I had to register under another ID here in geekstogo because my computer wouldn't allow me to post under my old ID of Selinay. I'm posting everything I can think of here. Let me know if you need anything else.
Thank you in advance for any help you can give me.
Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:16 AM, on 7/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: {269a5c6a-ed76-842a-aae4-14e4f7d09d6c} - {c6d90d7f-4e41-4eaa-a248-67dea6c5a962} - C:\WINDOWS\system32\xnwfxj.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.char...in/ssctlsma.dll
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://aolsvc.aol.co...eb.1.0.0.13.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/...rs.1.0.0.39.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/...O1.cab53984.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn...gr.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/...tg.1.0.0.37.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/...ersion=1,0,0,10
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinn.../familyfeud.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...inematycoon.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.shockwave...sh.1.0.0.47.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/...ia.1.0.0.46.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 13258 bytes
mbam-log:
Malwarebytes' Anti-Malware 1.19
Database version: 913
Windows 5.1.2600 Service Pack 2
6:06:29 AM 7/2/2008
mbam-log-7-2-2008 (06-06-29).txt
Scan type: Quick Scan
Objects scanned: 54090
Time elapsed: 7 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 17
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 2
Files Infected: 25
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\dinfnids.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\geBrqomn.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73fb9f95-b886-4a6c-9642-402433e2e315} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{73fb9f95-b886-4a6c-9642-402433e2e315} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0d2727d9-e6d1-4549-be55-5d38e678c1bd} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{20159057-f0d9-4520-8d0e-b117b49fb5d9} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{45a31505-d656-46c8-9719-ea5a4ff3c5f7} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7d203125 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM7e1302b9 (Trojan.Agent) -> Delete on reboot.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebrqomn -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebrqomn -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\DeskAlerts (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\geBrqomn.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nmoqrBeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmoqrBeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dinfnids.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sdinfnid.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\basis.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\cancel_button.gif (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\deskbar.crc (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\deskbar.inf (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\history.html (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\hs_delete.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\hs_search.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\icons.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\mbclose.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\mblogo.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\newversion.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\notify.wav (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\options.html (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\save_button.gif (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\title_back.gif (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\version.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\DeskAlerts\Cache\e832b941f059b5e8b09f048e1f35996c.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ejrmrlrr.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.
VBG log:
[07/02/2008, 5:45:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Owner\Desktop\VirtumundoBeGone.exe" )
[07/02/2008, 5:45:18] - Detected System Information:
[07/02/2008, 5:45:18] - Windows Version: 5.1.2600, Service Pack 2
[07/02/2008, 5:45:18] - Current Username: Compaq_Owner (Admin)
[07/02/2008, 5:45:18] - Windows is in NORMAL mode.
[07/02/2008, 5:45:18] - Searching for Browser Helper Objects:
[07/02/2008, 5:45:18] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[07/02/2008, 5:45:18] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/02/2008, 5:45:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 5:45:18] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/02/2008, 5:45:18] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/02/2008, 5:45:18] - BHO 3: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[07/02/2008, 5:45:18] - BHO 4: {68950839-2675-49E2-B6A5-442E0B0D1BA4} ()
[07/02/2008, 5:45:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 5:45:18] - Checking for HKLM\...\Winlogon\Notify\mlJCVNgg
[07/02/2008, 5:45:18] - Found: HKLM\...\Winlogon\Notify\mlJCVNgg - This is probably Virtumundo.
[07/02/2008, 5:45:18] - Assigning {68950839-2675-49E2-B6A5-442E0B0D1BA4} MSEvents Object
[07/02/2008, 5:45:18] - BHO list has been changed! Starting over...
[07/02/2008, 5:45:18] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[07/02/2008, 5:45:18] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/02/2008, 5:45:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 5:45:18] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/02/2008, 5:45:18] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/02/2008, 5:45:18] - BHO 3: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[07/02/2008, 5:45:18] - BHO 4: {68950839-2675-49E2-B6A5-442E0B0D1BA4} (MSEvents Object)
[07/02/2008, 5:45:18] - ALERT: Found MSEvents Object!
[07/02/2008, 5:45:18] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/02/2008, 5:45:18] - BHO 6: {99D82E72-A0E5-47E1-B167-4439AED37885} ()
[07/02/2008, 5:45:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 5:45:18] - Checking for HKLM\...\Winlogon\Notify\geBrqomn
[07/02/2008, 5:45:19] - Key not found: HKLM\...\Winlogon\Notify\geBrqomn, continuing.
[07/02/2008, 5:45:19] - BHO 7: {A7327C09-B521-4EDB-8509-7D2660C9EC98} (Viewpoint Toolbar BHO)
[07/02/2008, 5:45:19] - BHO 8: {c6d90d7f-4e41-4eaa-a248-67dea6c5a962} ()
[07/02/2008, 5:45:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 5:45:19] - Checking for HKLM\...\Winlogon\Notify\xnwfxj
[07/02/2008, 5:45:19] - Key not found: HKLM\...\Winlogon\Notify\xnwfxj, continuing.
[07/02/2008, 5:45:19] - Finished Searching Browser Helper Objects
[07/02/2008, 5:45:19] - *** Detected MSEvents Object
[07/02/2008, 5:45:19] - Trying to remove MSEvents Object...
[07/02/2008, 5:45:20] - Terminating Process: IEXPLORE.EXE
[07/02/2008, 5:45:20] - Terminating Process: RUNDLL32.EXE
[07/02/2008, 5:45:21] - Disabling Automatic Shell Restart
[07/02/2008, 5:45:21] - Terminating Process: EXPLORER.EXE
[07/02/2008, 5:45:23] - Suspending the NT Session Manager System Service
[07/02/2008, 5:45:24] - Terminating Windows NT Logon/Logoff Manager
[07/02/2008, 5:45:24] - Re-enabling Automatic Shell Restart
[07/02/2008, 5:45:25] - File to disable: C:\WINDOWS\system32\mlJCVNgg.dll
[07/02/2008, 5:45:26] - Removing HKLM\...\Browser Helper Objects\{68950839-2675-49E2-B6A5-442E0B0D1BA4}
[07/02/2008, 5:45:27] - Removing HKCR\CLSID\{68950839-2675-49E2-B6A5-442E0B0D1BA4}
[07/02/2008, 5:45:28] - Adding Kill Bit for ActiveX for GUID: {68950839-2675-49E2-B6A5-442E0B0D1BA4}
[07/02/2008, 5:45:29] - Deleting ATLEvents/MSEvents Registry entries
[07/02/2008, 5:45:29] - Removing HKLM\...\Winlogon\Notify\mlJCVNgg
[07/02/2008, 5:45:29] - Searching for Browser Helper Objects:
[07/02/2008, 5:45:29] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[07/02/2008, 5:45:29] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/02/2008, 5:45:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 5:45:29] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/02/2008, 5:45:29] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/02/2008, 5:45:29] - BHO 3: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[07/02/2008, 5:45:29] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/02/2008, 5:45:29] - BHO 5: {99D82E72-A0E5-47E1-B167-4439AED37885} ()
[07/02/2008, 5:45:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 5:45:29] - Checking for HKLM\...\Winlogon\Notify\geBrqomn
[07/02/2008, 5:45:29] - Key not found: HKLM\...\Winlogon\Notify\geBrqomn, continuing.
[07/02/2008, 5:45:29] - BHO 6: {A7327C09-B521-4EDB-8509-7D2660C9EC98} (Viewpoint Toolbar BHO)
[07/02/2008, 5:45:29] - BHO 7: {c6d90d7f-4e41-4eaa-a248-67dea6c5a962} ()
[07/02/2008, 5:45:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/02/2008, 5:45:29] - Checking for HKLM\...\Winlogon\Notify\xnwfxj
[07/02/2008, 5:45:29] - Key not found: HKLM\...\Winlogon\Notify\xnwfxj, continuing.
[07/02/2008, 5:45:29] - Finished Searching Browser Helper Objects
[07/02/2008, 5:45:29] - Finishing up...
[07/02/2008, 5:45:29] - A restart is needed.
[07/02/2008, 5:45:39] - Attempting to Restart via STOP error (Blue Screen!)
SUPER AntiSpywar scan log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/01/2008 at 10:06 PM
Application Version : 4.15.1000
Core Rules Database Version : 3495
Trace Rules Database Version: 1486
Scan type : Complete Scan
Total Scan Time : 02:15:26
Memory items scanned : 468
Memory threats detected : 2
Registry items scanned : 6322
Registry threats detected : 8
File items scanned : 226522
File threats detected : 46
Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\GEBRQOMN.DLL
C:\WINDOWS\SYSTEM32\GEBRQOMN.DLL
Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\XNWFXJ.DLL
C:\WINDOWS\SYSTEM32\XNWFXJ.DLL
Trojan.Vundo-Variant/Small-GEN
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6091F32F-CCEE-4A01-B7B8-7CE45847739A}
HKCR\CLSID\{6091F32F-CCEE-4A01-B7B8-7CE45847739A}
HKCR\CLSID\{6091F32F-CCEE-4A01-B7B8-7CE45847739A}\InprocServer32
HKCR\CLSID\{6091F32F-CCEE-4A01-B7B8-7CE45847739A}\InprocServer32#ThreadingModel
Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statcounter[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@insightexpressai[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cgi-bin[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@serving-sys[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@gadget[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@trafficmp[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@239548[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@apmebf[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adinterax[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@software-traffic[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@revsci[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bluestreak[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@realmedia[4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@partner2profit[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@azjmp[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@zedo[4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@doubleclick[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediaplex[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@advertising[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-1878722106-523578485-4215618433-1009\Software\Microsoft\rdfa