Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

An Absolute Mess [RESOLVED]

Started by grudz4prez , Jun 26 2007 11:36 AM

  • This topic is locked This topic is locked

#16
htv8
Posted 08 July 2007 - 09:50 AM

htv8

    Member

  • Member
  • PipPipPip
  • 110 posts
Hello again, grudz4prez.

[...] Trying to reboot into safe mode, I encountered a, what I've now learned, is a blue screen of death. I kept trying to go into safe mode, and kept crashing. [...]

Hmm. I did not expect that. Does the BSOD give you any specific information? If so, please let me know what the BSOD message states. Anyway, let's try a Safe Mode repair tool to resolve the problem.

[...] I have a feeling that the BSOD is related to Itunes...but I can't tell for sure. [...]

Why do you think the BSOD is related to iTunes?

[...]

Now, I deleted one version of Kazaa, the other wouldn't let me..got a pop error box that said: "Error Loading C:\WINDOWS\System32\cd_clint.dll and that the specified module could not be found"... [...]

Let's try KazaaBegone: A Kazaa uninstaller which scans and removes all elements of all Kazaa versions, as well as all of the bundled software that comes with it.

Did you have any Norton/Symantec products previously installed on your computer?

Please tell me the answer to this question in your next post. :whistling:

Now please continue with the instructions listed below.
________________________________________________________________________________
Please print out or copy this page to Notepad.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If you have any queries about the process or just general questions, ask your question(s) before proceeding with the fixes.

Step #1: Download and run KazaaBegone to remove all elements of Kazaa
Download KazaaBegone to your Desktop.
Download KazaaBegone (kazaabegone.zip)

After download, extract (unzip) kazaabegone.zip to your Desktop.

Now run the Kazaa uninstaller to scan and remove all elements of all Kazaa versions, as well as all of the bundled software that comes with it. To do so:
1. Launch KazaaBegone by double-clicking the extracted KazaaBegone.exe file.
2. Select the radio button labelled "Search & destroy all installed components".
3. Make sure the checkbox labelled "Delete files to Recycle Bin" is now checked.
4. Click the GO button.
WARNING: If you want to keep any files that are left in your Shared Folder, move them to another folder before continuing!
4. Continue with the Kazaa uninstall by clicking Yes as soon as any needed files in your Shared Folder are transfered to a safe location so you can access them later.
5. Click OK when you receive the message stating that the uninstall of Kazaa and all bundled programs has been completed successfully.
6. Close KazaaBegone.

Step #2: Repair Safe Mode registry keys using SafeBootKeyRepair.exe
Please download SafeBootKeyRepair.exe by sUBs to repair Safe Mode.
Download SafeBootKeyRepair.exe.

To run SafeBootKeyRepair.exe:
1. Close all programs/windows so that you have nothing open and are at your Desktop.
2. Double-click the SafeBootKeyRepair.exe file.
When finished, it shall produce a log for you.
3. Post the entire contents of C:\SafeBoot_Repair.txt in your next reply.

Step #3
Now please try completing the instructions mentioned in my previous post (Step #3 t/inc Step #5). In other words: try running SDFix in Safe Mode once again, download and run VundoFix and post a new HijackThis log (if possible now).
NOTE: If it still fails, we will try another approach. Don't worry. :blink:
________________________________________________________________________________
So in your next reply, please post the entire contents of:
- C:\SafeBoot_Repair.txt
- the SDFix report (Report.txt)
- C:\vundofix.txt
- a new HijackThis log
NOTE: Use several posts if necessary to include everything in the logs.
  • 0

Advertisements

#17
grudz4prez
Posted 08 July 2007 - 11:40 AM

grudz4prez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi! Very quickly...I will answer the questions that I can while I am on another PC and will work on others when I return.

I did have an earlier version of Norton...I currently have Panda..which I absolutely hate!!! Also, the BSOD occurred after Itunes went on the computer...i can't update Itunes without getting it either. I will post the exact message later. Gives a series of number/letter combinations.
  • 0

#18
grudz4prez
Posted 08 July 2007 - 06:45 PM

grudz4prez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Safeboot repai:

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nm]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nm.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sharedaccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\UploadMgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================
  • 0

#19
grudz4prez
Posted 08 July 2007 - 09:15 PM

grudz4prez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
That program didn't help...went to reboot and restart in safe mode...shut down and as restarting in safe mode (I can select the option of safe mode) when the drivers list is loading...off it goes.

I get a message that reads Stop: 0x0000007e (0xC0000005E, 0x805c607B, oxF9D891E8, 0xF9D88EE4). Says something about adequet disk space and to disable driver or driver update or to change video adapter.

Ironically enough. I have given serious though to formatting and then installing from scratch except the disk that came with the pc was taken by a friend accidentally and then lost.

Any ideas?
  • 0

#20
htv8
Posted 09 July 2007 - 05:26 PM

htv8

    Member

  • Member
  • PipPipPip
  • 110 posts
Hello again.

[...]

Ironically enough. I have given serious though to formatting and then installing from scratch except the disk that came with the pc was taken by a friend accidentally and then lost.

Any ideas?

A thorough reformat and clean reinstall of the Operating System would be considerable, but it's not really necessary as the infections aren't that bad by nature. As you have quite a heavily infected computer, though, please bear with me if you want your computer to be completely clean from malware.

Let's skip the SDFix instructions for now. We can try using it later again or deal with the baddie(s) SDFix targets manually.
________________________________________________________________________________
Please print out or copy this page to Notepad.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If you have any queries about the process or just general questions, ask your question(s) before proceeding with the fixes.

I did have an earlier version of Norton... [...]

Your uninstall list shows that not all Norton products are completely removed from your computer. Therefore, please follow these steps in order to completely get rid of Norton/Symantec:
1. Go to Start > Control Panel > Add/Remove Programs and uninstall LiveUpdate 2.6 (Symantec Corporation).
2. Download and run the Norton Removal Tool after uninstallation in order to completely remove all Norton products from your computer. Download Norton Removal Tool

Step #1: Download and run VundoFix to get rid of Vundo
You have a Vundo infection. Download the most recent version of VundoFix to your Desktop to get rid of it. It is important to have the most recent version as VundoFix is updated almost daily.
Download VundoFix.exe

Once downloaded, follow these steps to run VundoFix:
1. Double-click VundoFix.exe to run it.
2. Click the Scan for Vundo button.
3. Once it is done scanning, click the Remove Vundo button.
4. Click the Yes button at the prompt asking you if you want to remove the files.
NOTE: Once you click Yes, your Desktop will go blank as it starts removing Vundo.
5. When completed, it will prompt that it will reboot your computer. Click OK.
6. Post the entire contents of C:\vundofix.txt in your next reply.

NOTE: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from the second step - "2. Click the Scan for Vundo button." - when VundoFix appears upon rebooting.

Step #2: Download and run ComboFix
Please download ComboFix and save it to your Desktop.
Download ComboFix (ComboFix.exe)

When the file has finished downloading double-click ComboFix.exe to launch the application and follow the on-screen prompts.
When finished, it shall produce a log for you: ComboFix.txt. Post that log in your next reply.

NOTE: Do not mouseclick ComboFix's window whilst it's running. That may cause your system to hang!

Step #3: Re-scan with HijackThis
Scan with HijackThis again and post a new HijackThis log.
________________________________________________________________________________
So in your next reply, please post the entire contents of:
- C:\vundofix.txt
- ComboFix.txt
- a new HijackThis log
NOTE: Use several posts if necessary to include everything in the requested logs.
  • 0

#21
grudz4prez
Posted 10 July 2007 - 07:12 AM

grudz4prez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Morning,

I couldn't do a whole system restore even if I wanted to. BTW, any ideas on the BSOD?? Here's the Vundo text:

VundoFix V6.5.4

Checking Java version...

Scan started at 12:13:40 AM 7/10/2007

Listing files found while scanning....

C:\windows\system32\ajpkorpe.dll
C:\windows\system32\akmnanga.exe
C:\windows\system32\bcaohjbu.dll
C:\windows\system32\bflnogjy.dll
C:\windows\system32\caritscm.ini
C:\windows\system32\cgwfdldh.ini
C:\windows\system32\ddcccyx.dll
C:\windows\system32\ddcyxur.dll
C:\windows\system32\eprokpja.ini
C:\windows\system32\fcccdbc.dll
C:\windows\system32\fyfkcppq.ini
C:\windows\system32\hdldfwgc.dll
C:\WINDOWS\system32\hufddcom.dll
C:\windows\system32\husqwrlt.dll
C:\windows\system32\iwnidjhg.exe
C:\windows\system32\jjjlm.bak1
C:\windows\system32\jjjlm.bak2
C:\windows\system32\jjjlm.ini
C:\windows\system32\jjjlm.tmp
C:\windows\system32\jnjsswpm.dll
C:\windows\system32\jvcvnciu.dll
C:\windows\system32\khsqycvl.dll
C:\windows\system32\kmwybtkl.ini
C:\windows\system32\lfdsogxy.exe
C:\windows\system32\lktbywmk.dll
C:\windows\system32\lqgybmmr.exe
C:\windows\system32\lrimwftq.ini
C:\windows\system32\lshvntwf.exe
C:\windows\system32\ltjeyovu.dll
C:\windows\system32\lvcyqshk.ini
C:\WINDOWS\system32\mcstirac.dll
C:\windows\system32\mjwutuss.exe
C:\WINDOWS\system32\mljjj.dll
C:\windows\system32\mpwssjnj.ini
C:\windows\system32\nnnooml.dll
C:\WINDOWS\system32\pqdnlsvm.dll
C:\windows\system32\qafbfdeu.exe
C:\WINDOWS\system32\qomklki.dll
C:\windows\system32\qppckfyf.dll
C:\windows\system32\qtfwmirl.dll
C:\windows\system32\qttwfcxh.exe
C:\windows\system32\rhnkcckx.ini
C:\windows\system32\riouevuy.dll
C:\windows\system32\sdukbxgp.exe
C:\windows\system32\sgglisqw.ini
C:\windows\system32\sifgudrm.exe
C:\windows\system32\slbqhins.dll
C:\windows\system32\snihqbls.ini
C:\windows\system32\tlrwqsuh.ini
C:\windows\system32\ubjhoacb.ini
C:\windows\system32\uicnvcvj.ini
C:\windows\system32\uvoyejtl.ini
C:\windows\system32\winkejsy.exe
C:\windows\system32\wlxsphmh.exe
C:\windows\system32\wqsilggs.dll
C:\windows\system32\wvuvtqr.dll
C:\windows\system32\xkccknhr.dll
C:\windows\system32\xvsnfokk.exe
C:\windows\system32\yjgonlfb.ini
C:\windows\system32\yuveuoir.ini

Beginning removal...

Attempting to delete C:\windows\system32\ajpkorpe.dll
C:\windows\system32\ajpkorpe.dll Has been deleted!

Attempting to delete C:\windows\system32\akmnanga.exe
C:\windows\system32\akmnanga.exe Has been deleted!

Attempting to delete C:\windows\system32\bcaohjbu.dll
C:\windows\system32\bcaohjbu.dll Has been deleted!

Attempting to delete C:\windows\system32\bflnogjy.dll
C:\windows\system32\bflnogjy.dll Has been deleted!

Attempting to delete C:\windows\system32\caritscm.ini
C:\windows\system32\caritscm.ini Has been deleted!

Attempting to delete C:\windows\system32\cgwfdldh.ini
C:\windows\system32\cgwfdldh.ini Has been deleted!

Attempting to delete C:\windows\system32\ddcccyx.dll
C:\windows\system32\ddcccyx.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcyxur.dll
C:\windows\system32\ddcyxur.dll Has been deleted!

Attempting to delete C:\windows\system32\eprokpja.ini
C:\windows\system32\eprokpja.ini Has been deleted!

Attempting to delete C:\windows\system32\fcccdbc.dll
C:\windows\system32\fcccdbc.dll Has been deleted!

Attempting to delete C:\windows\system32\fyfkcppq.ini
C:\windows\system32\fyfkcppq.ini Has been deleted!

Attempting to delete C:\windows\system32\hdldfwgc.dll
C:\windows\system32\hdldfwgc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hufddcom.dll
C:\WINDOWS\system32\hufddcom.dll Has been deleted!

Attempting to delete C:\windows\system32\husqwrlt.dll
C:\windows\system32\husqwrlt.dll Has been deleted!

Attempting to delete C:\windows\system32\iwnidjhg.exe
C:\windows\system32\iwnidjhg.exe Has been deleted!

Attempting to delete C:\windows\system32\jjjlm.bak1
C:\windows\system32\jjjlm.bak1 Has been deleted!

Attempting to delete C:\windows\system32\jjjlm.bak2
C:\windows\system32\jjjlm.bak2 Has been deleted!

Attempting to delete C:\windows\system32\jjjlm.ini
C:\windows\system32\jjjlm.ini Has been deleted!

Attempting to delete C:\windows\system32\jnjsswpm.dll
C:\windows\system32\jnjsswpm.dll Has been deleted!

Attempting to delete C:\windows\system32\jvcvnciu.dll
C:\windows\system32\jvcvnciu.dll Has been deleted!

Attempting to delete C:\windows\system32\khsqycvl.dll
C:\windows\system32\khsqycvl.dll Has been deleted!

Attempting to delete C:\windows\system32\kmwybtkl.ini
C:\windows\system32\kmwybtkl.ini Has been deleted!

Attempting to delete C:\windows\system32\lfdsogxy.exe
C:\windows\system32\lfdsogxy.exe Has been deleted!

Attempting to delete C:\windows\system32\lktbywmk.dll
C:\windows\system32\lktbywmk.dll Has been deleted!

Attempting to delete C:\windows\system32\lqgybmmr.exe
C:\windows\system32\lqgybmmr.exe Has been deleted!

Attempting to delete C:\windows\system32\lrimwftq.ini
C:\windows\system32\lrimwftq.ini Has been deleted!

Attempting to delete C:\windows\system32\lshvntwf.exe
C:\windows\system32\lshvntwf.exe Has been deleted!

Attempting to delete C:\windows\system32\ltjeyovu.dll
C:\windows\system32\ltjeyovu.dll Has been deleted!

Attempting to delete C:\windows\system32\lvcyqshk.ini
C:\windows\system32\lvcyqshk.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mcstirac.dll
C:\WINDOWS\system32\mcstirac.dll Has been deleted!

Attempting to delete C:\windows\system32\mjwutuss.exe
C:\windows\system32\mjwutuss.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mljjj.dll Has been deleted!

Attempting to delete C:\windows\system32\mpwssjnj.ini
C:\windows\system32\mpwssjnj.ini Has been deleted!

Attempting to delete C:\windows\system32\nnnooml.dll
C:\windows\system32\nnnooml.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqdnlsvm.dll
C:\WINDOWS\system32\pqdnlsvm.dll Has been deleted!

Attempting to delete C:\windows\system32\qafbfdeu.exe
C:\windows\system32\qafbfdeu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomklki.dll
C:\WINDOWS\system32\qomklki.dll Has been deleted!

Attempting to delete C:\windows\system32\qppckfyf.dll
C:\windows\system32\qppckfyf.dll Has been deleted!

Attempting to delete C:\windows\system32\qtfwmirl.dll
C:\windows\system32\qtfwmirl.dll Has been deleted!

Attempting to delete C:\windows\system32\qttwfcxh.exe
C:\windows\system32\qttwfcxh.exe Has been deleted!

Attempting to delete C:\windows\system32\rhnkcckx.ini
C:\windows\system32\rhnkcckx.ini Has been deleted!

Attempting to delete C:\windows\system32\riouevuy.dll
C:\windows\system32\riouevuy.dll Has been deleted!

Attempting to delete C:\windows\system32\sdukbxgp.exe
C:\windows\system32\sdukbxgp.exe Has been deleted!

Attempting to delete C:\windows\system32\sgglisqw.ini
C:\windows\system32\sgglisqw.ini Has been deleted!

Attempting to delete C:\windows\system32\sifgudrm.exe
C:\windows\system32\sifgudrm.exe Has been deleted!

Attempting to delete C:\windows\system32\slbqhins.dll
C:\windows\system32\slbqhins.dll Has been deleted!

Attempting to delete C:\windows\system32\snihqbls.ini
C:\windows\system32\snihqbls.ini Has been deleted!

Attempting to delete C:\windows\system32\tlrwqsuh.ini
C:\windows\system32\tlrwqsuh.ini Has been deleted!

Attempting to delete C:\windows\system32\ubjhoacb.ini
C:\windows\system32\ubjhoacb.ini Has been deleted!

Attempting to delete C:\windows\system32\uicnvcvj.ini
C:\windows\system32\uicnvcvj.ini Has been deleted!

Attempting to delete C:\windows\system32\uvoyejtl.ini
C:\windows\system32\uvoyejtl.ini Has been deleted!

Attempting to delete C:\windows\system32\winkejsy.exe
C:\windows\system32\winkejsy.exe Has been deleted!

Attempting to delete C:\windows\system32\wlxsphmh.exe
C:\windows\system32\wlxsphmh.exe Has been deleted!

Attempting to delete C:\windows\system32\wqsilggs.dll
C:\windows\system32\wqsilggs.dll Has been deleted!

Attempting to delete C:\windows\system32\wvuvtqr.dll
C:\windows\system32\wvuvtqr.dll Has been deleted!

Attempting to delete C:\windows\system32\xkccknhr.dll
C:\windows\system32\xkccknhr.dll Has been deleted!

Attempting to delete C:\windows\system32\xvsnfokk.exe
C:\windows\system32\xvsnfokk.exe Has been deleted!

Attempting to delete C:\windows\system32\yjgonlfb.ini
C:\windows\system32\yjgonlfb.ini Has been deleted!

Attempting to delete C:\windows\system32\yuveuoir.ini
C:\windows\system32\yuveuoir.ini Has been deleted!

Performing Repairs to the registry.
Done!
  • 0

#22
grudz4prez
Posted 10 July 2007 - 08:02 AM

grudz4prez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Here's the combofix report. I don't know how successful this was. After the reboot...Panda kept blocking the regedit. So I am not sure everything was taken care of...here's the report. How can I turn Panda off so that it doesn't run automatically when the machine is turned on?

"Charles" - 2007-07-10 9:17:27 - ComboFix 07-07-10.1 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\tnatnywa.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Charles\APPLIC~1.\macromedia\Flash Player\#SharedObjects\5HQ5UNCL\www.broadcaster.com
C:\DOCUME~1\Charles\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Charles\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\domains.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\log.txt
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\ComPlus Applications\savefohut83122.dll
C:\Program Files\inetget2
C:\Program Files\inetget2\install.exe
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\Outerinfo.dll
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\Program Files\winpop\winpop.exe
C:\setup.exe
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\b122.exe
C:\WINDOWS\b136.exe
C:\WINDOWS\retadpu2000219.exe
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\icroso~1.net
C:\WINDOWS\system32\icroso~1.net\wuauboot.exe
C:\WINDOWS\system32\mantec~1
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe
C:\WINDOWS\system32\version69ie7fix.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wnsintsv.exe
C:\WINDOWS\system32\yvg.dll
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 )))))))))))))))))))))))))))))))


2007-07-10 09:16 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-10 00:20 24,576 --a------ C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
2007-07-09 21:37 <DIR> d--hs---- C:\WINDOWS\Q2hhcmxlcw
2007-07-08 00:07 <DIR> d-------- C:\VundoFix Backups
2007-07-04 22:38 <DIR> d-------- C:\DOCUME~1\Charles\APPLIC~1\ListInstalls
2007-07-03 14:13 <DIR> d-------- C:\Deckard
2007-07-02 09:54 <DIR> d-------- C:\Program Files\Dynamic Toolbar
2007-06-30 11:07 3,482 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-06-26 11:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-06-23 20:13 <DIR> d-------- C:\DOCUME~1\Charles\APPLIC~1\acccore
2007-06-23 20:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-06-23 20:10 <DIR> d-------- C:\Program Files\AIM6
2007-06-23 18:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\G4
2007-06-23 18:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\G3
2007-06-23 18:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\G2
2007-06-23 18:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\G1
2007-06-23 18:48 <DIR> d-------- C:\Temp
2007-06-21 23:08 <DIR> d-------- C:\Program Files\QuickTime
2007-06-19 16:11 75,544 --a------ C:\WINDOWS\SYSTEM32\cdm.dll
2007-06-19 16:11 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-06-19 16:11 43,352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2007-06-19 16:11 33,624 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-06-19 16:11 173,536 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-06-19 16:11 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-06-19 16:11 124,184 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-06-19 16:11 1,343,768 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-06-15 18:11 <DIR> d-------- C:\1ef70a76a66d3c174fc6e04400c886


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-10 04:08:48 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-08 03:54:54 -------- d-----w C:\Program Files\AIM95
2007-07-08 03:54:20 -------- d-----w C:\DOCUME~1\Charles\APPLIC~1\Aim
2007-07-08 03:52:43 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-08 03:52:43 -------- d-----w C:\Program Files\EACOM
2007-07-08 03:47:39 -------- d-----w C:\Program Files\Viewpoint
2007-07-06 15:17:57 -------- d-----w C:\Program Files\NFSL
2007-07-06 03:16:19 18,144 -c--a-w C:\WINDOWS\mozver.dat
2007-07-04 00:04:02 -------- d-----w C:\Program Files\Ares
2007-06-26 17:03:10 -------- d-----w C:\Program Files\Winamp
2007-06-26 16:56:29 -------- d-----w C:\Program Files\Netropa
2007-06-26 16:52:26 -------- d-----w C:\Program Files\iTunes
2007-06-26 16:50:14 -------- d-----w C:\Program Files\DIGStream
2007-06-24 16:21:47 181,112 -c--a-w C:\DOCUME~1\Charles\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-06-09 15:33:19 -------- d-----w C:\Program Files\Common Files\Scanner
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 21:12:51 -------- d-----w C:\DOCUME~1\Charles\APPLIC~1\Viewpoint
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2005-08-02 20:46:54 187,904 --sha-r C:\WINDOWS\Q2hhcmxlcw\asappsrv.dll
2005-08-02 20:58:38 293,888 --sha-r C:\WINDOWS\Q2hhcmxlcw\command.exe
2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\Q2hhcmxlcw\kZ11wAU5wT.vbs


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}]
2003-12-01 22:56 784384 --a------ C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-06-14 18:32 509592 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2EED4CE-4723-44E7-8778-D6D2077B05BE}]
C:\WINDOWS\lbbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E446CA55-3492-4015-844D-645955F72951}]
C:\WINDOWS\system32\mljjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
2001-07-25 12:00 143420 --a------ C:\Program Files\Microsoft Money\System\mnyviewer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2005-05-18 14:49]
"HostManager"="C:\Program Files\Common Files\AOL\1102131130\ee\AOLSoftware.exe" [2006-09-25 20:52]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-06-05 23:26]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 14:41]
"Registry Toolkit"="C:\Program Files\Registry Toolkit\RegToolkit.exe" []
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-06-03 08:16]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"Qgevq"="C:\WINDOWS\SYSTEM32\?icrosoft.NET\wuauboot.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 11:13 45056 C:\WINDOWS\SYSTEM32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 7.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer 2000.lnk
backup=C:\WINDOWS\pss\Camio Viewer 2000.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TFTP1072]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TFTP1072
backup=C:\WINDOWS\pss\TFTP1072Common Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TFTP3920]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TFTP3920
backup=C:\WINDOWS\pss\TFTP3920Common Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charles^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
path=C:\Documents and Settings\Charles\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe
backup=C:\WINDOWS\pss\PowerReg SchedulerV2.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charles^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\Charles\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM95\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avserve.exe]
C:\WINDOWS\avserve.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]
C:\WINDOWS\MMKeybd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Weather 3]
C:\PROGRA~1\THEWEA~1\The Weather Channel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]
C:\Program Files\DIGStream\digstream.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
"C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
UVPEAMUWIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POINTER]
point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\Winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows auto update]
msblast.exe


Contents of the 'Scheduled Tasks' folder
2007-07-06 02:45:08 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2002-03-13 06:21:20 C:\WINDOWS\tasks\ISP signup reminder 2.job
2002-03-13 06:21:21 C:\WINDOWS\tasks\ISP signup reminder 3.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-10 09:34:23
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-10 9:50:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-10 09:50

--- E O F ---
  • 0

#23
grudz4prez
Posted 10 July 2007 - 08:05 AM

grudz4prez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:03:45 AM, on 7/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\AOL\1102131130\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\program files\common files\aol\1102131130\ee\aolsoftware.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hijackthis\fluffybunny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\euyuxbf0.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {E2EED4CE-4723-44E7-8778-D6D2077B05BE} - C:\WINDOWS\lbbho.dll (file missing)
O2 - BHO: (no name) - {E446CA55-3492-4015-844D-645955F72951} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102131130\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Qgevq] C:\WINDOWS\SYSTEM32\?icrosoft.NET\wuauboot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com...tall/AxCtp2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DED4415-9792-4E32-A720-1B988D69DB7A}: NameServer = 71.250.0.12 68.237.161.12
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#24
htv8
Posted 10 July 2007 - 05:27 PM

htv8

    Member

  • Member
  • PipPipPip
  • 110 posts
OK, thanks for the logs. Now please give me a little time to look over them and I'll post back as soon as possible and answer your questions. :whistling:
  • 0

#25
Kat
Posted 11 July 2007 - 05:29 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Hello, grudz. Sorry to burst into your thread. Htv8 was unexpectedly called out of town for the day, and has just returned. After having very little sleep and a trying day, he is not able to respond to you tonight. He will be looking things over tomorrow, and formulating a reply and/or instructions for you then. We only want the BEST possible help for you, so it's best if he doesn't try to answer you when so exhausted.

Thanks for your understanding and patience. :whistling:
  • 0

Advertisements

#26
htv8
Posted 13 July 2007 - 02:58 AM

htv8

    Member

  • Member
  • PipPipPip
  • 110 posts
Hello again, grudz4prez, and sorry for the unexpected delay.

[...]I couldn't do a whole system restore even if I wanted to. [...]

Please do not use System Restore now as using it can cause your computer to become re-infected! System Restore likely contains infected files that have been backed up by Windows.

[...] BTW, any ideas on the BSOD??

No, not yet. Let's try cleaning this PC from malware first, then we can see what problems still exist after cleanup. Malware can cause BSODs too...

Here's the combofix report. I don't know how successful this was. After the reboot...Panda kept blocking the regedit. So I am not sure everything was taken care of... [...]

Hmm. Isn't there an option to allow regedit? If so, please allow all registry changes/edits.

Question: Did you run Symantec's Norton Removal Tool?
______________________________________________________________________________

IMPORTANT
Due to the status of some of the files you have on your computer, I would counsel you to immediately disconnect this PC from the Internet and from your network if it is on a network. Disconnect the infected computer from the Internet until the computer can be cleaned. Then, access this information from a non-compromised computer to follow the steps needed.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable--for email, banks, eBay, forums, etc. Do not change passwords or do any financial transactions while using the infected computer because the attacker may get the new passwords and transaction information. It would be wise to contact your financial institutions to apprise them of your situation. To protect your information that may have been compromised, I recommend reading this reference: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?.

Please print out or copy this page to Notepad.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If you have any queries about the process or just general questions, ask your question(s) before proceeding with the fixes.

Step #1: Eliminate Sasser using F-Secure's special disinfection tool
You are infected with the Sasser virus. For more information about this thread, see: F-Secure Computer Virus Information Pages: Sasser.
F-Secure has developed a special disinfection tool which can find/remove all known Sasser variants. Download f-sasser.exe to your Desktop by clicking the download link below.
Download f-sasser.exe

To run f-sasser.exe:
1. Log in as Administrator or as a user with local admin rights, otherwise disinfection might not succeed correctly.
2. Close all programs/windows so that you have nothing open and are at the Desktop.
3. Double-click the f-sasser.exe file to eliminate Sasser.

Step #2: Eliminate Lovsan using F-Secure's special disinfection tool
You are infected with the Lovsan network worm. For more information about this thread, see: F-Secure Computer Virus Information Pages: Lovsan.
F-Secure has developed a special disinfection tool which can find/remove all known Lovsan variants. Download f-lovsan.exe to your Desktop by clicking the download link below.
Download f-lovsan.exe

To run f-lovsan.exe:
1. Log in as Administrator or as a user with local admin rights, otherwise disinfection might not succeed correctly.
2. Close all programs/windows so that you have nothing open and are at the Desktop.
3. Double-click the f-lovsan.exe file to eliminate Lovsan.

Step #3: Submit malware to UploadMalware.com for analysis
First enable the viewing of hidden files in Windows XP by following these steps:
1. Close all programs so that you are at your Desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and then click on the menu option labelled "Folder Options".
4. After the new window appears select the View tab.
5. Remove the checkmark from the checkbox labelled "Hide file extensions for known file types".
6. Remove the checkmark from the checkbox labelled "Hide protected operating system files".
7. Select the radio button labelled "Show hidden files and folders".
8. Press the Apply button and then press the OK button and shutdown My Computer.

Your computer is now configured to show all hidden system files and folders.

Now please go to UploadMalware.com and follow these steps to submit malware to UploadMalware.com for analysis:
1. In the Name: field, please enter the display name you use on this forum.
2. In the Link to Your Topic: field, please copy/paste the entire link to this topic.
3. Click the first Browse… button (located next to File(s) To Submit:).
4. Navigate to this file that I want you to submit (if it is present): C:\WINDOWS\lbbho.dll
5. Click the second Browse... button.
6. Navigate to this file that I want you to submit (if it is present): C:\WINDOWS\system32\avldr.dll
7. In the Comments and Further Info: field, please mention that I asked you to upload this file.
8. Click the Send File(s) button to submit the file(s) found.

Step #4: Add more files within VundoFix for removal
Download the most recent version of VundoFix to your Desktop. Remove and old copies of VundoFix you may have saved. It is important to have the most recent version as VundoFix is updated almost daily.
Download VundoFix.exe

Now please follow these steps:
1. Double-click VundoFix.exe to run VundoFix.
2. When VundoFix opens, click the Scan for Vundo button.
3. Once the scan is complete, right-click inside the list box (white box) in the main VundoFix window.
4. Select the option labelled "Add more files?" from the menu that comes up. This will open a new VundoFix window.
5. Copy the entire file path inside the CODE box below and paste it into the first (top) field provided:
C:\WINDOWS\system32\jjjlm.tmp
6. Copy the entire file path inside the CODE box below and paste it into the second field provided:
C:\WINDOWS\lbbho.dll
7. Copy the entire file path inside the CODE box below and paste it into the third field provided:
C:\WINDOWS\system32\avldr.dll
8. Click the Add File(s) button.
9. Click the Close Window button.
10. Click the Remove Vundo button.
11. Click the Yes button at the prompt asking you if you want to remove the files.
NOTE: Once you click Yes, your Desktop will go blank as it starts removing Vundo.
12. When completed, it will prompt that it will shut down your computer. Click OK.
13. Turn your computer back on.
14. Post the entire contents of C:\vundofix.txt in your next reply.

NOTE: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from the second step - "2. Click the Scan for Vundo button." - when VundoFix appears upon rebooting.

Step #5: Deletes all entries in the Restricted & Trusted Zone list
Download DelDomains.inf by right-clicking on the download link below, and choosing the option labelled "Save Target As…". Save DelDomains.inf to your Desktop.
Download DelDomains.inf

Locate DelDomains.inf on your Desktop. Right-click it and select the option labelled "Install".
NOTE 1: You will not see any on-screen action.
NOTE 2 : This will remove all entries in the Trusted, Restricted,and Enhanced Security Configuration Zones. Any previous restricted zone hacks (SpywareBlaster, IE-SPYAD, etc) will need to be reapplyed.

Step #6: Upload a file and scan it
Please go to http://virusscan.jotti.org/ and follow these steps to upload a file and scan it with Jotti's malware scan:
1. Click the Browse... button at the top of the page.
2. Navigate to this file if it is present: C:\Documents and Settings\Charles\Application Data\GDIPFONTCACHEV1.DAT
3. Click Open.
4. Now click the Submit button (positioned next to the Browse... button) to upload the file.
5. Please be patient as the file will be scanned.
6. Once scanned, copy and paste the results in your next reply.

NOTE: In case Jotti is busy, try VirusTotal.com.

Step #7: Re-scan with HijackThis
Scan with HijackThis again and post a new HijackThis log.
______________________________________________________________________________
So in your next reply, please post the entire contents of:
- C:\vundofix.txt
- the Jotti's malware scan scanner results
- a new HijackThis log
NOTE: Use several posts if necessary to include everything in the requested logs.
  • 0

#27
grudz4prez
Posted 16 July 2007 - 10:03 PM

grudz4prez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hello...hope everything is okay, with the unexpected out of town trip. I had not received an email notification...happened to log in and found this. I will work this out on the morning! Thanks again and sorry for the delay on my end.

-Charles
  • 0

#28
grudz4prez
Posted 17 July 2007 - 07:46 AM

grudz4prez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
I uploaded the file....the first one could not be found and the the second f-fix program said it couldn't find anything. How do I check if I have admin rights? Also, how do I proceed with downloading the fixes for this computer if it's offline?
  • 0

#29
grudz4prez
Posted 17 July 2007 - 08:52 AM

grudz4prez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
VundoFix V6.5.6

Checking Java version...

Scan started at 9:49:15 AM 7/17/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Attempting to delete C:\WINDOWS\system32\avldr.dll
C:\WINDOWS\system32\avldr.dll Has been deleted!

Performing Repairs to the registry.
Done!
  • 0

#30
grudz4prez
Posted 17 July 2007 - 09:00 AM

grudz4prez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
File: GDIPFONTCACHEV1.DAT
Status:
OK
MD5: a2e110f9ded55f1f465bbad1391f879e
Packers detected:
-
Bit9 reports: File not found

Scan taken on 17 Jul 2007 14:57:39 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP