0-4272-96D6-F16E416FE39B}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{3964D8D6-86D0-493A-B460-A805B5401114}



Trojan.WinFixer

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D4B4F3D-4195-4050-B9E3-AA99ED7A38C9}

HKCR\CLSID\{7D4B4F3D-4195-4050-B9E3-AA99ED7A38C9}

HKCR\CLSID\{7D4B4F3D-4195-4050-B9E3-AA99ED7A38C9}\InprocServer32

HKCR\CLSID\{7D4B4F3D-4195-4050-B9E3-AA99ED7A38C9}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\MLLJJ.DLL



Unclassified.Unknown Origin/System

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAD46291-8403-4148-A715-035EADC270F6}

HKCR\CLSID\{EAD46291-8403-4148-A715-035EADC270F6}

HKCR\CLSID\{EAD46291-8403-4148-A715-035EADC270F6}\InprocServer32

HKCR\CLSID\{EAD46291-8403-4148-A715-035EADC270F6}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\SSTQR.DLL


Incident Status Location

Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\davidk\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
  • 0

Advertisements


#2
Jag11

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
Hi :whistling:

I don't see any signs of Vundo in your HIjackthis log. But I want you to give me a fresh VundoFix report.

Please download VundoFix.exe to your Desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • It will make a log in C:\vundofix.txt, please include that in your next reply along with a new Hijackthis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
  • 0

#3
DSK965

DSK965

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi :whistling:

I don't see any signs of Vundo in your HIjackthis log. But I want you to give me a fresh VundoFix report.

Please download VundoFix.exe to your Desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • It will make a log in C:\vundofix.txt, please include that in your next reply along with a new Hijackthis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.



Hi Jag11,

Thanks so much for the quick reply. I ran the vundo and it came up clean. I also checked the system32 file and the hgghfec.dll was gone and it wasnt on the startup processes anymore either. SuperAntiSpyware came up with vtsts.dll in the system32 file and that is gone too. What do I do about the things that came up in the Panda search.. it said it found hacking software. also still not able to update my AVG AntiVirus... it was working fine before i got infected.

Thanks for all your help.

David
  • 0

#4
Jag11

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
Hello again David. :whistling:

Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\davidk\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

This file is not a virus or something, it's a legit file. Check it here:
http://www.castlecop...chedulerV3.html

Says:

PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others

So let's just remove it from your startup if you want:

Click Start > Run > type: msconfig > OK
Click Startup tab, uncheck PowerReg SchedulerV3.

Then please post a fresh HJT log so I can be sure that you're computer is clean.

-- Jet :blink:
  • 0

#5
DSK965

DSK965

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Jag11,

Sorry I didnt post a new HJT log sooner, I was away for the weekend and just got back. The computer seems to be workin fine except I cant update my AVG Antivirus, it was working just fine before it got infected. I used to update itself everyday any idea what could have caused it to stop updating. Thanks so much for your help.

David

Here is the new HJT log.


Logfile of HijackThis v1.99.1
Scan saved at 10:11:39 PM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\AOL\1158287302\ee\AOLSoftware.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\davidk\LOCALS~1\Temp\Rar$EX00.563\crusty.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,[email protected]
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158287302\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar4.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) - http://msx.mlxchange...FileCruiser.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://msx.mlxchange...ol/Specfile.cab
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - http://org.mlxchange...ontrol/SISC.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://midhudsonmls....ch/XMLCache.CAB
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://org.mlxchange...ectComboBox.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://org.mlxchange...ClientUtils.cab
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - http://msx.mlxchange...ol/LiteGrid.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://org.mlxchange...ol/IRCSharc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CBF95A06-D408-46E3-8077-37E5B098EB84} (EnClickLoanWF Control) - https://ilnet.wellsf...clickloanwf.cab
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - http://msx.mlxchange...CustomCtrls.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
  • 0

#6
Jag11

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
That log looks clean now ! :whistling:

About your problem with AVG, just try to reinstall it (uninstall > download latest version > install). That should solve the problem.

How to Prevent Re-Infection

Please take your time reading on this list, it is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Windows Updates (a must!) - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this, open Internet Explorer, then and select Tools » Windows Update, and follow the online instructions from there.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Firewall (a must!) - It is definitely a must have. Two good free versions are Kerio and ZoneAlarm.
  • Anti-Virus (a must!) - It is also a must have. Two good programs are Avast and AVG, they're both free.
    Note: You must only use 1 (one) AV because if you have 2 AVs, it will conflict with each other and will only make your system slow.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

Edited by Jag11, 13 August 2007 - 10:52 PM.

  • 0

#7
DSK965

DSK965

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Jag11,

Thanks so much for the fast response. Very happy with the information I have learned from you and this forum. Will read what you suggested and download those programs.

David
  • 0

#8
Jag11

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
My pleasure David. :whistling:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP