crazyJoe
-
Content Count
14 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by crazyJoe
-
-
Open Hijackthis and click scan. Then check mark the following entries
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\gfpxsmnh.dll (file missing)
O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\ssqolkj.dll (file missing)
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O20 - Winlogon Notify: ssqolkj - ssqolkj.dll (file missing)
O20 - Winlogon Notify: wingvd32 - wingvd32.dll (file missing)
Now close all open windows except Hijackthis and click fix checked
Then post a new Hijackthis log here in a reply.
Logfile of HijackThis v1.99.1
Scan saved at 10:18:57 PM, on 7/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HJT.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [systemTray] SysTray.Exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)
O11 - Options group: [iNTERNATIONAL] International*
O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
-
Lets try this agian...
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Logfile of HijackThis v1.99.1
Scan saved at 7:21:45 PM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Program Files\Messenger\msmsgs.exe
E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE
C:\HijackThis\HJT.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\gfpxsmnh.dll (file missing)
O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\ssqolkj.dll (file missing)
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O4 - HKLM\..\Run: [systemTray] SysTray.Exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)
O11 - Options group: [iNTERNATIONAL] International*
O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab
O20 - Winlogon Notify: ssqolkj - ssqolkj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingvd32 - wingvd32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
///////////////
VundoFix V6.4.1
Checking Java version...
Scan started at 1:40:11 PM 6/3/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.4.1
Checking Java version...
Scan started at 8:53:28 PM 6/4/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.4.1
Checking Java version...
Scan started at 9:24:05 AM 6/8/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.4.1
Checking Java version...
Scan started at 1:49:16 PM 6/8/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.4.1
Checking Java version...
Scan started at 4:57:55 PM 6/30/2007
Listing files found while scanning....
C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini2
VundoFix V6.4.1
Checking Java version...
Scan started at 6:55:46 PM 7/11/2007
Listing files found while scanning....
No infected files were found.
- Double-click VundoFix.exe to run it.
-
Please make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...=view&id=34
Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.
Delete the folders. (if present)
c:\program files\Winad Client
C:\Documents and Settings\default\Favorites\Finances & Business
C:\VundoFix Backups
C:\QooBox\Quarantine
Delete the files. (if present)
c:\windows\downloaded program files\f3initialsetup1.0.0.6.inf
c:\windows\msbb.exe.temp
c:\windows\SMDAT32M.SYS
c:\windows\kwv2.dat
C:\WINDOWS\SYSTEM32\GSAIIJKJ.EXE
C:\Program Files\Common Files\Totem Shared\Update\Bpk.dll.131
C:\Program Files\Common Files\Totem Shared\Update\Distribution.dll.048
C:\Program Files\Common Files\Totem Shared\Update\FavoriteLinks.dll.066
C:\Program Files\Common Files\Totem Shared\Update\FreeSamples.dll.041
C:\Program Files\Common Files\Totem Shared\Update\Music.dll.023
C:\Program Files\Common Files\Totem Shared\Update\Network.dll.062
C:\Program Files\Common Files\Totem Shared\Update\System.dll.088
C:\Program Files\Common Files\Totem Shared\Update\Update.dll.066
C:\Program Files\Common Files\Totem Shared\Update\Windows.dll.074
C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.044
C:\Program Files\Mozilla Firefox\PLUGINS\NPCLNTAX.DLL
C:\Documents and Settings\All Users\Application Data\YPWFKZUP.EXE
C:\Documents and Settings\Collin\Local Settings\Temp\win1C.tmp.exe
Reboot and post a new Hijackthis log here in a reply.
Logfile of HijackThis v1.99.1
Scan saved at 11:21:57 AM, on 6/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\All Users\Application Data\xiladgte.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\scchk32.exe
C:\Program Files\Messenger\msmsgs.exe
E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HJT.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {15121244-9A9B-415A-8902-559BF75BC4D9} - C:\WINDOWS\system32\awtss.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\gfpxsmnh.dll
O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\ssqolkj.dll (file missing)
O4 - HKLM\..\Run: [systemTray] SysTray.Exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [xiladgte.exe] C:\Documents and Settings\All Users\Application Data\xiladgte.exe
O4 - HKLM\..\Run: [sC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\lcoyajfo.dll",forkonce
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)
O11 - Options group: [iNTERNATIONAL] International*
O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll
O20 - Winlogon Notify: ssqolkj - ssqolkj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingvd32 - wingvd32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
-
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Please go HERE to run Panda's ActiveScan
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on My Computer to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Incident Status Location
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.6.inf
Adware:adware/ncase Not disinfected c:\windows\msbb.exe.temp
Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\SMDAT32M.SYS
Adware:adware/ieplugin Not disinfected c:\windows\kwv2.dat
Adware:adware/winad Not disinfected c:\program files\Winad Client
Adware:adware/elitebar Not disinfected C:\Documents and Settings\default\Favorites\Finances & Business
Adware:adware/wupd Not disinfected Windows Registry
Potentially unwanted tool:application/need2find Not disinfected hkey_current_user\software\Need2Find
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Adware:adware/dyfuca Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Adware:adware/comet Not disinfected Windows Registry
Adware:adware/statblaster Not disinfected Windows Registry
Virus:Trj/Downloader.OZB Not disinfected C:\WINDOWS\SYSTEM32\GSAIIJKJ.EXE[DDC.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NIRCMD.EXE
Adware:Adware/Lop Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Bpk.dll.131
Adware:Adware/IST Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Distribution.dll.048
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\FavoriteLinks.dll.066
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\FreeSamples.dll.041
Adware:Adware/IST Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Music.dll.023
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Network.dll.062
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\System.dll.088
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Update.dll.066
Adware:Adware/IST Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Windows.dll.074
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.044
Adware:Adware/Zango Not disinfected C:\Program Files\Mozilla Firefox\PLUGINS\NPCLNTAX.DLL
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\A1VirusTools\ComboFix.exe[ComboFixT\nircmd.exe]
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\fhuxqrid.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ntouftsl.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\nwyehhig.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\savlmilo.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\uvreqkva.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\wirlpctd.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\cbxuurp.dll.bad
Spyware:Spyware/New.net Not disinfected C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall6_84.exe.vir
Virus:Trj/Downloader.ORT Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\csycqfyp.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gdefgmjm.dll.vir
Virus:Trj/Downloader.ORT Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\oyhfpdoy.dll.vir
Spyware:Cookie/Go Not disinfected C:\FOUND.010\FILE0000.CHK
Spyware:Cookie/Go Not disinfected C:\FOUND.011\FILE0000.CHK
Spyware:Cookie/Go Not disinfected C:\FOUND.011\FILE0001.CHK
Spyware:Cookie/Go Not disinfected C:\FOUND.012\FILE0000.CHK
Virus:Trj/Agent.FOX Disinfected C:\Documents and Settings\All Users\Application Data\YPWFKZUP.EXE
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Profiles\CLANSZ\TITSHPRY.SLT\COOKIES.TXT[.xiti.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Profiles\Default User\RAC5RH9Z.SLT\COOKIES.TXT[.target.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\COOKIES.TXT[.statcounter.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\COOKIES.TXT[www.winantiviruspro.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\COOKIES.TXT[.apmebf.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\COOKIES.TXT[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\COOKIES.TXT[.bravenet.com/]
Virus:Trj/Downloader.OJF Disinfected C:\Documents and Settings\Collin\Local Settings\Temp\win1C.tmp.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Collin\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Collin\Start Menu\Programs\Startup\PowerReg Scheduler.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Rachel\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Rachel\Application Data\Netscape\NSB\Profiles\ygvctc98.default\COOKIES.TXT[.terra.com.br/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Rachel\Application Data\Netscape\NSB\Profiles\ygvctc98.default\COOKIES.TXT[.i.screensavers.com/]
- Double-click ATF-Cleaner.exe to run the program.
-
Can you please try in normal mode?
OK, finally got the report from Safe Mode. Would it help to see the Normal Mode scan at this time ?
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:56:28 AM 6/19/2007
+ Scan result:
:mozilla.33:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.54:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.55:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.56:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.57:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.85:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.69:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.70:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.71:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.72:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.73:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.74:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.75:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.76:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.77:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.31:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Collin\Cookies\collin@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.79:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.80:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.81:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.82:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.83:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.84:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.98:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.99:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.115:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.43:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.48:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.49:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.50:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.22:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.26:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Collin\Cookies\collin@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.6:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.86:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.87:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.88:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.89:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.90:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.91:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.92:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.93:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.94:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.124:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.100:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.101:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.102:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.35:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.36:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.37:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
-
First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
- Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
- Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
- On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
[*]Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
- Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: - Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
- Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
- AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following: - If you have any infections you will prompted, then select "Apply all actions"
- Next select the "Reports" icon at the top.
- Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
- Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Did all suggestions including -> Select "Automatically generate report after every scan". After the scan was completed, selected "
Apply all actions", selected "Reports", but the reports page showed "none available."
Looks like the AVG scan reported several items including tracking cookies, etc. Any suggestions at this point ?
By the way, The AVG version shows "7.5.1.43 trial"
Thanks
- Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
-
Please go here to upload a suspicious file for analysis.
- Enter your username from this forum
- Copy and paste the link to this thread
- Browse for this filename: C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe
- In the comments, please mention that I asked you to upload this file
- Click on Send File
Do the same for the following...
C:\WINDOWS\System32\mcrh.tmp
C:\WINDOWS\System32\gsaiijkj.exe
C:\WINDOWS\System32\avjdrupo.dll
C:\WINDOWS\System32\qhyfhewr.dll
C:\WINDOWS\System32\xjs.dll
C:\WINDOWS\System32\dllcache\hwxjpn.dll
From the UploadMalware.com site :
Your file (ypwfkzup.exe) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file.
The file you tried to upload was 0 Bytes or something prevented it from being uploaded. If someone requested you upload the file please let them know.Your file (gsaiijkj.exe) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file.
Your file (avjdrupo.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file.
Your file (qhyfhewr.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file.
Your file (xjs.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file.
Could not locate:
C:\WINDOWS\System32\dllcache\hwxjpn.dll
- Enter your username from this forum
-
Download WindPFind
Extract WinPFind.zip to your c:\ folder.
Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.
Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.
WinPFind logfile created on: 6/9/2007 6:28:03 PM
WinPFind by OldTimer - v2.0.3 Folder = C:\Documents and Settings\default\Desktop\WinPFind\
»»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600
Internet Explorer Version: 7.0.5730.11
»»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»»
319.30 Mb Total Physical Memory | 192.35 Mb Available Physical Memory | 60.24% Memory free
774.13 Mb Paging File | 712.59 Mb Available in Paging File | 92.05% Paging File free
Paging file location(s): C:\pagefile.sys 480 960;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.00 Gb Total Space | 3.46 Gb Free Space | 18.22% Space Free
Drive D: | 588.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
Drive E: | 38.28 Gb Total Space | 1.50 Gb Free Space | 3.92% Space Free
F: Drive not present or media not loaded
Computer Name: BASEMENTDELL
Current User Name: Administrator
Logged in as Administrator.
Cannot determine boot mode.
»»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»»
C:\Documents and Settings\default\Desktop\WinPFind\WinPFind.exe (OldTimer Tools)
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
»»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»»
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Stopped]
= C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Stopped]
= C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Stopped]
= C:\Program Files\Grisoft\AVG7\avgemc.exe (GRISOFT, s.r.o.)
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped]
= C:\WINDOWS\SYSTEM32\dmadmin.exe (Microsoft Corp., Veritas Software)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
(InCDsrvR) InCD Helper (read only) [Win32_Own | Auto | Stopped]
= C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG)
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped]
= C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
(LicCtrlService) LicCtrl Service [Win32_Own | Auto | Stopped]
= C:\WINDOWS\runservice.exe (File not found)
(neoNcSvc) Virtual Com Port Service [Win32_Own | Auto | Stopped]
= C:\WINDOWS\system32\ncsvc.exe (File not found)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped]
= C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation)
»»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»
>>>>> Run Keys and Auto-Start Folders <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AVG7_CC = C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
FLMK08KB = E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE ()
HostManager = C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe (America Online, Inc.)
iTunesHelper = E:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
NvCplDaemon = C:\WINDOWS\SYSTEM32\nvcpl.dll (NVIDIA Corporation)
nwiz = nwiz.exe (File not found)
QuickTime Task = C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AVG7_Run = C:\Program Files\Grisoft\AVG7\avgw.exe (GRISOFT, s.r.o.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
Installed = 1
< Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup >
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
= C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
= E:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Resolution Assistant.lnk
= C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe (Motive Communications, Inc.)
< User Startup Folder = C:\Documents and Settings\Administrator\Start Menu\Programs\Startup >
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini ()
>>>>> MsConfig Disabled Items <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
system.ini = 0
win.ini = 0
bootini = 0
services = 0
startup = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
Norton eMail Protect = C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe (File not found)
Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE (File not found)
>>>>> Disabled Startup Folder Items <<<<<
>>>>> Items Started Through Miscellaneous Registry Keys <<<<<
>>>>> Winlogon Keys <<<<<
>>>>> HOSTS File <<<<<
HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 27 bytes | Modified Date: 6/4/2007 8:27:02 PM)
127.0.0.1 localhost
>>>>> Desktop Components <<<<<
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
FriendlyName = My Current Home Page
Source = About:Home
SubscribedURL = About:Home
>>>>> Internet Explorer Settings <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Local Page = %SystemRoot%\system32\blank.htm
Search Bar =
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Start Page = about:blank
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Default_Search_URL = http://www.google.com/ie
SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Local Page = C:\WINDOWS\SYSTEM\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = about:blank
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
SearchAssistant = about:blank
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0
ProxyOverride = ;127.0.0.1
>>>>> Browser Helper Objects <<<<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
- Adobe PDF Reader Link Helper ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) )
>>>>> HKLM Internet Explorer Bars <<<<<
>>>>> HKCU Internet Explorer Bars <<<<<
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
>>>>> HKLM Internet Explorer ToolBars <<<<<
>>>>> HKCU Internet Explorer ToolBars <<<<<
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\ShellBrowser]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
>>>>> HKCU Internet Explorer CmdMapping <<<<<
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} = 8196 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} = 8197 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} = 8195 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{EE117DAA-A30B-40FC-945C-38AE1B80C1FA} = 8192 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{FB5F1910-F110-11d2-BB9E-00C04F795683} = 8194 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
NextId = 8199
>>>>> HKLM Internet Explorer Extensions <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}]
MenuText = Sun Java Console
ClsidExtension = {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Web Browser Applet Control ( HKLM C:\WINDOWS\SYSTEM32\MSJAVA.DLL (Microsoft Corporation) )
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}]
ButtonText = Research
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}]
ButtonText = AIM
Exec = C:\PROGRAM FILES\Netscape\COMMUNICATOR\Program\AIM\aim.exe (America Online, Inc.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}]
ButtonText = Real.com
>>>>> HKCU Internet Explorer Menu Extensions <<<<<
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Viewpoint Search]
@ = C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL\CXTSEARCH.HTM (File not found)
>>>>> HKLM Internet Explorer Plugins Extensions <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\.htm]
Location = E:\Program Files\Netscape\plugins\npTrident.dll (Netscape Communications Corp.)
>>>>> HKLM Approved Shell Extensions <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} = Shell Autoplay for Slideshow ( HKLM = Reg Data - Key not found (File not found) )
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Taskbar and Start Menu ( HKLM = Reg Data - Key not found (File not found) )
{1CDB2949-8F65-4355-8456-263E7C208A5D} = Desktop Explorer ( HKLM = C:\WINDOWS\SYSTEM32\nvshell.dll () )
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu ( HKLM = C:\WINDOWS\SYSTEM32\nvshell.dll () )
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} = nView Desktop Context Menu ( HKLM = C:\WINDOWS\SYSTEM32\nvshell.dll () )
{32020A01-506E-484D-A2A8-BE3CF17601C3} = AlcoholShellEx ( HKLM = E:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll (File not found) )
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Display Panning CPL Extension ( HKLM = deskpan.dll (File not found) )
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Shell extensions for file compression ( CLSID not found! )
{7A9D77BD-5403-11d2-8785-2E0420524153} = User Accounts ( HKLM = Reg Data - Key not found (File not found) )
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Encryption Context Menu ( CLSID not found! )
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\SYSTEM32\hticons.dll (Hilgraeve, Inc.) )
{950FF917-7A57-46BC-8017-59D9BF474000} = Shell Extension for CDRW ( HKLM = C:\Program Files\Ahead\InCD\incdshx.dll (Ahead Software AG) )
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG7 Shell Extension Class ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} = AVG7 Find Extension Class ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )
{A70C977A-BF00-412C-90B7-034C51DA2439} = DesktopContext Class ( HKLM = C:\WINDOWS\SYSTEM32\nvcpl.dll (NVIDIA Corporation) )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes ( HKLM = E:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Inc.) )
{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE} = eLicense Control ( HKLM = C:\WINDOWS\lcmmfu.cpl () )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = RealOne Player Context Menu Class ( HKLM = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.) )
{FFB699E0-306A-11d3-8BD1-00104B6F7516} = NVIDIA CPL Extension ( HKLM = C:\WINDOWS\SYSTEM32\nvcpl.dll (NVIDIA Corporation) )
>>>>> HKCU Approved Shell Extensions <<<<<
>>>>> Context Menu Handlers / Column Handlers <<<<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension]
@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlersnView]
@ = {1E9B04FB-F9E5-4718-997B-B8DA88302A48} ( HKLM = C:\WINDOWS\SYSTEM32\nvshell.dll () )
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\InCDMenu]
@ = {950FF917-7A57-46BC-8017-59D9BF474000} ( HKLM = C:\Program Files\Ahead\InCD\incdshx.dll (Ahead Software AG) )
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\NvCplDesktopContext]
@ = {A70C977A-BF00-412C-90B7-034C51DA2439} ( HKLM = C:\WINDOWS\SYSTEM32\nvcpl.dll (NVIDIA Corporation) )
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension]
@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}]
- PDF Shell Extension ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll (Adobe Systems, Inc.) )
>>>>> Policy Keys <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID]
{17492023-C23A-453E-A040-C7C580BBF700} = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
dontdisplaylastusername = 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1
undockwithoutlogon = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp]
NoRealMode = 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = ( 149 0 0 0 ) - •
CDRAutoRun = ( 0 0 0 0 ) -
Btn_Back = 0
Btn_Forward = 0
Btn_Stop = 0
Btn_Refresh = 0
Btn_Home = 0
Btn_Search = 0
Btn_History = 0
Btn_Favorites = 0
Btn_Folders = 0
Btn_Fullscreen = 0
Btn_Tools = 0
Btn_MailNews = 0
Btn_Size = 0
Btn_Print = 0
Btn_Edit = 0
Btn_Discussions = 0
Btn_Cut = 0
Btn_Copy = 0
Btn_Paste = 0
Btn_Encoding = 0
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer]*
>>>>> Security Providers <<<<<
>>>>> Session Manager Settings <<<<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
BootExecute = autocheck autochk *;
ExcludeFromKnownDlls =
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
ComSpec = %SystemRoot%\system32\cmd.exe ( C:\WINDOWS\SYSTEM32\cmd.exe (Microsoft Corporation) )
TEMP = C:\WINDOWS\TEMP
TMP = C:\WINDOWS\TEMP
windir = C:\WINDOWS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path]
%SYSTEMROOT%\system32
%SYSTEMROOT%
%SYSTEMROOT%\COMMAND
C:\PROGRA~1\DELL\RESOLU~1\COMMON\BIN
C:\ProgramFiles\CommonFiles\RoxioShared\DLLShared
%SYSTEMROOT%\system32\WBEM
C:\Program Files\QuickTime\QTSystem\
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT]
.COM
.EXE
.BAT
.CMD
.VBS
.VBE
.JS
.JSE
.WSF
.WSH
>>>>> WOW Settings <<<<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
cmdline = %SystemRoot%\system32\ntvdm.exe
wowcmdline = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
>>>>> SafeBoot Option Settings <<<<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]
>>>>> User Agent Post Platform <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
iebar =
>>>>> File Associations <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\]
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.hta [@ = htafile] -> PersistentHandler = Reg Data - Key not found
.html [@ = FirefoxHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found
>>>>> Registry Shell Spawning <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -> "%1" %* (File not found)
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -> "%1" %* (File not found)
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -> "%1" %* (File not found)
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -> "%1" %* (File not found)
htafile [open] -> C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -> "E:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" "%1" (Microsoft Corporation)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\iexplore.exe" "%1" (Microsoft Corporation)
htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -> C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" -requestPending (Mozilla Corporation)
https [open] -> C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" -requestPending (Mozilla Corporation)
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL "%l" (Microsoft Corporation)
InternetShortcut [print] -> rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -> "%1" %* (File not found)
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -> regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -> Reg Data - Key not found
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -> "%1" (File not found)
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -> "%1" /S (File not found)
txtfile [edit] -> Reg Data - Key not found
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" "%1" (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" (File not found)
>>>>> ActiveX StubPath settings <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\^RNA]
StubPath = rundll rnasetup.dll,installoptionalcomponent rna
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
StubPath =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
StubPath =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4395}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
StubPath = C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CA0A4247-44BE-11d1-A005-00805F8ABE06}]
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
StubPath = C:\WINDOWS\system32\ieudinit.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
>>>>> TCP/IP Configuration <<<<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EE47131A-0FFC-442D-8ED0-7593B1305921}] ( CNet PRO200 PCI Fast Ethernet Adapter )
DefaultGateway =
DhcpDefaultGateway = 192.168.1.1;
DhcpIPAddress = 192.168.1.100
DhcpNameServer = 24.140.1.3 24.140.1.2
DhcpServer = 192.168.1.1
DhcpSubnetMask = 255.255.255.0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;
>>>>> WinSock2 Parameters <<<<<
>>>>> Default Protocols [HKLM] <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
@ivt - 1 = Local intranet
file - 3 = Internet
ftp - 3 = Internet
http - 3 = Internet
https - 3 = Internet
shell - 0 = Computer
>>>>> Protocol Handlers <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vnd.ms.radio]
CLSID = {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - ( HKLM = C:\WINDOWS\SYSTEM32\msdxm.ocx () )
>>>>> Protocol Filters <<<<<
>>>>> Downloaded Program Files <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\DownloadInformation]
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab
INF = C:\WINDOWS\Downloaded Program Files\QTPlugin.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{09C6CAC0-936E-40A0-BC26-707480103DC3}\DownloadInformation]
CODEBASE = http://www.uproar.com/applets/activex/shiz...pside_web18.cab
INF = C:\WINDOWS\Downloaded Program Files\flipside_webmoo.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\DownloadInformation]
CODEBASE = http://go.microsoft.com/fwlink/?LinkID=39204
INF = C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2042B57E-6336-459E-B7CE-2A0F6C9E6AF8}\DownloadInformation]
CODEBASE = http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{215B8138-A3CF-44C5-803F-8226143CFC0A}\DownloadInformation]
CODEBASE = http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
INF = C:\WINDOWS\Downloaded Program Files\hcImpl.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}\DownloadInformation]
CODEBASE = http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\DownloadInformation]
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
INF = C:\WINDOWS\Downloaded Program Files\yinst.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33288993-5664-11D4-8B5B-00D0B73B3518}\DownloadInformation]
CODEBASE = http://aol.ea.com/downloads/games/common/ieell.cab
INF = C:\WINDOWS\Downloaded Program Files\ieell.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}\DownloadInformation]
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab
INF = C:\WINDOWS\Downloaded Program Files\opuc.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06}\DownloadInformation]
CODEBASE = https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab
INF = C:\WINDOWS\Downloaded Program Files\NeoterisSetup.INF
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{525A15D0-4938-11D4-94C7-0050DA20189B}\DownloadInformation]
CODEBASE = http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab
INF = C:\WINDOWS\Downloaded Program Files\iesnoopy.INF
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5ED80217-570B-4DA9-BF44-BE107C0EC166}\DownloadInformation]
CODEBASE = http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
INF = C:\WINDOWS\Downloaded Program Files\wlscBase.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{62475759-9E84-458E-A1AB-5D2C442ADFDE}\DownloadInformation]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{72770C4F-967D-4517-982B-92D6B9015649}\DownloadInformation]
CODEBASE = http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0
INF = C:\WINDOWS\Downloaded Program Files\DigWebX.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\DownloadInformation]
CODEBASE = http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab
INF = C:\WINDOWS\Downloaded Program Files\xscan.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\DownloadInformation]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7908.7810648148
INF = C:\WINDOWS\Downloaded Program Files\iuctl.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B9A296D4-38AC-4566-8168-F7ACAF7D35E6}\DownloadInformation]
CODEBASE = http://imlive.com/ChatSource/gVideoContol.cab
INF = C:\WINDOWS\Downloaded Program Files\gVideoContol.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/products/plugin/autodl...indows-i586.cab
INF =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation]
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab
INF = C:\WINDOWS\Downloaded Program Files\swflash.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D719897A-B07A-4C0C-AEA9-9B663A28DFCB}\DownloadInformation]
CODEBASE = http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
INF = C:\WINDOWS\Downloaded Program Files\ITDetector.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}\DownloadInformation]
CODEBASE = http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab
INF = C:\WINDOWS\Downloaded Program Files\mcfscan.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation]
CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso4.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
»»»»»»»»»»»»»»»»»»»» Files / Folders Created Within 30 Days »»»»»»»»»»»»»
C:\$VAULT$.AVG [Folder | Created Date = 6/7/2007 7:52:38 PM | Attr = RH ]
C:\A1VirusTools [Folder | Created Date = 5/29/2007 8:41:50 PM | Attr = ]
C:\VundoFix Backups [Folder | Created Date = 5/29/2007 8:45:08 PM | Attr = ]
C:\HijackThis [Folder | Created Date = 5/30/2007 8:16:16 PM | Attr = ]
C:\QooBox [Folder | Created Date = 6/4/2007 7:22:56 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe [Ver = | Size = 57344 bytes | Created Date = 6/1/2007 3:05:01 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\avg7 [Folder | Created Date = 6/7/2007 6:46:28 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Grisoft [Folder | Created Date = 6/7/2007 6:46:28 PM | Attr = ]
C:\Documents and Settings\Administrator\Application Data\Microsoft [Folder | Created Date = 5/25/2007 12:19:34 PM | Attr = S]
C:\Documents and Settings\Administrator\Application Data\desktop.ini [Ver = | Size = 62 bytes | Created Date = 5/25/2007 12:19:35 PM | Attr = HS]
C:\Documents and Settings\Administrator\Application Data\Lavasoft [Folder | Created Date = 5/25/2007 6:07:08 PM | Attr = ]
C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder [Folder | Created Date = 5/30/2007 9:10:26 PM | Attr = ]
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft [Folder | Created Date = 5/25/2007 12:19:34 PM | Attr = ]
C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [Ver = | Size = 122928 bytes | Created Date = 5/25/2007 12:19:35 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\iTunes.lnk [Ver = | Size = 2055 bytes | Created Date = 5/15/2007 10:31:55 AM | Attr = ]
C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [Ver = | Size = 1518 bytes | Created Date = 5/15/2007 10:26:54 AM | Attr = ]
C:\Documents and Settings\All Users\Desktop\Age of Mythology - The Titans Expansion.lnk [Ver = | Size = 848 bytes | Created Date = 6/6/2007 11:59:37 AM | Attr = ]
C:\Documents and Settings\All Users\Desktop\AVG 7.5.lnk [Ver = | Size = 1446 bytes | Created Date = 6/7/2007 6:46:47 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\Ad-Aware SE Personal.lnk [Ver = | Size = 1735 bytes | Created Date = 5/25/2007 2:58:36 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk [Ver = | Size = 700 bytes | Created Date = 5/25/2007 12:19:35 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\New Microsoft Word Document.doc [Ver = | Size = 10752 bytes | Created Date = 5/30/2007 9:15:29 PM | Attr = ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk [Ver = | Size = 714 bytes | Created Date = 5/30/2007 6:18:58 PM | Attr = ]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini [Ver = | Size = 84 bytes | Created Date = 5/25/2007 12:19:35 PM | Attr = HS]
C:\Program Files\Common Files\Wise Installation Wizard [Folder | Created Date = 5/25/2007 2:53:51 PM | Attr = ]
C:\Program Files\Common Files\Download Manager [Folder | Created Date = 5/31/2007 3:54:48 PM | Attr = ]
C:\WINDOWS\temp [Folder | Created Date = 6/8/2007 8:39:43 AM | Attr = ]
C:\WINDOWS\erdnt [Folder | Created Date = 6/4/2007 7:24:29 PM | Attr = ]
C:\WINDOWS\nircmd.exe NirSoft [Ver = 1.85 | Size = 49152 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ]
C:\WINDOWS\catchme.exe [Ver = | Size = 87040 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ]
C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Created Date = 6/3/2007 11:07:44 AM | Attr = H ]
C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Created Date = 6/3/2007 11:07:44 AM | Attr = ]
C:\WINDOWS\$NtUninstallKB927891$ [Folder | Created Date = 5/23/2007 3:02:53 PM | Attr = H ]
C:\WINDOWS\System32\gjwkcjpk.ini [Ver = | Size = 833461 bytes | Created Date = 5/19/2007 2:17:06 PM | Attr = HS]
C:\WINDOWS\System32\rwehfyhq.ini [Ver = | Size = 1102487 bytes | Created Date = 6/1/2007 6:32:07 PM | Attr = HS]
C:\WINDOWS\System32\swxcacls.exe SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ]
C:\WINDOWS\System32\kfigpqty.ini [Ver = | Size = 1101969 bytes | Created Date = 6/1/2007 8:57:18 AM | Attr = HS]
C:\WINDOWS\System32\swsc.exe SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ]
C:\WINDOWS\System32\moveex.exe [Ver = | Size = 38400 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ]
C:\WINDOWS\System32\mcrh.tmp [Ver = | Size = 0 bytes | Created Date = 5/20/2007 8:49:55 PM | Attr = ]
C:\WINDOWS\System32\ueybfgbt.ini [Ver = | Size = 1067647 bytes | Created Date = 5/30/2007 8:54:24 PM | Attr = HS]
C:\WINDOWS\System32\vfind.exe [Ver = | Size = 49152 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ]
C:\WINDOWS\System32\swreg.exe SteelWerX [Ver = 2.0.1.6 | Size = 428032 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ]
C:\WINDOWS\System32\WNASPI32.DLL Adaptec [Ver = 4.60 (1021) | Size = 45056 bytes | Created Date = 6/1/2007 2:29:38 PM | Attr = ]
C:\WINDOWS\System32\tkvogcyj.ini [Ver = | Size = 828142 bytes | Created Date = 5/21/2007 3:29:39 PM | Attr = HS]
C:\WINDOWS\System32\avjdrupo.dll [Ver = | Size = 131604 bytes | Created Date = 5/24/2007 3:26:13 PM | Attr = ]
C:\WINDOWS\System32\owqstluj.ini [Ver = | Size = 591923 bytes | Created Date = 5/23/2007 6:16:09 AM | Attr = HS]
C:\WINDOWS\System32\wshfhgxl.ini [Ver = | Size = 1010895 bytes | Created Date = 5/24/2007 2:12:01 PM | Attr = HS]
C:\WINDOWS\System32\gsaiijkj.exe [Ver = | Size = 121194 bytes | Created Date = 5/25/2007 8:39:26 AM | Attr = ]
C:\WINDOWS\System32\ivqaqpvx.ini [Ver = | Size = 1011255 bytes | Created Date = 5/24/2007 10:00:29 PM | Attr = HS]
C:\WINDOWS\System32\qhyfhewr.dll [Ver = | Size = 131124 bytes | Created Date = 6/1/2007 6:32:06 PM | Attr = ]
C:\WINDOWS\System32\xjs.dll [Ver = | Size = 60928 bytes | Created Date = 5/25/2007 3:42:38 PM | Attr = ]
C:\WINDOWS\System32\ClickToFindandFixErrors_US.ico [Ver = | Size = 2238 bytes | Created Date = 5/25/2007 3:46:09 PM | Attr = ]
C:\WINDOWS\System32\xvid-uninstall.exe [Ver = | Size = 43602 bytes | Created Date = 6/1/2007 6:25:22 PM | Attr = ]
C:\WINDOWS\System32\drivers\ASPI32.SYS Adaptec [Ver = 4.60 (1021) | Size = 25244 bytes | Created Date = 6/1/2007 2:29:38 PM | Attr = ]
C:\WINDOWS\System32\drivers\avg7core.sys GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Created Date = 6/7/2007 6:46:39 PM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsw.sys GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 6/7/2007 6:46:42 PM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsxp.sys GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 6/7/2007 6:46:43 PM | Attr = ]
C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Created Date = 6/7/2007 6:46:45 PM | Attr = ]
C:\WINDOWS\System32\drivers\avgtdi.sys GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 6/7/2007 6:46:45 PM | Attr = ]
C:\WINDOWS\System32\drivers\avgclean.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 6/7/2007 6:46:45 PM | Attr = ]
»»»»»»»»»»»»»»»»»»»» Files / Folders Modified Within 30 Days »»»»»»»»»»»»»
C:\$VAULT$.AVG [Folder | Modified Date = 6/7/2007 8:52:40 PM | Attr = RH ]
C:\A1VirusTools [Folder | Modified Date = 5/29/2007 9:41:52 PM | Attr = ]
C:\VundoFix Backups [Folder | Modified Date = 5/29/2007 9:45:10 PM | Attr = ]
C:\HijackThis [Folder | Modified Date = 5/30/2007 9:16:18 PM | Attr = ]
C:\QooBox [Folder | Modified Date = 6/4/2007 8:22:58 PM | Attr = ]
C:\boot.ini [Ver = | Size = 217 bytes | Modified Date = 5/30/2007 7:19:18 PM | Attr = HS]
C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe [Ver = | Size = 57344 bytes | Modified Date = 6/1/2007 4:05:02 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\avg7 [Folder | Modified Date = 6/7/2007 7:46:30 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Grisoft [Folder | Modified Date = 6/7/2007 7:46:30 PM | Attr = ]
C:\Documents and Settings\Administrator\Application Data\Lavasoft [Folder | Modified Date = 5/25/2007 7:07:10 PM | Attr = ]
C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder [Folder | Modified Date = 5/30/2007 10:10:28 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\iTunes.lnk [Ver = | Size = 2055 bytes | Modified Date = 5/17/2007 8:19:24 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [Ver = | Size = 1518 bytes | Modified Date = 5/15/2007 11:26:56 AM | Attr = ]
C:\Documents and Settings\All Users\Desktop\Age of Mythology - The Titans Expansion.lnk [Ver = | Size = 848 bytes | Modified Date = 6/6/2007 12:59:40 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\AVG 7.5.lnk [Ver = | Size = 1446 bytes | Modified Date = 6/7/2007 7:46:48 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\Ad-Aware SE Personal.lnk [Ver = | Size = 1735 bytes | Modified Date = 5/25/2007 3:58:38 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\New Microsoft Word Document.doc [Ver = | Size = 10752 bytes | Modified Date = 5/30/2007 10:15:30 PM | Attr = ]
C:\Program Files\Common Files\Wise Installation Wizard [Folder | Modified Date = 5/25/2007 3:53:52 PM | Attr = ]
C:\Program Files\Common Files\Download Manager [Folder | Modified Date = 5/31/2007 4:54:50 PM | Attr = ]
C:\WINDOWS\SIERRA.INI [Ver = | Size = 936 bytes | Modified Date = 5/11/2007 4:57:36 PM | Attr = ]
C:\WINDOWS\encore_launcher.ini [Ver = | Size = 174 bytes | Modified Date = 5/12/2007 9:25:50 AM | Attr = ]
C:\WINDOWS\HPQCOPY.INI [Ver = | Size = 286 bytes | Modified Date = 6/4/2007 11:48:50 AM | Attr = ]
C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 6/9/2007 6:26:10 PM | Attr = S]
C:\WINDOWS\temp [Folder | Modified Date = 6/8/2007 9:39:44 AM | Attr = ]
C:\WINDOWS\EReg072.dat [Ver = | Size = 2498 bytes | Modified Date = 6/8/2007 12:05:02 PM | Attr = ]
C:\WINDOWS\erdnt [Folder | Modified Date = 6/4/2007 8:24:30 PM | Attr = ]
C:\WINDOWS\catchme.exe [Ver = | Size = 87040 bytes | Modified Date = 5/28/2007 4:23:12 AM | Attr = ]
C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Modified Date = 6/3/2007 12:07:46 PM | Attr = H ]
C:\WINDOWS\system.ini [Ver = | Size = 716 bytes | Modified Date = 5/30/2007 7:19:18 PM | Attr = ]
C:\WINDOWS\win.ini [Ver = | Size = 2707 bytes | Modified Date = 5/30/2007 7:19:18 PM | Attr = ]
C:\WINDOWS\NeroDigital.ini [Ver = | Size = 229 bytes | Modified Date = 6/6/2007 12:44:30 PM | Attr = ]
C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Modified Date = 6/3/2007 12:07:46 PM | Attr = ]
C:\WINDOWS\DUMP35c9.tmp [Ver = | Size = 98304 bytes | Modified Date = 5/30/2007 7:57:52 PM | Attr = ]
C:\WINDOWS\$NtUninstallKB927891$ [Folder | Modified Date = 5/23/2007 4:02:54 PM | Attr = H ]
C:\WINDOWS\System32\gjwkcjpk.ini [Ver = | Size = 833461 bytes | Modified Date = 5/20/2007 7:32:18 PM | Attr = HS]
C:\WINDOWS\System32\rwehfyhq.ini [Ver = | Size = 1102487 bytes | Modified Date = 6/4/2007 12:22:50 PM | Attr = HS]
C:\WINDOWS\System32\kfigpqty.ini [Ver = | Size = 1101969 bytes | Modified Date = 6/1/2007 7:23:36 PM | Attr = HS]
C:\WINDOWS\System32\SIntf32.dll [Ver = | Size = 17212 bytes | Modified Date = 5/14/2007 3:57:24 PM | Attr = ]
C:\WINDOWS\System32\mcrh.tmp [Ver = | Size = 0 bytes | Modified Date = 6/2/2007 7:33:58 PM | Attr = ]
C:\WINDOWS\System32\SIntfNT.dll [Ver = | Size = 21840 bytes | Modified Date = 5/14/2007 3:57:24 PM | Attr = ]
C:\WINDOWS\System32\nvapps.xml [Ver = | Size = 43094 bytes | Modified Date = 6/9/2007 6:23:54 PM | Attr = ]
C:\WINDOWS\System32\ueybfgbt.ini [Ver = | Size = 1067647 bytes | Modified Date = 6/1/2007 9:56:24 AM | Attr = HS]
C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 13646 bytes | Modified Date = 6/9/2007 6:23:40 PM | Attr = ]
C:\WINDOWS\System32\perfc009.dat [Ver = | Size = 38604 bytes | Modified Date = 5/18/2007 9:09:14 AM | Attr = ]
C:\WINDOWS\System32\perfh009.dat [Ver = | Size = 308222 bytes | Modified Date = 5/18/2007 9:09:14 AM | Attr = ]
C:\WINDOWS\System32\tkvogcyj.ini [Ver = | Size = 828142 bytes | Modified Date = 5/22/2007 3:04:00 PM | Attr = HS]
C:\WINDOWS\System32\avjdrupo.dll [Ver = | Size = 131604 bytes | Modified Date = 5/24/2007 4:26:18 PM | Attr = ]
C:\WINDOWS\System32\owqstluj.ini [Ver = | Size = 591923 bytes | Modified Date = 5/24/2007 12:10:50 PM | Attr = HS]
C:\WINDOWS\System32\wshfhgxl.ini [Ver = | Size = 1010895 bytes | Modified Date = 5/24/2007 11:00:40 PM | Attr = HS]
C:\WINDOWS\System32\gsaiijkj.exe [Ver = | Size = 121194 bytes | Modified Date = 5/25/2007 9:39:28 AM | Attr = ]
C:\WINDOWS\System32\ivqaqpvx.ini [Ver = | Size = 1011255 bytes | Modified Date = 5/25/2007 12:44:56 PM | Attr = HS]
C:\WINDOWS\System32\qhyfhewr.dll [Ver = | Size = 131124 bytes | Modified Date = 6/1/2007 7:32:08 PM | Attr = ]
C:\WINDOWS\System32\xjs.dll [Ver = | Size = 60928 bytes | Modified Date = 5/21/2007 9:59:50 AM | Attr = ]
C:\WINDOWS\System32\mmf.sys [Ver = | Size = 777 bytes | Modified Date = 6/1/2007 4:04:38 PM | Attr = HS]
C:\WINDOWS\System32\SIntf16.dll [Ver = | Size = 12067 bytes | Modified Date = 5/14/2007 3:57:22 PM | Attr = ]
C:\WINDOWS\System32\PerfStringBackup.INI [Ver = | Size = 347886 bytes | Modified Date = 5/18/2007 9:09:14 AM | Attr = ]
C:\WINDOWS\System32\ClickToFindandFixErrors_US.ico [Ver = | Size = 2238 bytes | Modified Date = 5/25/2007 4:46:10 PM | Attr = ]
C:\WINDOWS\System32\xvid-uninstall.exe [Ver = | Size = 43602 bytes | Modified Date = 6/1/2007 7:30:00 PM | Attr = ]
C:\WINDOWS\System32\drivers\avg7core.sys GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 6/7/2007 7:46:40 PM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsw.sys GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 6/7/2007 7:46:44 PM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsxp.sys GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 6/7/2007 7:46:44 PM | Attr = ]
C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Modified Date = 6/7/2007 7:46:46 PM | Attr = ]
C:\WINDOWS\System32\drivers\avgtdi.sys GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 6/7/2007 7:46:46 PM | Attr = ]
C:\WINDOWS\System32\drivers\avgclean.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 6/7/2007 7:46:46 PM | Attr = ]
»»»»»»»»»»»»»»»»»»»» File String Scan (Non-Microsoft Only) »»»»»
[Thawte Consulting , ]C:\iaplayer_2.05.10.0325.exe ()
[uPX! , UPX0 , ]C:\FxMydoom.exe (Symantec Corporation)
[Thawte Consulting , ]C:\GoogleEarth.exe (InstallShield Software Corporation)
[uPX! , UPX0 , ]C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe ()
[Thawte Consulting , USERTRUST , ]C:\WINDOWS\SYSTEM.NAV ()
[uPX! , UPX0 , ]C:\WINDOWS\System32\UC3D.scr ()
[PEC2 , ]C:\WINDOWS\System32\dfrg.msc ()
[winsync , ]C:\WINDOWS\System32\wbdbase.deu ()
[uPX! , UPX0 , ]C:\WINDOWS\System32\avisynth.dll (The Public)
[uPX! , ]C:\WINDOWS\System32\qhyfhewr.dll ()
[PEC2 , PECompact2 , ]C:\WINDOWS\System32\xjs.dll ()
[uPX0 , WSUD , ]C:\WINDOWS\System32\dllcache\hwxjpn.dll ()
[aspack , FSG! , PEC2 , UPX! , ]C:\WINDOWS\System32\drivers\avg7core.sys (GRISOFT, s.r.o.)
< End of report >
-
Open Hijackthis and click scan. Then check mark the following entries
O2 - BHO: (no name) - {13F42AE3-5DB0-4D06-92BC-80E527371E37} - C:\WINDOWS\system32\nkfqldcl.dll (file missing)
O2 - BHO: (no name) - {6826CC2B-8872-4FD8-AB86-5EB29702AE66} - C:\WINDOWS\system32\vtspq.dll (file missing)
O2 - BHO: (no name) - {955C3849-D3A9-BD2B-D909-89ADABCC7797} - C:\WINDOWS\system32\xjs.dll
O2 - BHO: (no name) - {BEA4543D-E96F-475B-8F30-C29924A74973} - C:\WINDOWS\system32\yabxy.dll (file missing)
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Rp0uI.exe] C:\documents and settings\collin\local settings\temp\Rp0uI.exe
O4 - HKLM\..\Run: [Rp0uI] C:\documents and settings\collin\local settings\temp\Rp0uI.exe
O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
Now close all open windows except Hijackthis and click fix checked
Then post a new Hijackthis log here in a reply.
Logfile of HijackThis v1.99.1
Scan saved at 3:06:36 PM, on 6/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Program Files\Messenger\msmsgs.exe
E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE
C:\HijackThis\HJT.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13F42AE3-5DB0-4D06-92BC-80E527371E37} - C:\WINDOWS\system32\nkfqldcl.dll (file missing)
O2 - BHO: (no name) - {6826CC2B-8872-4FD8-AB86-5EB29702AE66} - C:\WINDOWS\system32\vtspq.dll (file missing)
O2 - BHO: (no name) - {955C3849-D3A9-BD2B-D909-89ADABCC7797} - C:\WINDOWS\system32\xjs.dll
O2 - BHO: (no name) - {BEA4543D-E96F-475B-8F30-C29924A74973} - C:\WINDOWS\system32\yabxy.dll (file missing)
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [systemTray] SysTray.Exe
O4 - HKLM\..\Run: [Rp0uI.exe] C:\documents and settings\collin\local settings\temp\Rp0uI.exe
O4 - HKLM\..\Run: [Rp0uI] C:\documents and settings\collin\local settings\temp\Rp0uI.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)
O11 - Options group: [iNTERNATIONAL] International*
O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
-
"default" - 2007-06-04 20:38:30 Service Pack 2
ComboFix 07-06-3 - Running from: "C:\A1VirusTools\"
((((((((((((((((((((((((( Files Created from 2007-05-05 to 2007-06-05 )))))))))))))))))))))))))))))))
2007-06-01 20:06 2,580 --a------ C:\WINDOWS\SYSTEM32\wpfigkui.exe
2007-06-01 19:45 2,580 --a------ C:\WINDOWS\SYSTEM32\fdknxack.exe
2007-06-01 19:32 131,124 --a------ C:\WINDOWS\SYSTEM32\qhyfhewr.dll
2007-06-01 19:25 43,602 --a------ C:\WINDOWS\SYSTEM32\xvid-uninstall.exe
2007-06-01 16:07 28,160 --a------ C:\WINDOWS\SYSTEM32\sysmon32.exe
2007-06-01 16:05 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\ypwfkzup.exe
2007-06-01 16:04 28,160 --a------ C:\WINDOWS\SYSTEM32\winsys64.exe
2007-06-01 15:29 5,600 --a------ C:\WINDOWS\SYSTEM\WINASPI.DLL
2007-06-01 15:29 45,056 --a------ C:\WINDOWS\SYSTEM32\WNASPI32.DLL
2007-06-01 15:29 4,672 --a------ C:\WINDOWS\SYSTEM\WOWPOST.EXE
2007-06-01 15:29 25,244 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS
2007-05-31 16:54 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-05-30 22:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Share-to-Web Upload Folder
2007-05-30 21:16 <DIR> d-------- C:\HijackThis
2007-05-30 19:38 <DIR> d-------- C:\DOCUME~1\default\.housecall6.6
2007-05-30 19:23 1,060,864 --a------ C:\WINDOWS\SYSTEM32\MFC71.dll
2007-05-29 21:45 <DIR> d-------- C:\VundoFix Backups
2007-05-29 21:41 <DIR> d-------- C:\A1VirusTools
2007-05-25 19:07 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-05-25 16:42 60,928 --a------ C:\WINDOWS\SYSTEM32\xjs.dll
2007-05-25 15:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-25 14:58 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Talkback
2007-05-25 13:19 2,359,296 --ah----- C:\DOCUME~1\ADMINI~1\ntuser.dat
2007-05-25 09:39 121,194 --a------ C:\WINDOWS\SYSTEM32\gsaiijkj.exe
2007-05-24 16:26 131,604 --a------ C:\WINDOWS\SYSTEM32\avjdrupo.dll
2007-05-19 15:53 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-05-15 11:31 <DIR> d-------- C:\Program Files\iPod
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-01 20:04:38 777 --sha-w C:\WINDOWS\system32\mmf.sys
2007-05-14 19:57:24 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
2007-05-14 19:57:24 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
2007-05-14 19:57:22 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
2007-04-28 19:54:08 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-04-28 18:36:02 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-04-20 21:53:04 4,096 ----a-w C:\WINDOWS\system32\drivers\nocashio.sys
2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-01 17:21:16 19,884 ----a-w C:\WINDOWS\mozver.dat
2007-03-31 16:28:32 2,421 ----a-w C:\WINDOWS\eReg.dat
2007-03-17 13:43:02 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{13F42AE3-5DB0-4D06-92BC-80E527371E37}=C:\WINDOWS\system32\nkfqldcl.dll []
{6826CC2B-8872-4FD8-AB86-5EB29702AE66}=C:\WINDOWS\system32\vtspq.dll []
{955C3849-D3A9-BD2B-D909-89ADABCC7797}=C:\WINDOWS\system32\xjs.dll [2007-05-21 09:59]
{BEA4543D-E96F-475B-8F30-C29924A74973}=C:\WINDOWS\system32\yabxy.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe" [2004-08-04 12:00 C:\WINDOWS\SYSTEM32\systray.exe]
"Rp0uI.exe"="C:\documents and settings\collin\local settings\temp\Rp0uI.exe" []
"Rp0uI"="C:\documents and settings\collin\local settings\temp\Rp0uI.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe" [2005-11-02 22:01]
"nwiz"="nwiz.exe" []
"FLMK08KB"="E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE" [2006-08-04 18:04]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"ypwfkzup.exe"="C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe" [2007-06-01 16:05]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"PhotoShow Deluxe Media Manager"="E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2004-11-11 21:50]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"=0 (0x0)
"Btn_Forward"=0 (0x0)
"Btn_Stop"=0 (0x0)
"Btn_Refresh"=0 (0x0)
"Btn_Home"=0 (0x0)
"Btn_Search"=0 (0x0)
"Btn_History"=0 (0x0)
"Btn_Favorites"=0 (0x0)
"Btn_Folders"=0 (0x0)
"Btn_Fullscreen"=0 (0x0)
"Btn_Tools"=0 (0x0)
"Btn_MailNews"=0 (0x0)
"Btn_Size"=0 (0x0)
"Btn_Print"=0 (0x0)
"Btn_Edit"=0 (0x0)
"Btn_Discussions"=0 (0x0)
"Btn_Cut"=0 (0x0)
"Btn_Copy"=0 (0x0)
"Btn_Paste"=0 (0x0)
"Btn_Encoding"=0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"=0 (0x0)
"Btn_Forward"=0 (0x0)
"Btn_Stop"=0 (0x0)
"Btn_Refresh"=0 (0x0)
"Btn_Home"=0 (0x0)
"Btn_Search"=0 (0x0)
"Btn_History"=0 (0x0)
"Btn_Favorites"=0 (0x0)
"Btn_Folders"=0 (0x0)
"Btn_Fullscreen"=0 (0x0)
"Btn_Tools"=0 (0x0)
"Btn_MailNews"=0 (0x0)
"Btn_Size"=0 (0x0)
"Btn_Print"=0 (0x0)
"Btn_Edit"=0 (0x0)
"Btn_Discussions"=0 (0x0)
"Btn_Cut"=0 (0x0)
"Btn_Copy"=0 (0x0)
"Btn_Paste"=0 (0x0)
"Btn_Encoding"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Norton eMail Protect"=C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
"Norton Auto-Protect"=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"RxMon"=C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
"MadExe"=C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HPDJ Taskbar Utility"=C:\WINDOWS\SYSTEM32\hpztsb05.exe
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
"projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
"ViewMgr"=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
"kdx"=C:\WINDOWS\KDX\KHOST.EXE
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NAV DefAlert"=C:\PROGRA~1\NORTON~1\DEFALERT.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
Contents of the 'Scheduled Tasks' folder
2007-06-02 23:00:02 C:\WINDOWS\tasks\Tune-up Application Start.job
2007-06-05 00:08:02 C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
2007-06-02 00:00:02 C:\WINDOWS\tasks\Scan for Viruses.job
2003-06-26 17:16:10 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#Deskjet#3420.job
2007-06-02 05:00:02 C:\WINDOWS\tasks\Maintenance-Defragment programs.job
2007-06-02 17:35:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-01-01 04:30:02 C:\WINDOWS\tasks\Maintenance-Disk cleanup.job
2007-04-14 17:05:02 C:\WINDOWS\tasks\Run LiveUpdate (for Norton AntiVirus).job
**************************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-04 20:42:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Files hidden from API:
C:\WINDOWS\.yohoho
C:\WINDOWS\.file_store_32
C:\WINDOWS\.javaws
C:\WINDOWS\.java
C:\WINDOWS\.plugin141_02.trace
C:\WINDOWS\.jpi_cache
Completion time: 2007-06-04 20:45:50
C:\ComboFix-quarantined-files1.txt ... 2007-06-04 20:28
C:\ComboFix-quarantined-files.txt ... 2007-06-04 20:43
--- E O F ---
////////////////////
Logfile of HijackThis v1.99.1
Scan saved at 8:48:48 PM, on 6/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\ComboFix\29860.cfexe
C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe
C:\Program Files\Messenger\msmsgs.exe
E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\HijackThis\HJT.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13F42AE3-5DB0-4D06-92BC-80E527371E37} - C:\WINDOWS\system32\nkfqldcl.dll (file missing)
O2 - BHO: (no name) - {6826CC2B-8872-4FD8-AB86-5EB29702AE66} - C:\WINDOWS\system32\vtspq.dll (file missing)
O2 - BHO: (no name) - {955C3849-D3A9-BD2B-D909-89ADABCC7797} - C:\WINDOWS\system32\xjs.dll
O2 - BHO: (no name) - {BEA4543D-E96F-475B-8F30-C29924A74973} - C:\WINDOWS\system32\yabxy.dll (file missing)
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [systemTray] SysTray.Exe
O4 - HKLM\..\Run: [Rp0uI.exe] C:\documents and settings\collin\local settings\temp\Rp0uI.exe
O4 - HKLM\..\Run: [Rp0uI] C:\documents and settings\collin\local settings\temp\Rp0uI.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)
O11 - Options group: [iNTERNATIONAL] International*
O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
-
Run Vundofix again by following these instructions...
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
VundoFix V6.4.1
Checking Java version...
Scan started at 9:45:09 PM 5/29/2007
Listing files found while scanning....
C:\WINDOWS\SYSTEM32\avkqervu.ini
C:\WINDOWS\SYSTEM32\ddcyyvw.dll
C:\WINDOWS\SYSTEM32\dirqxuhf.ini
C:\WINDOWS\SYSTEM32\dtcplriw.ini
C:\WINDOWS\SYSTEM32\fhuxqrid.dll
C:\WINDOWS\SYSTEM32\gihheywn.ini
C:\WINDOWS\SYSTEM32\iifedef.dll
C:\WINDOWS\SYSTEM32\khfccbb.dll
C:\WINDOWS\SYSTEM32\knoqr.ini
C:\WINDOWS\SYSTEM32\lstfuotn.ini
C:\WINDOWS\SYSTEM32\mmipvwqw.dll
C:\WINDOWS\SYSTEM32\nnnnmkj.dll
C:\WINDOWS\system32\ntouftsl.dll
C:\WINDOWS\SYSTEM32\nwyehhig.dll
C:\WINDOWS\SYSTEM32\olimlvas.ini
C:\WINDOWS\SYSTEM32\pmnkkhg.dll
C:\WINDOWS\SYSTEM32\qomklki.dll
C:\WINDOWS\SYSTEM32\rqonk.dll
C:\WINDOWS\SYSTEM32\rqrrsqo.dll
C:\WINDOWS\SYSTEM32\savlmilo.dll
C:\WINDOWS\SYSTEM32\ssqolki.dll
C:\WINDOWS\SYSTEM32\uvreqkva.dll
C:\WINDOWS\SYSTEM32\wirlpctd.dll
C:\WINDOWS\SYSTEM32\wvuusqq.dll
C:\WINDOWS\SYSTEM32\wvuvtqq.dll
C:\WINDOWS\system32\yabxy.dll
C:\WINDOWS\SYSTEM32\yxbay.bak1
C:\WINDOWS\SYSTEM32\yxbay.bak2
C:\WINDOWS\SYSTEM32\yxbay.ini
C:\WINDOWS\SYSTEM32\yxbay.ini2
C:\WINDOWS\SYSTEM32\yxbay.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\SYSTEM32\avkqervu.ini
C:\WINDOWS\SYSTEM32\avkqervu.ini Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\ddcyyvw.dll
C:\WINDOWS\SYSTEM32\ddcyyvw.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\dirqxuhf.ini
C:\WINDOWS\SYSTEM32\dirqxuhf.ini Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\dtcplriw.ini
C:\WINDOWS\SYSTEM32\dtcplriw.ini Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\fhuxqrid.dll
C:\WINDOWS\SYSTEM32\fhuxqrid.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\gihheywn.ini
C:\WINDOWS\SYSTEM32\gihheywn.ini Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\iifedef.dll
C:\WINDOWS\SYSTEM32\iifedef.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\khfccbb.dll
C:\WINDOWS\SYSTEM32\khfccbb.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\knoqr.ini
C:\WINDOWS\SYSTEM32\knoqr.ini Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\lstfuotn.ini
C:\WINDOWS\SYSTEM32\lstfuotn.ini Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\mmipvwqw.dll
C:\WINDOWS\SYSTEM32\mmipvwqw.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\nnnnmkj.dll
C:\WINDOWS\SYSTEM32\nnnnmkj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ntouftsl.dll
C:\WINDOWS\system32\ntouftsl.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\nwyehhig.dll
C:\WINDOWS\SYSTEM32\nwyehhig.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\olimlvas.ini
C:\WINDOWS\SYSTEM32\olimlvas.ini Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\pmnkkhg.dll
C:\WINDOWS\SYSTEM32\pmnkkhg.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\qomklki.dll
C:\WINDOWS\SYSTEM32\qomklki.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\rqonk.dll
C:\WINDOWS\SYSTEM32\rqonk.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\rqrrsqo.dll
C:\WINDOWS\SYSTEM32\rqrrsqo.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\savlmilo.dll
C:\WINDOWS\SYSTEM32\savlmilo.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\ssqolki.dll
C:\WINDOWS\SYSTEM32\ssqolki.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\uvreqkva.dll
C:\WINDOWS\SYSTEM32\uvreqkva.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\wirlpctd.dll
C:\WINDOWS\SYSTEM32\wirlpctd.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\wvuusqq.dll
C:\WINDOWS\SYSTEM32\wvuusqq.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\wvuvtqq.dll
C:\WINDOWS\SYSTEM32\wvuvtqq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yabxy.dll
C:\WINDOWS\system32\yabxy.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\yxbay.bak1
C:\WINDOWS\SYSTEM32\yxbay.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\yxbay.bak2
C:\WINDOWS\SYSTEM32\yxbay.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\yxbay.ini
C:\WINDOWS\SYSTEM32\yxbay.ini Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\yxbay.ini2
C:\WINDOWS\SYSTEM32\yxbay.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\yxbay.tmp
C:\WINDOWS\SYSTEM32\yxbay.tmp Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.4.1
Checking Java version...
Scan started at 5:41:13 AM 5/30/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.4.1
Checking Java version...
Scan started at 9:33:27 PM 5/30/2007
Listing files found while scanning....
C:\WINDOWS\SYSTEM32\efcdcab.dll
Beginning removal...
Attempting to delete C:\WINDOWS\SYSTEM32\efcdcab.dll
C:\WINDOWS\SYSTEM32\efcdcab.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\SYSTEM32\efcdcab.dll
C:\WINDOWS\SYSTEM32\efcdcab.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
VundoFix V6.4.1
Checking Java version...
Scan started at 7:34:39 PM 5/31/2007
Listing files found while scanning....
VundoFix V6.4.1
Checking Java version...
Scan started at 12:17:31 PM 6/3/2007
Listing files found while scanning....
C:\WINDOWS\SYSTEM32\aehhxoca.dll
C:\WINDOWS\SYSTEM32\cbxuurp.dll
C:\WINDOWS\SYSTEM32\cspqhoih.dll
C:\WINDOWS\SYSTEM32\efcdcab.dll
C:\WINDOWS\SYSTEM32\onleficn.dll
C:\WINDOWS\system32\qpstv.bak1
C:\WINDOWS\system32\qpstv.bak2
C:\WINDOWS\system32\qpstv.ini
C:\WINDOWS\system32\qpstv.ini2
C:\WINDOWS\system32\vtspq.dll
Beginning removal...
Attempting to delete C:\WINDOWS\SYSTEM32\aehhxoca.dll
C:\WINDOWS\SYSTEM32\aehhxoca.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\cbxuurp.dll
C:\WINDOWS\SYSTEM32\cbxuurp.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\cspqhoih.dll
C:\WINDOWS\SYSTEM32\cspqhoih.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\efcdcab.dll
C:\WINDOWS\SYSTEM32\efcdcab.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\onleficn.dll
C:\WINDOWS\SYSTEM32\onleficn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qpstv.bak1
C:\WINDOWS\system32\qpstv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qpstv.bak2
C:\WINDOWS\system32\qpstv.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qpstv.ini
C:\WINDOWS\system32\qpstv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qpstv.ini2
C:\WINDOWS\system32\qpstv.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtspq.dll
C:\WINDOWS\system32\vtspq.dll Has been deleted!
Performing Repairs to the registry.
Done!
//////////////////////////////
Logfile of HijackThis v1.99.1
Scan saved at 2:19:58 PM, on 6/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe
C:\WINDOWS\smgr.exe
C:\Program Files\Messenger\msmsgs.exe
E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HJT.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F545CCB-B856-4AFC-841F-FA0C265508F5} - C:\WINDOWS\system32\oyhfpdoy.dll
O2 - BHO: (no name) - {13F42AE3-5DB0-4D06-92BC-80E527371E37} - C:\WINDOWS\system32\nkfqldcl.dll (file missing)
O2 - BHO: (no name) - {500946D2-A5FC-4BC4-A4FD-D29128AAC1A7} - C:\WINDOWS\system32\oyhfpdoy.dll
O2 - BHO: (no name) - {6826CC2B-8872-4FD8-AB86-5EB29702AE66} - C:\WINDOWS\system32\vtspq.dll (file missing)
O2 - BHO: (no name) - {955C3849-D3A9-BD2B-D909-89ADABCC7797} - C:\WINDOWS\system32\xjs.dll
O2 - BHO: (no name) - {B2030C9A-DE59-457D-A042-D827AD69C8F3} - C:\WINDOWS\system32\efcdcab.dll (file missing)
O2 - BHO: (no name) - {BEA4543D-E96F-475B-8F30-C29924A74973} - C:\WINDOWS\system32\yabxy.dll (file missing)
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\xiakyxib.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [systemTray] SysTray.Exe
O4 - HKLM\..\Run: [Rp0uI.exe] C:\documents and settings\collin\local settings\temp\Rp0uI.exe
O4 - HKLM\..\Run: [Rp0uI] C:\documents and settings\collin\local settings\temp\Rp0uI.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sManager] smanager.7.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\1792016.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvsus.dll,startup
O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\qhyfhewr.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)
O11 - Options group: [iNTERNATIONAL] International*
O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winvvh32 - C:\WINDOWS\SYSTEM32\winvvh32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
- Double-click VundoFix.exe to run it.
-
Go to where you saved Hijackthis.exe (C:\HijackThis\) right click on Hijackthis.exe click rename, rename it to hjt.exe reopen it make a log then post it here in a reply...
Ok, here ya go.
thanks.
Logfile of HijackThis v1.99.1
Scan saved at 10:39:49 AM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe
E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Program Files\QuickTime\qttask.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\TEMP\1792016.exe
C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe
C:\WINDOWS\smgr.exe
C:\Program Files\Messenger\msmsgs.exe
E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HJT.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BE77714-1DA8-4F21-B597-94B2B905790D} - C:\WINDOWS\system32\vtspq.dll
O2 - BHO: (no name) - {0F545CCB-B856-4AFC-841F-FA0C265508F5} - C:\WINDOWS\system32\oyhfpdoy.dll
O2 - BHO: (no name) - {13F42AE3-5DB0-4D06-92BC-80E527371E37} - C:\WINDOWS\system32\nkfqldcl.dll (file missing)
O2 - BHO: (no name) - {500946D2-A5FC-4BC4-A4FD-D29128AAC1A7} - C:\WINDOWS\system32\oyhfpdoy.dll
O2 - BHO: (no name) - {955C3849-D3A9-BD2B-D909-89ADABCC7797} - C:\WINDOWS\system32\xjs.dll
O2 - BHO: (no name) - {B2030C9A-DE59-457D-A042-D827AD69C8F3} - C:\WINDOWS\system32\efcdcab.dll
O2 - BHO: (no name) - {BEA4543D-E96F-475B-8F30-C29924A74973} - C:\WINDOWS\system32\yabxy.dll (file missing)
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\xiakyxib.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [systemTray] SysTray.Exe
O4 - HKLM\..\Run: [Rp0uI.exe] C:\documents and settings\collin\local settings\temp\Rp0uI.exe
O4 - HKLM\..\Run: [Rp0uI] C:\documents and settings\collin\local settings\temp\Rp0uI.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sManager] smanager.7.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\1792016.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvsus.dll,startup
O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\qhyfhewr.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)
O11 - Options group: [iNTERNATIONAL] International*
O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab
O20 - Winlogon Notify: efcdcab - C:\WINDOWS\SYSTEM32\efcdcab.dll
O20 - Winlogon Notify: vtspq - C:\WINDOWS\system32\vtspq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winvvh32 - C:\WINDOWS\SYSTEM32\winvvh32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
-
Hi there,
hope someone can offer advice on removing the Vundo virus from my PC. Spybot, ad-aware and VundoFix all have failed to remove this #@# thing. Here is the HijackThis log. Any help would really be appreciated. Thanks.
/////////////////////////////////////////////////////////////////////
Logfile of HijackThis v1.99.1
Scan saved at 10:19:05 PM, on 5/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\ncsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Program Files\Messenger\msmsgs.exe
E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE
C:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [systemTray] SysTray.Exe
O4 - HKLM\..\Run: [Rp0uI.exe] C:\documents and settings\collin\local settings\temp\Rp0uI.exe
O4 - HKLM\..\Run: [Rp0uI] C:\documents and settings\collin\local settings\temp\Rp0uI.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\tbgfbyeu.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)
O11 - Options group: [iNTERNATIONAL] International*
O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Hijack Log - Needs Help
in Malware Removal
Posted
Much better, Thanks.