briann2501 Posted October 15, 2006 Report Share Posted October 15, 2006 I just ran HijackThis after googling fsndi.exe which seems to be an infected file on my computer. I have the following log, but have no idea which files to fix.Any suggestions?Logfile of HijackThis v1.99.1Scan saved at 4:47:47 PM, on 10/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\pnssosvr.exeC:\Program Files\Multimedia Card Reader\shwicon2k.exeC:\WINDOWS\System32\hphmon05.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\AOL\1127338258\ee\AOLSoftware.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exeC:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exec:\program files\common files\aol\1127338258\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exec:\program files\common files\aol\1127338258\ee\aolsoftware.exeC:\Program Files\AIM\aim.exeC:\Program Files\HP\hpcoretech\comp\hptskmgr.exeC:\WINDOWS\System32\HPZipm12.exeC:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Real\RealOne Player\trueplay.exeC:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America OnlineR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR3 - Default URLSearchHook is missingF2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\fsndi.exeF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,pougtaq.exe,ddjfihw.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dllO2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.6.0\ViewBarBHO.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: (no name) - {B4989AAF-F4DC-46A4-8670-73DEFB28B006} - C:\Program Files\Windows NT\megoqahi.dll (file missing)O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dllO3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.6.0\ViewBar.dllO4 - HKLM\..\Run: [vdrdpup] C:\WINDOWS\System32\rundll32 C:\WINDOWS\System32\vdrdpup.dll,RegisterVirtualChannelO4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exeO4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exeO4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127338258\ee\AOLSoftware.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"O4 - HKLM\..\Run: [bppoxa] C:\WINDOWS\system32\bxlwxc.exe reg_runO4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exeO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exeO4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imAppO4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silentO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [wmwpy] C:\WINDOWS\system32\bxlwxc.exe reg_runO4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBootO4 - HKCU\..\Run: [efpqr] C:\WINDOWS\system32\ojwyjt.exe reg_runO4 - Startup: HP Organize.lnk = ?O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exeO4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exeO4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXEO4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exeO4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htmO8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.htmlO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.htmlO8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBO8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.htmlO8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: *.mris.comO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} - http://www.wildtangent.com/webdrivers/webi...ave/Install.cabO16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dllO16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cabO16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://209.70.180.5/dana-cached/setup/NeoterisSetup.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k00719/sb028.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128823200234O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144286406562O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cabO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cabO16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cabO16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - http://vmwareevents.webex.com/client/v_vmw...ent/ieatgpc.cabO18 - Filter: text/html - (no CLSID) - (no file)O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll (file missing)O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exeO23 - Service: Provision Networks Update Service (PNUpdate) - Provision Networks - C:\WINDOWS\System32\PNUpdate.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Quote Link to post Share on other sites
therock247uk Posted October 15, 2006 Report Share Posted October 15, 2006 Please download Qoofix by RubbeR DuckY from http://www.malwarebytes.org/Qoofix.zipUnzip all files to a convenient location such as C:\Qoofix.Go to the folder you unzipped all files and run Qoofix.exe.Click Begin Removal and wait for the scan to finish.If an infection has been found, select yes to restart your computer.Finally post a new Hijack This log and the contents of the Qoofix logfile. Quote Link to post Share on other sites
briann2501 Posted October 15, 2006 Author Report Share Posted October 15, 2006 Here are the files, thanks for your helpLogfile of HijackThis v1.99.1Scan saved at 6:49:29 PM, on 10/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\HPZipm12.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\pnssosvr.exeC:\Program Files\Multimedia Card Reader\shwicon2k.exeC:\WINDOWS\System32\hphmon05.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\AOL\1127338258\ee\AOLSoftware.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exeC:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exec:\program files\common files\aol\1127338258\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exec:\program files\common files\aol\1127338258\ee\aolsoftware.exeC:\Program Files\HP\hpcoretech\comp\hptskmgr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America OnlineR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR3 - Default URLSearchHook is missingF2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\fsndi.exeF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,pougtaq.exe,ddjfihw.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dllO2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.6.0\ViewBarBHO.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: (no name) - {B4989AAF-F4DC-46A4-8670-73DEFB28B006} - C:\Program Files\Windows NT\megoqahi.dll (file missing)O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dllO3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.6.0\ViewBar.dllO4 - HKLM\..\Run: [vdrdpup] C:\WINDOWS\System32\rundll32 C:\WINDOWS\System32\vdrdpup.dll,RegisterVirtualChannelO4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exeO4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exeO4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127338258\ee\AOLSoftware.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exeO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exeO4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imAppO4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silentO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBootO4 - Startup: HP Organize.lnk = ?O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exeO4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exeO4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXEO4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exeO4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htmO8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.htmlO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.htmlO8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBO8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.htmlO8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: *.mris.comO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} - http://www.wildtangent.com/webdrivers/webi...ave/Install.cabO16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dllO16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cabO16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://209.70.180.5/dana-cached/setup/NeoterisSetup.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k00719/sb028.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128823200234O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144286406562O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cabO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cabO16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cabO16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - http://vmwareevents.webex.com/client/v_vmw...ent/ieatgpc.cabO18 - Filter: text/html - (no CLSID) - (no file)O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll (file missing)O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exeO23 - Service: Provision Networks Update Service (PNUpdate) - Provision Networks - C:\WINDOWS\System32\PNUpdate.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeQoofix v1.03 by http://www.malwarebytes.orgScan started on [10/15/2006] at [5:51:04 PM]-------------------------------------------------------------Terminated module: uqwyacc.dll found in Qoofix.exe (6052)Terminated module: uqwyacc.dll found in ojwyjt.exe (2004)Terminated module: uqwyacc.dll found in explorer.exe (2012)Terminated module: uqwyacc.dll found in fsndi.exe (2020)Terminated module: uqwyacc.dll found in pnssosvr.exe (2036)Terminated module: uqwyacc.dll found in fsndi.exe (176)Terminated module: uqwyacc.dll found in fsndi.exe (156)Terminated module: uqwyacc.dll found in shwicon2k.exe (2636)Terminated module: uqwyacc.dll found in hphmon05.exe (2748)Terminated module: uqwyacc.dll found in hpwuSchd2.exe (2756)Terminated module: uqwyacc.dll found in aolsoftware.exe (2776)Terminated module: uqwyacc.dll found in rundll32.exe (2900)Terminated module: uqwyacc.dll found in hpcmpmgr.exe (2912)Terminated module: uqwyacc.dll found in PPActiveDetection.exe (2920)Terminated module: uqwyacc.dll found in ViewMgr.exe (2948)Terminated module: uqwyacc.dll found in realsched.exe (2960)Terminated module: uqwyacc.dll found in qttask.exe (2992)Terminated module: uqwyacc.dll found in CCAPP.EXE (3000)Terminated module: uqwyacc.dll found in iTunesHelper.exe (3052)Terminated module: uqwyacc.dll found in msmsgs.exe (3100)Terminated module: uqwyacc.dll found in TeaTimer.exe (3120)Terminated module: uqwyacc.dll found in hpqtra08.exe (3540)Terminated module: uqwyacc.dll found in RtlWake.exe (3640)Terminated module: uqwyacc.dll found in AOLSP Scheduler.exe (2564)Terminated module: uqwyacc.dll found in aolsoftware.exe (136)Terminated module: uqwyacc.dll found in aim.exe (2724)Terminated module: uqwyacc.dll found in hptskmgr.exe (1792)Terminated module: uqwyacc.dll found in RtWLan.exe (5312)Terminated module: uqwyacc.dll found in iexplore.exe (3332)Terminated module: uqwyacc.dll found in HijackThis.exe (196)Terminated module: uqwyacc.dll found in Snood.exe (2936)Terminated module: uqwyacc.dll found in trueplay.exe (5764)-------------------------------------------------------------C:\WINDOWS\system32\fsndi.exe will be deleted on reboot!C:\WINDOWS\system32\ojwyjt.exe will be deleted on reboot!C:\WINDOWS\system32\pougtaq.exe will be deleted on reboot!C:\WINDOWS\system32\thlcu.dat will be deleted on reboot!C:\WINDOWS\system32\uqwyacc.dll will be deleted on reboot!C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hriap.exe will be deleted on reboot!User prompted YES to reboot, system now rebooting...-------------------------------------------------------------Scan COMPLETED SUCCESSFULLY on [10/15/2006] at [6:04:38 PM]Note: Some registry keys may have been removed. Quote Link to post Share on other sites
therock247uk Posted October 16, 2006 Report Share Posted October 16, 2006 First download AVG Anti-Spyware from HERE and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".[*]Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.Once the scan is complete do the following:If you have any infections you will prompted, then select "Apply all actions"Next select the "Reports" icon at the top.Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.