Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

big file association problems [CLOSED]

Started by ITS OVER 9000! , Apr 14 2008 04:32 PM

  • This topic is locked This topic is locked

#1
ITS OVER 9000!
Posted 14 April 2008 - 04:32 PM

ITS OVER 9000!

    Member

  • Member
  • PipPip
  • 34 posts
apparently all my file associations have been killed via many viruses (tuvspnk.dll and qwerty12.exe are 2 that i remember, mostly vundos i think) i have tried the kellys corner and dougknox fixes with no sucess since an error message pops up when trying to merge the files with the registry saying something like this: cannot merge the file, some keys are open by the system or other processes -this happens even in safe mode
i can open most .exe files by using task manager to find the file, and then browsing from a list and finding the same file and using it to open itself


heres the hijackthis.log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:43 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1125995842\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25AAE26A-0BD6-45DD-AD15-0D71047F5EEF} - C:\WINDOWS\system32\jkhhf.dll (file missing)
O2 - BHO: (no name) - {26B4794A-1245-41B0-871A-1B1645E66AFD} - C:\WINDOWS\system32\ddccd.dll (file missing)
O2 - BHO: (no name) - {37040851-E64B-4D7B-87A3-F36FEED3848F} - C:\WINDOWS\system32\mljji.dll (file missing)
O2 - BHO: (no name) - {371FEF79-CFE3-487B-9E45-F5ACEBBDBF53} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: (no name) - {4ea765f3-fcb3-445a-b434-aa5f03c12f70} - C:\WINDOWS\system32\kbdcab.dll (file missing)
O2 - BHO: (no name) - {6C8E28EB-DBCA-4DB6-8CCA-D5B0CB23FACD} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {74774CAE-1C84-46ED-8A89-115FD5EAA64E} - C:\WINDOWS\system32\mllmm.dll (file missing)
O2 - BHO: (no name) - {760417CF-BBEB-4FD1-BF04-59D25D2822B1} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7F54F748-3985-4677-B26C-9B2628D07863} - C:\WINDOWS\system32\ddcyy.dll (file missing)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll (file missing)
O2 - BHO: (no name) - {95D213D6-08FF-4A61-8FAA-FE888BDEF140} - C:\WINDOWS\system32\awtsp.dll (file missing)
O2 - BHO: BndDrive BHO Class - {9815DA81-2E0C-478c-90E4-06E474E704D0} - C:\Program Files\ISM\BndDrive.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FD90F6A1-B9A5-496D-B458-20C27FD22631} - C:\WINDOWS\system32\mllml.dll (file missing)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125995842\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\bak\McAgent.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1125995842\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1125995842\ee\SSCRun.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\bak\McUpdate.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AIMPro] "c:\documents and settings\owner\my documents\aimpro.exe"
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c cd /d & Combobatch.bat
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Qromkkez] C:\WINDOWS\system32\?dobe\r?gedit.exe
O4 - HKCU\..\Run: [Cpue] "c:\windows\system32\netdde.exe" -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [DriverCheck] (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [SystemDriverLoad] (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [FDriver] (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [ADriver] (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [CDriver] (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [DDriver] (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [Qromkkez] C:\WINDOWS\system32\?dobe\r?gedit.exe (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [Cpue] "c:\windows\system32\netdde.exe" -vt ndrv (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Oemreset(2).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset(3).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset(4).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset(5).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset.lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1192926817140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1185590329843
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...159/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FB00B36-F128-4C92-AEFC-70325BA98A00}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{727434ED-766F-4DB8-90B0-888440375C0C}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{8669EF29-E7AE-439C-8F73-ED7F45015D0D}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED11CF94-1EC9-48E3-B3ED-FC22BF856350}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.43 85.255.112.165
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O21 - SSODL: IEFilter - {95B43733-1D3F-44FE-B1EC-28A828214583} - C:\WINDOWS\system32\IEFilter.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1125995842\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: MS Software Shadow Download Provider (dnlsvc) - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\dnlsvc.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Service - Unknown owner - C:\WINDOWS\system32\Service.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\system32\dmqgy.exe (file missing)

--
End of file - 12892 bytes

Edited by ITS OVER 9000!, 14 April 2008 - 04:34 PM.

  • 0

Advertisements

#2
Stamper19
Posted 18 April 2008 - 05:48 AM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi Its Over 9000,

Welcome to Geeks to Go!

My name is Stamper19 and I will be helping you with your Malware problem. During the course of our interactions please be sure to follow all instructions carefully, and ask questions if you are unsure of how to proceed at any point. :)

----------------------------------------------------------------

Please download Deckard's System Scanner (DSS) to your Desktop.

  • Close all applications and windows.
  • Double-click on DSS.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.

----------------------------------------------------------------

Information to include in your next post:
  • main.txt and extra.txt from DSS

  • 0

#3
ITS OVER 9000!
Posted 19 April 2008 - 04:54 PM

ITS OVER 9000!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
thanks for the help... double clicking doesnt work, so i ran it using the process i posted in the first post

when it got to removing temporary files there was an error message that said it had encountered a problem and needed to close

what should i do now?

Edited by ITS OVER 9000!, 19 April 2008 - 04:54 PM.

  • 0

#4
Stamper19
Posted 19 April 2008 - 05:02 PM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#5
ITS OVER 9000!
Posted 19 April 2008 - 07:53 PM

ITS OVER 9000!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
i just tried that and when i ran it, it asked me to find a file called nircmd.com and open it, then it said C: windows/regedit.exe could not be found (im assuming thats very bad) and then it asked me to find nircmd.com again

if this is counfusing i cuold try to take screenshots step by step of what i did
  • 0

#6
Stamper19
Posted 20 April 2008 - 06:52 AM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Lets try one more scan before we change our approach.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#7
ITS OVER 9000!
Posted 20 April 2008 - 03:22 PM

ITS OVER 9000!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
during the installation an error came up that said
failed to register DLL/OCX: RegSvr32 failed with exit code OX5, i was then prompted to ingore retry or abort installation. after retrying several times i chose to ignore. the program is now scanning, and i will edit this post with the results once it is finished

edit: it found and removed 52 objects including a few registry keys, but i cant open the log since there is no file association for it... i can open it with task manager but i dont know exactly where to find it

Edited by ITS OVER 9000!, 20 April 2008 - 03:30 PM.

  • 0

#8
Stamper19
Posted 21 April 2008 - 05:39 AM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Please download DAFT and save it to your desktop:
  • Double-click the daft.exe icon.
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.

Let me know if you are able to do this. Also, please post a fresh HiJack This Log
  • 0

#9
ITS OVER 9000!
Posted 21 April 2008 - 11:51 AM

ITS OVER 9000!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
i selected all anf clicked fix, but when i rescanned everything came up again
heres the new hjt log
thanks for staying with me

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:20 PM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1125995842\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25AAE26A-0BD6-45DD-AD15-0D71047F5EEF} - C:\WINDOWS\system32\jkhhf.dll (file missing)
O2 - BHO: (no name) - {26B4794A-1245-41B0-871A-1B1645E66AFD} - C:\WINDOWS\system32\ddccd.dll (file missing)
O2 - BHO: (no name) - {37040851-E64B-4D7B-87A3-F36FEED3848F} - C:\WINDOWS\system32\mljji.dll (file missing)
O2 - BHO: (no name) - {371FEF79-CFE3-487B-9E45-F5ACEBBDBF53} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: (no name) - {4ea765f3-fcb3-445a-b434-aa5f03c12f70} - C:\WINDOWS\system32\kbdcab.dll (file missing)
O2 - BHO: (no name) - {6C8E28EB-DBCA-4DB6-8CCA-D5B0CB23FACD} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {74774CAE-1C84-46ED-8A89-115FD5EAA64E} - C:\WINDOWS\system32\mllmm.dll (file missing)
O2 - BHO: (no name) - {760417CF-BBEB-4FD1-BF04-59D25D2822B1} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7F54F748-3985-4677-B26C-9B2628D07863} - C:\WINDOWS\system32\ddcyy.dll (file missing)
O2 - BHO: (no name) - {95D213D6-08FF-4A61-8FAA-FE888BDEF140} - C:\WINDOWS\system32\awtsp.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FD90F6A1-B9A5-496D-B458-20C27FD22631} - C:\WINDOWS\system32\mllml.dll (file missing)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125995842\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\bak\McAgent.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1125995842\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1125995842\ee\SSCRun.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\bak\McUpdate.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AIMPro] "c:\documents and settings\owner\my documents\aimpro.exe"
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c cd /d & Combobatch.bat
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Qromkkez] C:\WINDOWS\system32\?dobe\r?gedit.exe
O4 - HKCU\..\Run: [Cpue] "c:\windows\system32\netdde.exe" -vt ndrv
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [DDriver] (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [Qromkkez] C:\WINDOWS\system32\?dobe\r?gedit.exe (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [Cpue] "c:\windows\system32\netdde.exe" -vt ndrv (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DDriver] (User '?')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Oemreset(2).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset(3).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset(4).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset(5).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset.lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1192926817140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1185590329843
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...159/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FB00B36-F128-4C92-AEFC-70325BA98A00}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{727434ED-766F-4DB8-90B0-888440375C0C}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{8669EF29-E7AE-439C-8F73-ED7F45015D0D}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED11CF94-1EC9-48E3-B3ED-FC22BF856350}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.43 85.255.112.165
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O21 - SSODL: IEFilter - {95B43733-1D3F-44FE-B1EC-28A828214583} - C:\WINDOWS\system32\IEFilter.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1125995842\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Service - Unknown owner - C:\WINDOWS\system32\Service.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 12120 bytes
  • 0

#10
Stamper19
Posted 21 April 2008 - 11:56 AM

Stamper19

    Expert

  • Expert
  • 1,992 posts

i selected all anf clicked fix, but when i rescanned everything came up again

When you rescanned what? :)

thanks for staying with me

Youre welcome :)
  • 0

Advertisements

#11
ITS OVER 9000!
Posted 21 April 2008 - 11:59 AM

ITS OVER 9000!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
sorry... meant to say- i selected all and clicked fix, but when i did the rescan with daft.exe all the same files came up, as if nothing had been fixed
  • 0

#12
Stamper19
Posted 21 April 2008 - 12:02 PM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Please download VundoFix.exe to your desktop

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
  • 0

#13
ITS OVER 9000!
Posted 21 April 2008 - 12:11 PM

ITS OVER 9000!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
i remember vundofix... helped me before i think

it didn't find anything
i wasn't sure if you wanted the entire thing or jsut the most recent, so this is the entire thing

VundoFix V6.5.11

Checking Java version...

Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.

Scan started at 1:48:28 PM 11/8/2007

Listing files found while scanning....

C:\windows\system32\ahhpkdxr.ini
C:\WINDOWS\system32\awtsp.dll
C:\windows\system32\axyvfswg.dll
C:\WINDOWS\system32\biidncxm.dll
C:\windows\system32\ehbbdsgk.ini
C:\windows\system32\etvnmhsj.dll
C:\windows\system32\gwsfvyxa.ini
C:\windows\system32\halvssiy.dll
C:\windows\system32\ibtlftlj.ini
C:\windows\system32\jachqucy.ini
C:\windows\system32\jltfltbi.dll
C:\windows\system32\jocuwjfs.dll
C:\windows\system32\jshmnvte.ini
C:\windows\system32\kbdcab.dll
C:\windows\system32\kgsdbbhe.dll
C:\windows\system32\lcfgxglm.dll
C:\windows\system32\mlgxgfcl.ini
C:\windows\system32\mxknnycy.dll
C:\windows\system32\myjnecmo.dll
C:\WINDOWS\system32\pstwa.bak1
C:\WINDOWS\system32\pstwa.bak2
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\pstwa.ini2
C:\WINDOWS\system32\pstwa.tmp
C:\windows\system32\qbrpvwcv.ini
C:\windows\system32\rxdkphha.dll
C:\windows\system32\sfjwucoj.ini
C:\WINDOWS\system32\tmp6E.tmp.dll
C:\WINDOWS\system32\tmp7.tmp.dll
C:\WINDOWS\system32\tuvspnk.dll
C:\windows\system32\uvhdyasr.dll
C:\windows\system32\vcwvprbq.dll
C:\WINDOWS\system32\vnejkgyc.dll
C:\windows\system32\vytpfsfw.dll
C:\windows\system32\wfsfptyv.ini
C:\windows\system32\xrwgswbi.dll
C:\windows\system32\ycuqhcaj.dll
C:\windows\system32\ycynnkxm.ini
C:\windows\system32\yknfdkel.dll
C:\windows\system32\yrejqxyg.dll

Beginning removal...

Attempting to delete C:\windows\system32\ahhpkdxr.ini
C:\windows\system32\ahhpkdxr.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\system32\awtsp.dll Has been deleted!

Attempting to delete C:\windows\system32\axyvfswg.dll
C:\windows\system32\axyvfswg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\biidncxm.dll
C:\WINDOWS\system32\biidncxm.dll Has been deleted!

Attempting to delete C:\windows\system32\ehbbdsgk.ini
C:\windows\system32\ehbbdsgk.ini Has been deleted!

Attempting to delete C:\windows\system32\etvnmhsj.dll
C:\windows\system32\etvnmhsj.dll Has been deleted!

Attempting to delete C:\windows\system32\gwsfvyxa.ini
C:\windows\system32\gwsfvyxa.ini Has been deleted!

Attempting to delete C:\windows\system32\halvssiy.dll
C:\windows\system32\halvssiy.dll Has been deleted!

Attempting to delete C:\windows\system32\ibtlftlj.ini
C:\windows\system32\ibtlftlj.ini Has been deleted!

Attempting to delete C:\windows\system32\jachqucy.ini
C:\windows\system32\jachqucy.ini Has been deleted!

Attempting to delete C:\windows\system32\jltfltbi.dll
C:\windows\system32\jltfltbi.dll Has been deleted!

Attempting to delete C:\windows\system32\jocuwjfs.dll
C:\windows\system32\jocuwjfs.dll Has been deleted!

Attempting to delete C:\windows\system32\jshmnvte.ini
C:\windows\system32\jshmnvte.ini Has been deleted!

Attempting to delete C:\windows\system32\kbdcab.dll
C:\windows\system32\kbdcab.dll Has been deleted!

Attempting to delete C:\windows\system32\kgsdbbhe.dll
C:\windows\system32\kgsdbbhe.dll Has been deleted!

Attempting to delete C:\windows\system32\lcfgxglm.dll
C:\windows\system32\lcfgxglm.dll Has been deleted!

Attempting to delete C:\windows\system32\mlgxgfcl.ini
C:\windows\system32\mlgxgfcl.ini Has been deleted!

Attempting to delete C:\windows\system32\mxknnycy.dll
C:\windows\system32\mxknnycy.dll Has been deleted!

Attempting to delete C:\windows\system32\myjnecmo.dll
C:\windows\system32\myjnecmo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pstwa.bak1
C:\WINDOWS\system32\pstwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pstwa.bak2
C:\WINDOWS\system32\pstwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\pstwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pstwa.ini2
C:\WINDOWS\system32\pstwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pstwa.tmp
C:\WINDOWS\system32\pstwa.tmp Has been deleted!

Attempting to delete C:\windows\system32\qbrpvwcv.ini
C:\windows\system32\qbrpvwcv.ini Has been deleted!

Attempting to delete C:\windows\system32\rxdkphha.dll
C:\windows\system32\rxdkphha.dll Has been deleted!

Attempting to delete C:\windows\system32\sfjwucoj.ini
C:\windows\system32\sfjwucoj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\tmp7.tmp.dll
C:\WINDOWS\system32\tmp7.tmp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvspnk.dll
C:\WINDOWS\system32\tuvspnk.dll Could not be deleted.

Attempting to delete C:\windows\system32\uvhdyasr.dll
C:\windows\system32\uvhdyasr.dll Has been deleted!

Attempting to delete C:\windows\system32\vcwvprbq.dll
C:\windows\system32\vcwvprbq.dll Has been deleted!

Attempting to delete C:\windows\system32\vytpfsfw.dll
C:\windows\system32\vytpfsfw.dll Has been deleted!

Attempting to delete C:\windows\system32\wfsfptyv.ini
C:\windows\system32\wfsfptyv.ini Has been deleted!

Attempting to delete C:\windows\system32\xrwgswbi.dll
C:\windows\system32\xrwgswbi.dll Has been deleted!

Attempting to delete C:\windows\system32\ycuqhcaj.dll
C:\windows\system32\ycuqhcaj.dll Has been deleted!

Attempting to delete C:\windows\system32\ycynnkxm.ini
C:\windows\system32\ycynnkxm.ini Has been deleted!

Attempting to delete C:\windows\system32\yknfdkel.dll
C:\windows\system32\yknfdkel.dll Has been deleted!

Attempting to delete C:\windows\system32\yrejqxyg.dll
C:\windows\system32\yrejqxyg.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\tuvspnk.dll
C:\WINDOWS\system32\tuvspnk.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.11

Checking Java version...

Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.

Scan started at 12:13:13 PM 11/9/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.5.11

Checking Java version...

Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.

Scan started at 10:13:00 PM 4/19/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.5.11

Checking Java version...

Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.

Scan started at 2:05:39 PM 4/21/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...





and heres the hjt log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:31 PM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1125995842\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25AAE26A-0BD6-45DD-AD15-0D71047F5EEF} - C:\WINDOWS\system32\jkhhf.dll (file missing)
O2 - BHO: (no name) - {26B4794A-1245-41B0-871A-1B1645E66AFD} - C:\WINDOWS\system32\ddccd.dll (file missing)
O2 - BHO: (no name) - {37040851-E64B-4D7B-87A3-F36FEED3848F} - C:\WINDOWS\system32\mljji.dll (file missing)
O2 - BHO: (no name) - {371FEF79-CFE3-487B-9E45-F5ACEBBDBF53} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: (no name) - {4ea765f3-fcb3-445a-b434-aa5f03c12f70} - C:\WINDOWS\system32\kbdcab.dll (file missing)
O2 - BHO: (no name) - {6C8E28EB-DBCA-4DB6-8CCA-D5B0CB23FACD} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {74774CAE-1C84-46ED-8A89-115FD5EAA64E} - C:\WINDOWS\system32\mllmm.dll (file missing)
O2 - BHO: (no name) - {760417CF-BBEB-4FD1-BF04-59D25D2822B1} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7F54F748-3985-4677-B26C-9B2628D07863} - C:\WINDOWS\system32\ddcyy.dll (file missing)
O2 - BHO: (no name) - {95D213D6-08FF-4A61-8FAA-FE888BDEF140} - C:\WINDOWS\system32\awtsp.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FD90F6A1-B9A5-496D-B458-20C27FD22631} - C:\WINDOWS\system32\mllml.dll (file missing)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125995842\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\bak\McAgent.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1125995842\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1125995842\ee\SSCRun.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\bak\McUpdate.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AIMPro] "c:\documents and settings\owner\my documents\aimpro.exe"
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c cd /d & Combobatch.bat
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Qromkkez] C:\WINDOWS\system32\?dobe\r?gedit.exe
O4 - HKCU\..\Run: [Cpue] "c:\windows\system32\netdde.exe" -vt ndrv
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [DDriver] (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [Qromkkez] C:\WINDOWS\system32\?dobe\r?gedit.exe (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [Cpue] "c:\windows\system32\netdde.exe" -vt ndrv (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DDriver] (User '?')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Oemreset(2).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset(3).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset(4).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset(5).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset.lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1192926817140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1185590329843
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...159/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FB00B36-F128-4C92-AEFC-70325BA98A00}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{727434ED-766F-4DB8-90B0-888440375C0C}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{8669EF29-E7AE-439C-8F73-ED7F45015D0D}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED11CF94-1EC9-48E3-B3ED-FC22BF856350}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.43 85.255.112.165
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O21 - SSODL: IEFilter - {95B43733-1D3F-44FE-B1EC-28A828214583} - C:\WINDOWS\system32\IEFilter.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1125995842\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Service - Unknown owner - C:\WINDOWS\system32\Service.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 12153 bytes
  • 0

#14
Stamper19
Posted 21 April 2008 - 12:33 PM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi Its Over 9000,

Lets do a bit of manual cleanup and see if we cant get things moving a bit better here.

----------------------------------------------------------------

Lets delete some ill mannered files.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    c:\windows\system32\netdde.exe
purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

----------------------------------------------------------------

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {25AAE26A-0BD6-45DD-AD15-0D71047F5EEF} - C:\WINDOWS\system32\jkhhf.dll (file missing)
O2 - BHO: (no name) - {26B4794A-1245-41B0-871A-1B1645E66AFD} - C:\WINDOWS\system32\ddccd.dll (file missing)
O2 - BHO: (no name) - {37040851-E64B-4D7B-87A3-F36FEED3848F} - C:\WINDOWS\system32\mljji.dll (file missing)
O2 - BHO: (no name) - {371FEF79-CFE3-487B-9E45-F5ACEBBDBF53} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: (no name) - {4ea765f3-fcb3-445a-b434-aa5f03c12f70} - C:\WINDOWS\system32\kbdcab.dll (file missing)
O2 - BHO: (no name) - {6C8E28EB-DBCA-4DB6-8CCA-D5B0CB23FACD} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {74774CAE-1C84-46ED-8A89-115FD5EAA64E} - C:\WINDOWS\system32\mllmm.dll (file missing)
O2 - BHO: (no name) - {760417CF-BBEB-4FD1-BF04-59D25D2822B1} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: (no name) - {7F54F748-3985-4677-B26C-9B2628D07863} - C:\WINDOWS\system32\ddcyy.dll (file missing)
O2 - BHO: (no name) - {95D213D6-08FF-4A61-8FAA-FE888BDEF140} - C:\WINDOWS\system32\awtsp.dll (file missing)
O2 - BHO: (no name) - {FD90F6A1-B9A5-496D-B458-20C27FD22631} - C:\WINDOWS\system32\mllml.dll (file missing)
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c cd /d & Combobatch.bat
O4 - HKCU\..\Run: [Qromkkez] C:\WINDOWS\system32\?dobe\r?gedit.exe
O4 - HKCU\..\Run: [Cpue] "c:\windows\system32\netdde.exe" -vt ndrv

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.
----------------------------------------------------------------

Information to include in your next post:
  • OTMoveIt2 Log
  • Fresh HijackThis Log

  • 0

#15
ITS OVER 9000!
Posted 22 April 2008 - 12:09 PM

ITS OVER 9000!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
there were no error messages while doing any of this

heres the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:11 PM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1125995842\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125995842\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\bak\McAgent.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1125995842\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1125995842\ee\SSCRun.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\bak\McUpdate.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AIMPro] "c:\documents and settings\owner\my documents\aimpro.exe"
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [DDriver] (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CDriver] (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DDriver] (User '?')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Oemreset(2).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset(3).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset(4).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset(5).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset.lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1192926817140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1185590329843
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...159/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FB00B36-F128-4C92-AEFC-70325BA98A00}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{727434ED-766F-4DB8-90B0-888440375C0C}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{8669EF29-E7AE-439C-8F73-ED7F45015D0D}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED11CF94-1EC9-48E3-B3ED-FC22BF856350}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.43 85.255.112.165
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O21 - SSODL: IEFilter - {95B43733-1D3F-44FE-B1EC-28A828214583} - C:\WINDOWS\system32\IEFilter.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1125995842\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Service - Unknown owner - C:\WINDOWS\system32\Service.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 10465 bytes

and heres the otmoveit log

c:\windows\system32\netdde.exe moved successfully.
< purity >
C:\WINDOWS\system32\Аdobe moved successfully.
C:\Program Files\sуstem32\sуstem32 moved successfully.
C:\Program Files\sуstem32\bak moved successfully.
C:\Program Files\sуstem32 moved successfully.
C:\Documents and Settings\Owner\Application Data\ѕymbols moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04222008_140303
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP