Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Vitumundo

Started by SMDSkata , Dec 24 2007 01:02 PM

  • Please log in to reply

#1
SMDSkata
Posted 24 December 2007 - 01:02 PM

SMDSkata

    New Member

  • Member
  • Pip
  • 5 posts
Can anyone confirm and if it is, VundoFix should do it?

I didn't add the Casino Controller - Possible port to hack through? When I go to the ip, it tells me apache has been installed successfully. Could they be exporting my data from computer through that host?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:10 PM, on 12/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Saitek\Software\SaiMfd .exe
C:\Program Files\Saitek\Software\ProfilerU .exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
C:\Program Files\PeerGuardian2\pg2 .exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\a-squared Free\a2free.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jake\Desktop\HiJackThis.exe
C:\Documents and Settings\Jake\Desktop\VundoFix.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arrowsimpro.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F3 - REG:win.ini: load=C:\WINDOWS\system32\mllmj.exe
O1 - Hosts: 64.27.17.186 rocketmod.com
O1 - Hosts: 71.6.152.106 arrowsimpro.com
O1 - Hosts: 71.6.152.106 www.arrowsimpro.com200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1320 PCL 6" -n 1 -l 1033 -sl 120000
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [QdrModule11] "C:\Program Files\QdrModule\QdrModule11.exe"
O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe"
O4 - HKUS\S-1-5-18\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DefaultP17] P17Def.Exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal Coach.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim .exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://download2.cit...rent/wficat.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1134698387093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134698381546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11006 bytes

Thanks,
Jake

Edit: I ran VundoFix. It found 5 or 6 traces. I believe it deleted them all, but it never offered me a report. When I restarted, I got an error saying "could not load "mmlj"(something similar to that) which was one of the Vundo traces.

Edited by SMDSkata, 24 December 2007 - 02:26 PM.

  • 0

Advertisements

#2
racenutalways
Posted 28 December 2007 - 11:48 AM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
Hello SMDSkata and welcome to G2G, you have a couple of things we are gonna have to deal with here, let's start with this;

Let's restore the Host file back to default:

Download the HostsXpert 3.7 - Hosts File Manager.
  • Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 3.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

  • 0

#3
SMDSkata
Posted 28 December 2007 - 04:09 PM

SMDSkata

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I did a hard restart by mistake during combofix when the screen goes blank. I do not this effected it though.

ComboFix 07-12-21.4 - Jake 2007-12-28 16:23:19.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1577 [GMT -5:00]
Running from: C:\Documents and Settings\Jake\Desktop\ComboFix(2).exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\jmllm.ini2
C:\WINDOWS\system32\mllmj.dll
.
---- Previous Run -------
.
C:\Documents and Settings\Jake\Application Data\macromedia\Flash Player\#SharedObjects\2KUX9THP\www.broadcaster.com
C:\Documents and Settings\Jake\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Jake\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\WINDOWS\CSRSS.EXE-22452D1B.pf
C:\WINDOWS\Downloaded Program Files\Quarantine
C:\WINDOWS\hosts
C:\WINDOWS\inet20010
C:\WINDOWS\system32\_000119_.tmp.dll
C:\WINDOWS\system32\iifgfgg.dll
C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\jmllm.ini2

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-28 13:02 . 2007-12-28 13:02 347,648 --a------ C:\WINDOWS\system32\RCX44.tmp
2007-12-28 12:59 . 2007-12-28 12:59 268 --ah----- C:\sqmdata01.sqm
2007-12-28 12:59 . 2007-12-28 12:59 244 --ah----- C:\sqmnoopt01.sqm
2007-12-28 09:28 . 2007-12-28 09:28 347,648 --a------ C:\WINDOWS\system32\RCX21.tmp
2007-12-28 06:49 . 2007-12-28 06:49 347,648 --a------ C:\WINDOWS\system32\RCX43.tmp
2007-12-27 19:26 . 2007-12-28 16:23 347,648 --a------ C:\WINDOWS\system32\mllmj.exe
2007-12-27 19:16 . 2007-12-27 19:16 268 --ah----- C:\sqmdata00.sqm
2007-12-27 19:16 . 2007-12-27 19:16 244 --ah----- C:\sqmnoopt00.sqm
2007-12-27 07:21 . 2007-12-27 07:21 347,648 --a------ C:\WINDOWS\system32\RCX3F.tmp
2007-12-26 13:05 . 2007-12-26 13:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Saitek
2007-12-26 12:44 . 2007-12-26 12:44 347,648 --a------ C:\WINDOWS\system32\RCX3D.tmp
2007-12-26 00:34 . 2007-12-26 00:34 347,648 --a------ C:\WINDOWS\system32\RCX5E.tmp
2007-12-25 16:00 . 2006-12-22 02:18 25,088 --a------ C:\WINDOWS\system32\drivers\npusb64.sys
2007-12-25 16:00 . 2006-12-06 17:20 15,360 --a------ C:\WINDOWS\system32\drivers\npusb.sys
2007-12-25 16:00 . 2006-12-06 17:20 3,790 --a------ C:\WINDOWS\system32\drivers\npusb3.inf
2007-12-25 15:15 . 2007-12-25 15:15 <DIR> d-------- C:\Program Files\NaturalPoint
2007-12-25 12:30 . 2007-12-25 12:30 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\Sony Corporation
2007-12-25 12:16 . 2007-12-25 12:16 <DIR> d-------- C:\Drivers
2007-12-25 12:16 . 2006-10-30 13:46 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2007-12-25 12:16 . 2006-10-30 13:46 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2007-12-25 12:16 . 2006-10-30 13:46 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2007-12-25 12:16 . 2006-10-30 13:46 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2007-12-25 12:16 . 2006-10-30 13:46 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2007-12-25 12:16 . 2006-10-30 13:46 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2007-12-25 12:12 . 2007-12-25 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-12-25 10:17 . 2007-12-25 10:17 347,648 --a------ C:\WINDOWS\system32\RCX17.tmp
2007-12-25 09:03 . 2007-12-25 09:03 <DIR> d-------- C:\Program Files\Viewpoint
2007-12-25 09:03 . 2007-12-25 09:03 <DIR> d-------- C:\Program Files\AOD
2007-12-25 08:30 . 2007-12-25 08:30 3,326 --a------ C:\WINDOWS\system32\SaiC075C-E981EB96-EBA7-4D86-80BA-2897A27E0A58.pr0
2007-12-24 13:37 . 2007-12-27 19:21 <DIR> d-------- C:\VundoFix Backups
2007-12-24 12:42 . 2007-12-26 19:25 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-12-24 10:57 . 2007-12-24 10:57 347,648 --a------ C:\WINDOWS\system32\RCX40.tmp
2007-12-24 09:58 . 2004-08-12 08:58 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2007-12-24 09:57 . 2004-08-12 08:58 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2007-12-24 09:54 . 2007-12-24 09:54 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2007-12-24 09:54 . 2007-12-24 09:54 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-12-24 09:54 . 2007-12-24 09:54 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2007-12-24 09:54 . 2007-12-24 09:54 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2007-12-24 09:54 . 2007-12-24 09:54 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2007-12-24 09:43 . 2004-08-12 09:02 1,086,058 -ra------ C:\WINDOWS\SET5C.tmp
2007-12-24 09:43 . 2004-08-12 09:06 1,042,903 -ra------ C:\WINDOWS\SET56.tmp
2007-12-24 09:43 . 2004-08-12 08:58 13,753 -ra------ C:\WINDOWS\SET6B.tmp
2007-12-24 08:23 . 2004-08-12 09:02 1,086,058 -ra------ C:\WINDOWS\SET5B.tmp
2007-12-24 08:23 . 2004-08-12 09:06 1,042,903 -ra------ C:\WINDOWS\SET55.tmp
2007-12-24 08:23 . 2004-08-12 09:06 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-12-24 08:23 . 2004-08-12 09:06 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-12-24 08:23 . 2004-08-12 08:58 13,753 -ra------ C:\WINDOWS\SET6A.tmp
2007-12-24 08:23 . 2004-08-12 08:58 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-12-24 08:23 . 2004-08-12 08:58 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-12-24 01:09 . 2004-08-12 09:02 1,086,058 -ra------ C:\WINDOWS\SET54.tmp
2007-12-24 01:09 . 2004-08-12 09:06 1,042,903 -ra------ C:\WINDOWS\SET4C.tmp
2007-12-24 01:09 . 2004-08-12 08:58 13,753 -ra------ C:\WINDOWS\SET66.tmp
2007-12-24 00:23 . 2004-08-12 09:02 1,086,058 -ra------ C:\WINDOWS\SET51.tmp
2007-12-24 00:23 . 2004-08-12 09:06 1,042,903 -ra------ C:\WINDOWS\SET4A.tmp
2007-12-24 00:23 . 2004-08-12 08:58 13,753 -ra------ C:\WINDOWS\SET62.tmp
2007-12-24 00:09 . 2004-08-12 09:02 1,086,058 -ra------ C:\WINDOWS\SET5D.tmp
2007-12-24 00:09 . 2004-08-12 09:06 1,042,903 -ra------ C:\WINDOWS\SET5A.tmp
2007-12-23 15:53 . 2007-12-28 16:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-23 15:53 . 2007-12-26 19:38 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-22 11:27 . 2007-12-22 11:27 347,648 --a------ C:\WINDOWS\system32\RCX36.tmp
2007-12-22 11:23 . 2007-12-24 10:57 90,112 --a------ C:\WINDOWS\UpdReg .EXE
2007-12-22 11:23 . 2007-12-28 13:03 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-19 14:26 . 2007-12-23 14:06 <DIR> d-------- C:\Program Files\iLike
2007-12-09 20:02 . 2007-12-09 20:02 <DIR> d-------- C:\FS Coding
2007-12-09 12:29 . 2004-08-12 09:07 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
2007-12-09 12:28 . 2007-12-09 12:28 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-11-28 21:12 . 2007-11-29 11:35 <DIR> d-------- C:\Program Files\support.com
2007-11-28 21:12 . 2007-11-28 21:12 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2007-11-28 21:12 . 2007-11-29 11:37 1,050 --a------ C:\net_save.dna

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 21:50 --------- d-----w C:\Program Files\QuickTime
2007-12-28 21:50 --------- d-----w C:\Program Files\PeerGuardian2
2007-12-28 21:50 --------- d-----w C:\Program Files\iTunes
2007-12-28 21:50 --------- d-----w C:\Program Files\Dell Photo AIO Printer 922
2007-12-28 16:07 56,088 -c--a-w C:\Documents and Settings\Frank\Application Data\GDIPFONTCACHEV1.DAT
2007-12-28 14:03 --------- d-----w C:\Program Files\MSN Messenger
2007-12-28 14:03 --------- d-----w C:\Program Files\AIM
2007-12-28 14:03 --------- d-----w C:\Documents and Settings\Nikki\Application Data\Smilebox
2007-12-27 18:02 --------- d-----w C:\Program Files\Incomplete
2007-12-27 18:00 --------- d-----w C:\Program Files\LimeWire
2007-12-27 03:04 --------- d-----w C:\Documents and Settings\Jake\Application Data\teamspeak2
2007-12-27 01:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-25 21:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 20:10 --------- d-----w C:\Program Files\Saitek
2007-12-25 17:13 --------- d-----w C:\Program Files\Sony
2007-12-24 18:07 --------- d-----w C:\Program Files\a-squared Free
2007-12-24 15:57 --------- d-----w C:\Program Files\Picasa2
2007-12-17 06:30 --------- d-----w C:\Program Files\GetRight
2007-12-15 01:03 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-10 03:50 --------- d-----w C:\Program Files\BitComet
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-21 01:24 --------- d-----w C:\Program Files\Project64 1.6
2007-11-17 01:28 --------- d-----w C:\Program Files\Ektron
2007-11-12 02:03 --------- d-----w C:\Program Files\Flight One Software
2007-11-12 01:25 --------- d-----w C:\Program Files\iPod
2007-11-12 01:20 --------- d-----w C:\Program Files\Apple Software Update
2007-11-12 01:18 --------- d-----w C:\Program Files\Common Files\Apple
2007-11-12 01:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-10 04:08 --------- d-----w C:\Program Files\AAS
2007-11-09 03:37 --------- d-----w C:\Program Files\SmartFTP Client 2.0
2007-11-09 03:09 --------- d-----w C:\Program Files\SmartFTP Client 2.5 Setup Files
2007-11-08 01:51 --------- d-----w C:\Program Files\VstPlugins
2007-11-08 01:51 --------- d-----w C:\Program Files\Image-Line
2007-11-06 01:15 --------- d-----w C:\Program Files\SquawkBox3
2007-11-06 00:26 --------- d-----w C:\Program Files\FSFDT
2007-11-05 16:18 --------- d-----w C:\Program Files\Microsoft Games
2007-11-05 10:34 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-11-05 01:22 --------- d-----w C:\Program Files\CRJ Experience
2007-11-04 16:00 --------- d-----w C:\Documents and Settings\Jake\Application Data\SystemRequirementsLab
2007-05-12 16:49 55,280 -c--a-w C:\Documents and Settings\Jake\Application Data\GDIPFONTCACHEV1.DAT
2006-10-22 22:46 61 --sh--w C:\WINDOWS\cnerolf.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59BF782D-A9B5-4FFF-934A-B297A3F850A4}]
2007-12-28 16:50 344064 --a------ C:\WINDOWS\system32\mllmj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F9E2BE3-766D-4831-BB0E-766D5B819995}]
C:\Program Files\QdrDrive\QdrDrive9.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartFTP Drop]
@={EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}

[HKEY_CLASSES_ROOT\CLSID\{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}]
2007-11-08 01:51 406840 --a------ C:\Program Files\SmartFTP Client 2.0\sfShellTools.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 08:56]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" []
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2007-12-28 16:23]
"QdrModule11"="C:\Program Files\QdrModule\QdrModule11.exe" []
"QdrPack11"="C:\Program Files\QdrPack\QdrPack11.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-12 09:04 C:\WINDOWS\system32\rundll32.exe]
"P17Helper"="Rundll32 P17.dll" []
"hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" []
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2007-12-28 16:50]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" []
"CmUsbSound"="RunDll32 cmcnfgu.cpl" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-28 16:50]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" []
"HPLJ Config"="C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe" []
"LClock"="C:\Program Files\LClock\LClock.exe" []
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2007-12-28 16:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-28 16:50]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" []
"NvMediaCenter"="RUNDLL32.exe" [2004-08-12 09:04 C:\WINDOWS\system32\rundll32.exe]
"NaturalPoint"="C:\Program Files\NaturalPoint\TrackIR4\TrackIR .exe" [2007-12-28 16:50]
"ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [2007-12-28 16:50]
"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-12-28 16:50]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 17:16 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-12 09:01 C:\WINDOWS\system32\narrator.exe]
"DefaultP17MIDI"="MidiDef.Exe" [2002-12-03 17:16 C:\WINDOWS\MIDIDEF.EXE]
"DefaultP17"="P17Def.Exe" [2003-07-25 08:25 C:\WINDOWS\P17DEF.EXE]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-12 09:07]

C:\Documents and Settings\Jake\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-25 12:13:26]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Personal Coach.lnk - C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe [2007-10-14 16:18:19]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\mllmj.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mllmj

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLWriter"=3 (0x3)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"MSSQL$SQLEXPRESS"=2 (0x2)
"Imapi Helper"=3 (0x3)
"IDriverT"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ScsiAccess"=2 (0x2)
"O&O Defrag"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"odserv"=3 (0x3)
"MySQL"=2 (0x2)
"gusvc"=3 (0x3)
"CCALib8"=2 (0x2)
"Apache2"=2 (0x2)

R2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2005-01-24 02:01]
R2 MySQL51;MySQL51;"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.0\my.ini" MySQL51 []
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17]
R3 NPUSB;NPUSB;C:\WINDOWS\system32\drivers\npusb.sys [2006-12-06 17:20]
R3 P17;Sound Blaster Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys [2004-06-09 12:16]
R3 pgfilter;pgfilter;C:\Program Files\PeerGuardian2\pgfilter.sys [2005-09-18 18:02]
R3 SaiH075C;SaiH075C;C:\WINDOWS\system32\DRIVERS\SaiH075C.sys [2006-07-27 06:49]
R3 SaiH0763;SaiH0763;C:\WINDOWS\system32\DRIVERS\SaiH0763.sys [2007-07-12 21:22]
R3 SaiH0BAC;SaiH0BAC;C:\WINDOWS\system32\DRIVERS\SaiH0BAC.sys [2007-09-14 08:48]
S0 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys []
S1 HekkoVirtualCD;Hekko Virtual CD Driver;C:\WINDOWS\system32\Drivers\hvcd.sys []
S1 vcdrom;Virtual CD-ROM Device Driver;C:\Documents and Settings\Jake\Desktop\VCdRom.sys []
S2 BT848;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2005-01-24 02:01]
S2 Ca536av;FashionCam Video Camera Device;C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-09-05 13:47]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 07:05]
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudau.sys [2004-09-02 20:32]
S3 PL-40R;CASIO USB MIDI;C:\WINDOWS\system32\Drivers\pl40rwdm.sys [2002-08-16 01:21]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-02-25 18:26]
S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-02-25 18:26]
S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-09-27 08:57]
S3 USBCamera;FashionCam Digital Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 17:28]
S3 XBAudio;XBox Audio Module;C:\WINDOWS\system32\drivers\xbaudio.sys []
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-03 02:53]
S4 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 03:53]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3B84849C-1C2F-81B9-0407-010203060000}]
C:\WINDOWS\system32\lssas.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-28 17:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-22 03:00:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
"2007-05-16 02:00:44 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
.
**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk not found C:\

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\WINDOWS\system32\mllmj.dll
.
Completion time: 2007-12-28 16:52:47 - machine was rebooted [Jake]
.
2007-12-28 04:35:03 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:32 PM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NaturalPoint\TrackIR4\TrackIR .exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Saitek\SD6\Software\ProfilerU .exe
C:\Program Files\Saitek\SD6\Software\SaiMfd .exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Program Files\PeerGuardian2\pg2 .exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jake\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arrowsimpro.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F3 - REG:win.ini: load=C:\WINDOWS\system32\mllmj.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1320 PCL 6" -n 1 -l 1033 -sl 120000
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NaturalPoint] C:\Program Files\NaturalPoint\TrackIR4\TrackIR .exe
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [QdrModule11] "C:\Program Files\QdrModule\QdrModule11.exe"
O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe"
O4 - HKUS\S-1-5-18\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DefaultP17] P17Def.Exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal Coach.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim .exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://download2.cit...rent/wficat.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1134698387093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134698381546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10337 bytes

Thanks again for the help...

Jake

Edited by SMDSkata, 30 December 2007 - 11:44 AM.

  • 0

#4
SMDSkata
Posted 30 December 2007 - 11:43 AM

SMDSkata

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I was just attacked again last night... Around 5am every Sunday morning is when the computer seems to be attacked... I woke up when it first happened a week ago.

Just ran a hijack this...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:15 PM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU .exe
C:\Program Files\Saitek\SD6\Software\SaiMfd .exe
C:\Program Files\NaturalPoint\TrackIR4\TrackIR .exe
C:\Program Files\PeerGuardian2\pg2 .exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Jake\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arrowsimpro.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F3 - REG:win.ini: load=C:\WINDOWS\system32\mllmj.exe
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1320 PCL 6" -n 1 -l 1033 -sl 120000
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NaturalPoint] C:\Program Files\NaturalPoint\TrackIR4\TrackIR .exe
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [QdrModule11] "C:\Program Files\QdrModule\QdrModule11.exe"
O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe"
O4 - HKUS\S-1-5-18\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DefaultP17] P17Def.Exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal Coach.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim .exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://download2.cit...rent/wficat.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1134698387093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134698381546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10172 bytes

I'm getting rid of the older versions of java and the host added to the host list as I post...Should I run another combofix and post the log?
  • 0

#5
racenutalways
Posted 03 January 2008 - 04:32 PM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
You been hit with a new Vundo variant, it's a bad one, it affects your programs, luckily for us SuBs has brilliantly come up with a great application that will repair that for us without having to re-install the programs that have been affected. We will have to fix this first then continue on to get the rest.

  • Download RenV.exe by sUBs to your desktop
  • Double click on it to run it
  • It will search your system drive looking for any modified .exe file and will produce a log for you.
  • Please attach this report to your reply (Do not copy and paste)

  • 0

#6
SMDSkata
Posted 07 January 2008 - 06:52 AM

SMDSkata

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Sorry for the wait.... Here it is.

One other problem, I did a system repair where you run your XP Boot Disk and act like your going to put a fresh install of windows on but it gives you the option to hit R to try to repair the windows installation. I believe the keystrokes to get to it are "Enter, F8, R." Since i've done this, I am unable to use the system updater which is making me very vulnerable since the repair leaves you with stock windows and gets rid of updates. I've tried at several attempts to get the latest windows installer. I tried the auto-update and downloading the file from Windows directly...Both attempts unsuccessful. I did try to repair once again thinking it might of been a bad repair, but didn't make a diffrence. I did try this help tutorial with no success. http://www.archivum....4/msg01208.html

Attached Files

  • Attached File  Log.txt   2.07KB   129 downloads

  • 0

#7
racenutalways
Posted 07 January 2008 - 10:17 AM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
Double click Attached File  Log.txt   1.01KB   164 downloads to download then referring to the picture below, drag log.txt into Renv.exe and attach the resulting report to your next reply.

Posted Image
  • 0

#8
SMDSkata
Posted 07 January 2008 - 10:46 AM

SMDSkata

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Well when it was running, it was showing a lot of files not being found....

Attached Files

  • Attached File  Log.txt   2.07KB   126 downloads

  • 0

#9
racenutalways
Posted 11 January 2008 - 11:04 AM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
Posted Image


Refering to the picture above, drag Log.txt into RenV.exe and attach the resulting report to your reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP