Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo / Automatic updates not working [CLOSED]

Started by semorley , Aug 12 2008 12:16 PM

  • This topic is locked This topic is locked

#1
semorley
Posted 12 August 2008 - 12:16 PM

semorley

    New Member

  • Member
  • Pip
  • 3 posts
I have a Windows xp laptop sp3 now. It has mcafee reporting vundo. Can't do windows updates. Ran hijackthis and Deckard's System Scan Here's the log:

Deckard's System Scanner v20071014.68
Run by Sueyi on 2008-08-11 15:07:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Sueyi.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:13 PM, on 8/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Sueyi\Desktop\dss.exe
C:\DOCUME~1\Sueyi\Desktop\Sueyi.exe

O2 - BHO: (no name) - {1D516835-8901-4638-ACDC-3C5A636E57CE} - (no file)
O2 - BHO: (no name) - {23BA6636-FEBF-440A-BFFE-80C6D26796DB} - (no file)
O2 - BHO: (no name) - {42BFABD3-B070-4053-9485-30D7E000D3D3} - (no file)
O2 - BHO: (no name) - {52666C46-6BBD-489D-A806-4E4FA6805DF3} - (no file)
O2 - BHO: (no name) - {53386468-306C-41AA-AB6B-CE9E16438A2D} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5549872C-A5DD-4A69-ABDF-50231455F55A} - (no file)
O2 - BHO: (no name) - {5DF5AC7A-4FD3-4817-BB8B-0DF7E175DCE5} - (no file)
O2 - BHO: (no name) - {69F952E1-D637-4036-8770-4F0076D0BB6E} - (no file)
O2 - BHO: (no name) - {6BF5ECAF-E63A-413F-9134-BB3586B6BC0A} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {8b302584-d64b-4eb5-94f9-47fe32ae03ce} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BD377534-0092-4E8F-9D0E-77B26985F7E6} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DAC6DFAF-9714-4C53-9A32-1ACF2E3F4B46} - C:\WINDOWS\System32\wvUmnKda.dll
O2 - BHO: (no name) - {E1061506-A1AB-4960-9AAD-0EA11E2A395D} - (no file)
O2 - BHO: (no name) - {E1B86587-19D0-4B24-93A1-482C8A4A2310} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [00dc68fe] rundll32.exe "C:\WINDOWS\System32\tjvdcyvr.dll",b
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\System32\drivers\svchost.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7739] command /c del "C:\WINDOWS\system32\mjgewevh.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3772] cmd /c del "C:\WINDOWS\system32\mjgewevh.dll_old"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/229?5485ab0a590942d99e60b5a223d7f5f4
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/230?5485ab0a590942d99e60b5a223d7f5f4
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q304&bd=presario&pf=laptop
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.liv...es/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09C97E3A-5358-4DE0-83D0-F43B2B416CE3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{1741FA1F-0F0F-4084-A424-25E4BCBB5DE0}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{931AF47F-DC6F-4BD6-AE77-F9375DE7198D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{94B8DFEB-2F51-47C6-A04D-F630E4374912}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{990D6DC6-2438-4945-8332-B899908A0A0A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EE85F13-33E6-4B84-A1A0-32DC8F636400}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{09C97E3A-5358-4DE0-83D0-F43B2B416CE3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{09C97E3A-5358-4DE0-83D0-F43B2B416CE3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

--
End of file - 9981 bytes

-- Files created between 2008-07-11 and 2008-08-11 -----------------------------

2008-08-11 13:32:50 0 d-------- C:\WINDOWS\Prefetch
2008-08-11 13:17:28 0 d-------- C:\WINDOWS\system32\scripting
2008-08-11 13:17:20 0 d-------- C:\WINDOWS\l2schemas
2008-08-11 13:17:18 0 d-------- C:\WINDOWS\system32\en
2008-08-11 12:52:21 0 d-------- C:\WINDOWS\network diagnostic
2008-08-11 12:30:34 0 d-------- C:\VundoFix Backups
2008-08-11 12:07:07 107008 --a------ C:\WINDOWS\system32\nacldm.dll
2008-08-11 12:07:06 107008 --a------ C:\WINDOWS\system32\bmkodweg.dll
2008-08-11 12:04:18 82432 --a------ C:\WINDOWS\system32\lprumrat.dll
2008-08-11 12:04:06 89088 --a------ C:\WINDOWS\system32\qrurdtrk.dll
2008-08-11 09:06:27 82432 --a------ C:\WINDOWS\system32\fuvvyfre.dll
2008-08-11 09:04:00 107008 --a------ C:\WINDOWS\system32\sdfcvw.dll
2008-08-11 09:03:57 107008 --a------ C:\WINDOWS\system32\nyfwtjed.dll
2008-08-11 09:03:50 89088 --a------ C:\WINDOWS\system32\rpshovjw.dll
2008-08-10 15:06:34 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-08-10 14:35:03 0 d-------- C:\Program Files\messenger
2008-08-10 14:34:37 0 d-------- C:\WINDOWS\peernet
2008-08-10 14:34:36 0 d-------- C:\WINDOWS\provisioning
2008-08-10 14:30:38 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-10 14:20:26 0 d-------- C:\WINDOWS\EHome
2008-08-10 13:13:34 0 d-------- C:\Documents and Settings\medit\Application Data\Identities
2008-08-10 13:13:04 0 d--h----- C:\Documents and Settings\medit\Templates
2008-08-10 13:13:04 0 dr------- C:\Documents and Settings\medit\Start Menu
2008-08-10 13:13:04 0 dr-h----- C:\Documents and Settings\medit\SendTo
2008-08-10 13:13:04 0 dr-h----- C:\Documents and Settings\medit\Recent
2008-08-10 13:13:04 0 d--h----- C:\Documents and Settings\medit\PrintHood
2008-08-10 13:13:04 524288 --ah----- C:\Documents and Settings\medit\NTUSER.DAT
2008-08-10 13:13:04 0 d--h----- C:\Documents and Settings\medit\NetHood
2008-08-10 13:13:04 0 dr------- C:\Documents and Settings\medit\My Documents
2008-08-10 13:13:04 0 d--h----- C:\Documents and Settings\medit\Local Settings
2008-08-10 13:13:04 0 dr------- C:\Documents and Settings\medit\Favorites
2008-08-10 13:13:04 0 d-------- C:\Documents and Settings\medit\Desktop
2008-08-10 13:13:04 0 d---s---- C:\Documents and Settings\medit\Cookies
2008-08-10 13:13:04 0 dr-h----- C:\Documents and Settings\medit\Application Data
2008-08-10 13:13:04 0 d---s---- C:\Documents and Settings\medit\Application Data\Microsoft
2008-08-10 13:09:09 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-08-10 13:09:09 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-08-10 13:09:09 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-08-10 13:09:09 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-08-10 13:09:09 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-08-10 13:09:09 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-08-10 13:09:09 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-08-10 13:09:09 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-08-10 13:09:09 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-08-10 13:09:09 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-08-10 13:09:09 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-08-10 13:09:09 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-08-10 13:09:09 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-10 13:09:08 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-08-10 12:37:58 82432 --a------ C:\WINDOWS\system32\xwskgvkp.dll
2008-08-10 12:34:58 107008 --a------ C:\WINDOWS\system32\aosctq.dll
2008-08-10 12:34:57 107008 --a------ C:\WINDOWS\system32\vrdnfery.dll
2008-08-10 12:31:58 89088 --a------ C:\WINDOWS\system32\revupyxf.dll
2008-08-08 00:24:45 107008 --a------ C:\WINDOWS\system32\ahsqua.dll
2008-08-08 00:24:42 107008 --a------ C:\WINDOWS\system32\hjlhhwre.dll
2008-08-05 00:29:49 105472 --a------ C:\WINDOWS\system32\japtoq.dll
2008-08-05 00:29:47 105472 --a------ C:\WINDOWS\system32\rcttjcbn.dll
2008-08-05 00:19:19 91648 --a------ C:\WINDOWS\system32\mnrhwbjv.dll
2008-08-03 15:13:23 105472 --a------ C:\WINDOWS\system32\mopatp.dll
2008-08-03 15:13:21 105472 --a------ C:\WINDOWS\system32\aknxqilf.dll
2008-07-31 15:18:30 83456 --a------ C:\WINDOWS\system32\xesmxfvh.dll
2008-07-31 15:15:11 114176 --a------ C:\WINDOWS\system32\fyoiij.dll
2008-07-31 15:15:09 114176 --a------ C:\WINDOWS\system32\bmtvunhr.dll
2008-07-30 11:52:25 105472 --a------ C:\WINDOWS\system32\ehswga.dll
2008-07-30 11:52:22 105472 --a------ C:\WINDOWS\system32\qwyxhgtf.dll
2008-07-30 11:46:22 91648 --a------ C:\WINDOWS\system32\pqgsqqvu.dll
2008-07-29 16:35:40 0 d-------- C:\Quarantine
2008-07-29 12:56:24 3802827 --a------ C:\McAfeeSecurity.exe <Not Verified; McAfee, Inc.; McAfee Common Framework>
2008-07-29 11:52:31 105472 --a------ C:\WINDOWS\system32\kjgsif.dll
2008-07-29 11:52:30 105472 --a------ C:\WINDOWS\system32\pywuqoxe.dll
2008-07-29 11:49:30 83456 --a------ C:\WINDOWS\system32\ichjikom.dll
2008-07-29 09:37:21 0 --a------ C:\WINDOWS\system32\ibxhiohi.dll
2008-07-29 09:12:37 0 d-------- C:\Program Files\Common Files\McAfee
2008-07-29 08:49:46 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-29 08:49:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-29 08:48:15 0 d-------- C:\Program Files\SpywareBlaster
2008-07-29 08:47:26 1495552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll <Not Verified; PGP Corporation; PGPsdk>
2008-07-29 08:47:26 0 d-------- C:\Program Files\Common Files\Cisco Systems
2008-07-29 08:47:25 0 d-------- C:\Program Files\McAfee
2008-07-29 08:47:25 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-28 14:34:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-07-28 11:50:12 105472 --a------ C:\WINDOWS\system32\eisuxj.dll
2008-07-28 11:50:11 105472 --a------ C:\WINDOWS\system32\lcddopky.dll
2008-07-28 11:47:10 83456 --a------ C:\WINDOWS\system32\ctbqnjnj.dll
2008-07-28 11:44:10 876 --ahs---- C:\WINDOWS\system32\adKnmUvw.ini2
2008-07-28 11:44:03 314880 -----n--- C:\WINDOWS\system32\wvUmnKda.dll
2008-07-26 22:43:30 600005 --ahs---- C:\WINDOWS\system32\iSutsBeg.ini2
2008-07-26 22:38:12 0 --a------ C:\WINDOWS\17PHolmes572.exe


-- Find3M Report ---------------------------------------------------------------

2008-08-11 13:17:17 0 d-------- C:\Program Files\Movie Maker
2008-08-11 13:04:32 0 d-------- C:\Program Files\Windows NT
2008-08-10 15:44:43 0 d--h----- C:\Program Files\WindowsUpdate
2008-08-10 08:51:26 0 d-------- C:\Documents and Settings\Sueyi\Application Data\Skype
2008-08-10 00:08:18 0 d-------- C:\Documents and Settings\Sueyi\Application Data\skypePM
2008-07-29 09:12:37 0 d-------- C:\Program Files\Common Files
2008-06-15 14:38:41 1160 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D516835-8901-4638-ACDC-3C5A636E57CE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23BA6636-FEBF-440A-BFFE-80C6D26796DB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42BFABD3-B070-4053-9485-30D7E000D3D3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52666C46-6BBD-489D-A806-4E4FA6805DF3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53386468-306C-41AA-AB6B-CE9E16438A2D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5549872C-A5DD-4A69-ABDF-50231455F55A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DF5AC7A-4FD3-4817-BB8B-0DF7E175DCE5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69F952E1-D637-4036-8770-4F0076D0BB6E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BF5ECAF-E63A-413F-9134-BB3586B6BC0A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8b302584-d64b-4eb5-94f9-47fe32ae03ce}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD377534-0092-4E8F-9D0E-77B26985F7E6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DAC6DFAF-9714-4C53-9A32-1ACF2E3F4B46}]
07/28/2008 11:44 AM 314880 --------- C:\WINDOWS\System32\wvUmnKda.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1061506-A1AB-4960-9AAD-0EA11E2A395D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1B86587-19D0-4B24-93A1-482C8A4A2310}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [05/04/2003 06:16 AM C:\WINDOWS\AGRSMMSG.exe]
"ATIModeChange"="Ati2mdxx.exe" [09/02/2001 10:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe" [01/21/2004 12:10 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07/13/2003 10:09 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/13/2003 10:08 AM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\udaterui.exe" [03/14/2008 04:00 AM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [01/24/2008 08:50 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" []
"00dc68fe"="C:\WINDOWS\System32\tjvdcyvr.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/15/2005 07:44 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM]
"SVCHOST.EXE"="C:\WINDOWS\System32\drivers\svchost.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB7739"=command /c del "C:\WINDOWS\system32\mjgewevh.dll_old"
"SpybotDeletingD3772"=cmd /c del "C:\WINDOWS\system32\mjgewevh.dll_old"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdjjx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\wvUmnKda

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00dc68fe]
rundll32.exe "C:\WINDOWS\System32\tjvdcyvr.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM03ef5b62]
Rundll32.exe "C:\WINDOWS\System32\revupyxf.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-08-11 15:09:02 ------------
  • 0

Advertisements

#2
fenzodahl512
Posted 14 August 2008 - 05:37 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following....


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.



Regards
fenzodahl512
  • 0

#3
fenzodahl512
Posted 18 August 2008 - 12:44 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP