Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

running super slow, non-stop popups, vundo trojan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

running super slow, non-stop popups, vundo trojan

Unread postby bebops75 » July 29th, 2007, 8:37 pm

Hello, and thank you for the help.

My Dell laptop is running super slow and the popups are non stop. I can hardly use the internet. I have installed and ran various scans as you recommended with the help of my other computer. I also constantly get the message from McAfee that
the file C:\WINDOWS\system32\mljiijk.dll was infected by the vundo trojan but has been automatically cleaned by virusscan. You must restart computer to complete the clean process.
Everytime I restart, the same message pops right back.

Here is my Hijack log file...Thanks again


Logfile of HijackThis v1.99.1
Scan saved at 7:58:04 PM, on 7/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\XGI\XWatDog.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\Trirot.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\S?mantec\w?crtupd.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\axfhcmjn.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Wireless] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P32 "EPSON Stylus Photo R320 Wireless" /O11 "IP_10.0.1.1" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P39 "EPSON Stylus Photo R320 Series (Copy 1)" /O11 "IP_10.0.1.1" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series wireless] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P39 "EPSON Stylus Photo R320 Series wireless" /O11 "IP_10.0.1.1" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [XGIWatchDog] C:\Program Files\XGI\XWatDog.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Trirot] Trirot.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Avvenu Update] C:\Program Files\Avvenu\Avvenu_updater.exe
O4 - HKLM\..\Run: [Avvenu Access n Share Update] "C:\Program Files\Avvenu\Avvenu_updater.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\system32\MCROSO~1\tracert.exe" -vt yazb
O4 - HKCU\..\Run: [Nsmjcn] C:\WINDOWS\S?mantec\w?crtupd.exe
O4 - HKCU\..\Run: [Sonic RecordNow!] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo RX580 wireless @ Kazuhiro Itohís Computer] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPA.EXE /FU "C:\WINDOWS\TEMP\E_S9C7.tmp" /EF "HKCU"
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\msdsregr.exe
O4 - Global Startup: Avvenu Connector.lnk = C:\Program Files\Avvenu\Avvenu_agent.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Mobipassword 2.0 - {5D1DD345-27E1-4767-80A5-D64852D86D98} - C:\Program Files\Icom Consulting Inc\Mobipassword 2.01\PKLinksScript2.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://pst.itcsusa.com/Remote/msrdp.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Xpress Mail Personal Edition Service (SevenConnectionService) - Unknown owner - C:\Program Files\Xpress Mail\Personal Edition\ConnectionService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)
bebops75
Active Member
 
Posts: 12
Joined: July 29th, 2007, 8:23 pm
Advertisement
Register to Remove

Unread postby Blackhawk » July 29th, 2007, 11:12 pm

Post removed.

Rogue
Blackhawk
Active Member
 
Posts: 2
Joined: July 29th, 2007, 10:36 pm

Unread postby __RiP_ChAiN_ » July 29th, 2007, 11:15 pm

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
__RiP_ChAiN_
Regular Member
 
Posts: 330
Joined: July 9th, 2007, 2:39 am

getting better

Unread postby bebops75 » July 30th, 2007, 2:54 am

Thank you for your assistance.

The computer is running much faster....thank you.
I'm still getting pop-ups.

I'm not sure how to post the contents of C:\vundofix.txt.

Here is the HiJack This Log -


Logfile of HijackThis v1.99.1
Scan saved at 2:45:43 AM, on 7/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\XGI\XWatDog.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\Trirot.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\S?mantec\w?crtupd.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C8ABC4F-8867-4892-8B65-8EC7BFEF6366} - C:\Program Files\Windows Media Player\hotez83122.dll (file missing)
O2 - BHO: (no name) - {1d5d679d-0cd3-4e1c-9b4a-2103a37caadc} - C:\WINDOWS\system32\dxkrjpl.dll
O2 - BHO: (no name) - {2CE30782-C2FB-4016-8E6A-9A2A21A78B15} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: (no name) - {416743FB-8013-8ABC-4912-F98DBF56D4CD} - C:\WINDOWS\system32\touk.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\romgxsia.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: PKIEhlpr Class - {FF32A4CE-E54D-11D3-9FB7-E3582B1BD44D} - C:\WINDOWS\system32\PKIEHLP1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Wireless] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P32 "EPSON Stylus Photo R320 Wireless" /O11 "IP_10.0.1.1" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P39 "EPSON Stylus Photo R320 Series (Copy 1)" /O11 "IP_10.0.1.1" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series wireless] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P39 "EPSON Stylus Photo R320 Series wireless" /O11 "IP_10.0.1.1" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [XGIWatchDog] C:\Program Files\XGI\XWatDog.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Trirot] Trirot.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Avvenu Update] C:\Program Files\Avvenu\Avvenu_updater.exe
O4 - HKLM\..\Run: [Avvenu Access n Share Update] "C:\Program Files\Avvenu\Avvenu_updater.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\uivhboqa.dll",sitypnow
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\system32\MCROSO~1\tracert.exe" -vt yazb
O4 - HKCU\..\Run: [Nsmjcn] C:\WINDOWS\S?mantec\w?crtupd.exe
O4 - HKCU\..\Run: [Sonic RecordNow!] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo RX580 wireless @ Kazuhiro Itoh’s Computer] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPA.EXE /FU "C:\WINDOWS\TEMP\E_S9C7.tmp" /EF "HKCU"
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\msdsregr.exe
O4 - Global Startup: Avvenu Connector.lnk = C:\Program Files\Avvenu\Avvenu_agent.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Mobipassword 2.0 - {5D1DD345-27E1-4767-80A5-D64852D86D98} - C:\Program Files\Icom Consulting Inc\Mobipassword 2.01\PKLinksScript2.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://pst.itcsusa.com/Remote/msrdp.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O20 - Winlogon Notify: mljiijk - mljiijk.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Xpress Mail Personal Edition Service (SevenConnectionService) - Unknown owner - C:\Program Files\Xpress Mail\Personal Edition\ConnectionService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)
bebops75
Active Member
 
Posts: 12
Joined: July 29th, 2007, 8:23 pm

Unread postby __RiP_ChAiN_ » July 30th, 2007, 3:10 pm

Hello bebops75,

Download ComboFix from http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe or http://download.bleepingcomputer.com/sUBs/ComboFix.exe to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
__RiP_ChAiN_
Regular Member
 
Posts: 330
Joined: July 9th, 2007, 2:39 am

getting better

Unread postby bebops75 » July 30th, 2007, 4:00 pm

Hello and thanks again for your help.

Still getting some popups.

Here is the log generated by combofix and following is the HiJackthis log.



ComboFix 07-07-30.2 - "Tazz" 2007-07-30 15:24:18.1 [GMT -4:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\buqddnsp.dll
C:\WINDOWS\system32\gfxlhnie.dll
C:\WINDOWS\system32\iuvygmyx.dll
C:\WINDOWS\system32\mgaxiaum.dll
C:\WINDOWS\system32\polwtmka.dll
C:\WINDOWS\system32\romgxsia.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\Tazz\Desktop.\internet explorer.lnk
C:\Documents and Settings\Tazz.\err.log
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\temp\tn3
C:\WINDOWS\acdt-pid67n.exe
C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\smante~1
C:\WINDOWS\smante~1\w?crtupd.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\bikkwxhq.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\fxtlejdo.exe
C:\WINDOWS\system32\gpjlnwex.exe
C:\WINDOWS\system32\hsxqfvql.exe
C:\WINDOWS\system32\hypjsonq.exe
C:\WINDOWS\system32\ichbkalc.exe
C:\WINDOWS\system32\jilmhrht.exe
C:\WINDOWS\system32\L1
C:\WINDOWS\system32\L11
C:\WINDOWS\system32\L3
C:\WINDOWS\system32\L3\wr716.exe
C:\WINDOWS\system32\L5
C:\WINDOWS\system32\L7
C:\WINDOWS\system32\L9
C:\WINDOWS\system32\L9\wb720.exe
C:\WINDOWS\system32\lflbyurw.exe
C:\WINDOWS\system32\mcroso~1
C:\WINDOWS\system32\ngofyyta.exe
C:\WINDOWS\system32\nxivhyqh.exe
C:\WINDOWS\system32\qkickqhc.exe
C:\WINDOWS\system32\rdmflyup.exe
C:\WINDOWS\system32\rfiiblmt.exe
C:\WINDOWS\system32\sckyamxn.exe
C:\WINDOWS\system32\touk.dll
C:\WINDOWS\system32\uhfmhxmc.exe
C:\WINDOWS\system32\uyhcpgfm.exe
C:\WINDOWS\system32\waacgbtc.exe
C:\WINDOWS\system32\whncnnup.exe
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wiylucmj.exe
C:\WINDOWS\system32\wxyiaiiw.exe
C:\WINDOWS\system32\ypvxvsrr.exe
C:\WINDOWS\TISKY009.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_FOPN
-------\core


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-30 )))))))))))))))))))))))))))))))


2007-07-30 15:22 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-30 02:05 <DIR> d----c--- C:\VundoFix Backups
2007-07-30 02:03 126,016 --a------ C:\WINDOWS\SYSTEM32\uivhboqa.dll
2007-07-29 19:59 126,016 --------- C:\WINDOWS\SYSTEM32\cquvscor.dll
2007-07-29 19:13 <DIR> d-------- C:\Program Files\a-squared Free
2007-07-29 18:33 126,016 --a------ C:\WINDOWS\SYSTEM32\oyoancwi.dll
2007-07-29 16:45 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-29 16:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-29 16:13 126,016 --------- C:\WINDOWS\SYSTEM32\xhnbbkml.dll
2007-07-29 00:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-29 00:34 126,016 --------- C:\WINDOWS\SYSTEM32\leflxjui.dll
2007-07-28 23:18 126,016 --a------ C:\WINDOWS\SYSTEM32\dqjllnqw.dll
2007-07-28 23:03 126,016 --------- C:\WINDOWS\SYSTEM32\ybmjvjqm.dll
2007-07-28 20:59 126,016 --------- C:\WINDOWS\SYSTEM32\ypdseglr.dll
2007-07-28 20:49 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-07-28 20:20 126,016 --a------ C:\WINDOWS\SYSTEM32\ivengpcc.dll
2007-07-28 14:14 126,016 --------- C:\WINDOWS\SYSTEM32\vqgjatog.dll
2007-07-28 11:15 126,016 --a------ C:\WINDOWS\SYSTEM32\ckifxoyh.dll
2007-07-28 09:59 126,016 --------- C:\WINDOWS\SYSTEM32\bkmopytf.dll
2007-07-28 04:03 126,016 --------- C:\WINDOWS\SYSTEM32\eshdxlcm.dll
2007-07-28 02:51 126,016 --------- C:\WINDOWS\SYSTEM32\eovuchtb.dll
2007-07-28 01:41 126,016 --a------ C:\WINDOWS\SYSTEM32\xivostte.dll
2007-07-28 00:48 126,016 --------- C:\WINDOWS\SYSTEM32\sjdqjyop.dll
2007-07-27 23:16 126,016 --a------ C:\WINDOWS\SYSTEM32\olginuod.dll
2007-07-25 18:54 83,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2007-07-25 18:54 57,424 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2007-07-25 18:54 53,840 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2007-07-25 18:54 39,376 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfileflt.sys
2007-07-25 18:54 29,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2007-07-25 18:53 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-07-25 18:53 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-07-25 18:53 <DIR> d-------- C:\DOCUME~1\Tazz\APPLIC~1\PC Tools
2007-07-25 18:46 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-07-25 18:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-07-25 18:38 <DIR> d-------- C:\Program Files\Google
2007-07-25 09:43 126,016 --a------ C:\WINDOWS\SYSTEM32\vyxmcedf.dll
2007-07-21 01:31 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Viewpoint
2007-07-21 00:58 663,265 --a------ C:\Temp\bY001.exe
2007-07-21 00:58 171,520 --a------ C:\WINDOWS\SYSTEM32\dxkrjpl.dll
2007-07-21 00:58 <DIR> d-------- C:\Temp\brr
2007-07-21 00:58 <DIR> d-------- C:\Temp\0c2
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AWRTPD.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-29 18:00 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-07-29 16:36 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-28 10:43 --------- d-------- C:\Program Files\Common Files\AOL
2007-07-28 10:37 --------- d-------- C:\Program Files\Common Files\aolshare
2007-07-28 04:27 --------- d-------- C:\DOCUME~1\Tazz\APPLIC~1\AOL
2007-07-21 00:02 --------- d-------- C:\Program Files\EPSON Print CD
2007-07-11 16:44 --------- d-------- C:\Program Files\Finale 2003
2007-06-13 12:47 --------- d-------- C:\Program Files\palmOne
2007-06-13 12:41 --------- d-------- C:\Program Files\Documents To Go
2006-12-02 21:05 2522 --a------ C:\Program Files\func.js
2006-11-25 03:57 482 --a------ C:\Program Files\Del.js


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C8ABC4F-8867-4892-8B65-8EC7BFEF6366}]
C:\Program Files\Windows Media Player\hotez83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d5d679d-0cd3-4e1c-9b4a-2103a37caadc}]
2007-07-21 00:58 171520 --a------ C:\WINDOWS\system32\dxkrjpl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2CE30782-C2FB-4016-8E6A-9A2A21A78B15}]
C:\WINDOWS\system32\ddayx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"XGIWatchDog"="C:\Program Files\XGI\XWatDog.exe" [2005-02-28 22:19]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 19:02]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 22:50]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"Trirot"="Trirot.exe" [2005-02-28 22:19 C:\WINDOWS\SYSTEM32\Trirot.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 20:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 10:35]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"RegServer"="regserve.exe" [2005-02-28 22:19 C:\WINDOWS\SYSTEM32\RegServe.exe]
"PrintServer Diagnostic"="C:\Program Files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 18:09]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 15:45]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2003-08-21 19:10]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-08-27 12:00]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 05:50 C:\WINDOWS\LOGI_MWX.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-03-04 21:59]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [2004-03-04 12:36]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 06:00 C:\WINDOWS\SYSTEM32\BTHPROPS.CPL]
"Avvenu Update"="C:\Program Files\Avvenu\Avvenu_updater.exe" []
"Avvenu Access n Share Update"="C:\Program Files\Avvenu\Avvenu_updater.exe" []
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-06-12 13:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sen"="C:\WINDOWS\system32\MCROSO~1\tracert.exe" []
"Nsmjcn"="C:\WINDOWS\S?mantec\w?crtupd.exe" []
"Sonic RecordNow!"="C:\Program Files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 18:09]
"EPSON Stylus Photo RX580 wireless @ Kazuhiro Itoh’s Computer"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPA.exe" [2006-05-23 05:00]

C:\Documents and Settings\Tazz\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 14:04:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljiijk]
mljiijk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


R0 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys
R1 Cdralw2k;Cdralw2k;C:\WINDOWS\system32\drivers\Cdralw2k.sys
R1 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys
R1 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys
R1 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys
R1 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe -k bthsvcs
R2 drvnddm;drvnddm;C:\WINDOWS\system32\drivers\drvnddm.sys
R2 tfsnboio;tfsnboio;C:\WINDOWS\system32\dla\tfsnboio.sys
R2 tfsncofs;tfsncofs;C:\WINDOWS\system32\dla\tfsncofs.sys
R2 tfsndrct;tfsndrct;C:\WINDOWS\system32\dla\tfsndrct.sys
R2 tfsndres;tfsndres;C:\WINDOWS\system32\dla\tfsndres.sys
R2 tfsnifs;tfsnifs;C:\WINDOWS\system32\dla\tfsnifs.sys
R2 tfsnopio;tfsnopio;C:\WINDOWS\system32\dla\tfsnopio.sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R2 tfsnudf;tfsnudf;C:\WINDOWS\system32\dla\tfsnudf.sys
R2 tfsnudfa;tfsnudfa;C:\WINDOWS\system32\dla\tfsnudfa.sys
R3 HSF_DPV;HSF_DPV;C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 MxlW2k;MxlW2k;C:\WINDOWS\system32\drivers\MxlW2k.sys
R3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
R3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
R3 Xgiv3;Xgiv3;C:\WINDOWS\system32\DRIVERS\Xgiv3m.sys
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
S3 BthEnum;Bluetooth Request Block Driver;C:\WINDOWS\system32\DRIVERS\BthEnum.sys
S3 BTHMODEM;Bluetooth Serial Communications Driver;C:\WINDOWS\system32\DRIVERS\bthmodem.sys
S3 BthPan;Bluetooth Device (Personal Area Network);C:\WINDOWS\system32\DRIVERS\bthpan.sys
S3 BTHPORT;Bluetooth Port Driver;C:\WINDOWS\system32\Drivers\BTHport.sys
S3 BTHUSB;Bluetooth Radio USB Driver;C:\WINDOWS\system32\Drivers\BTHUSB.sys
S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 MFWAGSIF;MOTU FireWire Audio GSIF;C:\WINDOWS\system32\drivers\MFWAGSIF.sys
S3 MFWAWAVE;MOTU FireWire Audio Wave;C:\WINDOWS\system32\drivers\MFWAWAVE.sys
S3 MotuFWA;MotuFWA;C:\WINDOWS\system32\drivers\MotuFWA.sys
S3 PalmUSBD;PalmUSBD;C:\WINDOWS\system32\drivers\PalmUSBD.sys
S3 pmxscan;Visioneer USB Kernel;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 RDID1009;EDIROL UM-1 USB Driver;C:\WINDOWS\system32\Drivers\rdwm1009.sys
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
S3 SDDMI2;SDDMI2;\??\C:\WINDOWS\system32\DDMI2.sys
S3 SevenConnectionService;Xpress Mail Personal Edition Service;C:\Program Files\Xpress Mail\Personal Edition\ConnectionService.exe
S3 UIUSys;Conexant Setup API;C:\WINDOWS\system32\drivers\UIUSys.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22e69c98-6590-11d9-9e9d-00038a000015}]
AutoRun\command- E:\PortableRoboForm.exe
RoboForm2Go\command- E:\PortableRoboForm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a6a031e-3126-11db-a288-00038a000015}]
Explore\command- explorer.exe /n,/e ,.
Launch\command- E:\portablevaultaes.exe


Contents of the 'Scheduled Tasks' folder
2007-07-22 04:40:11 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (INFINITY-Tazz).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe
2007-07-30 19:40:00 C:\WINDOWS\Tasks\McAfee.com Update Check (INFINITY-Bud).job - C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
2007-07-30 19:43:00 C:\WINDOWS\Tasks\McAfee.com Update Check (INFINITY-Tazz).job - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
2007-07-25 22:46:58 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe
2004-10-06 11:57:38 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-30 15:39:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000018c

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-30 15:44:16 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-30 15:43

--- E O F ---




Here is the HiJackthis log -




Logfile of HijackThis v1.99.1
Scan saved at 3:57:24 PM, on 7/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\XGI\XWatDog.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\Trirot.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C8ABC4F-8867-4892-8B65-8EC7BFEF6366} - C:\Program Files\Windows Media Player\hotez83122.dll (file missing)
O2 - BHO: (no name) - {1d5d679d-0cd3-4e1c-9b4a-2103a37caadc} - C:\WINDOWS\system32\dxkrjpl.dll
O2 - BHO: (no name) - {2CE30782-C2FB-4016-8E6A-9A2A21A78B15} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: PKIEhlpr Class - {FF32A4CE-E54D-11D3-9FB7-E3582B1BD44D} - C:\WINDOWS\system32\PKIEHLP1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [XGIWatchDog] C:\Program Files\XGI\XWatDog.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Trirot] Trirot.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Avvenu Update] C:\Program Files\Avvenu\Avvenu_updater.exe
O4 - HKLM\..\Run: [Avvenu Access n Share Update] "C:\Program Files\Avvenu\Avvenu_updater.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\system32\MCROSO~1\tracert.exe" -vt yazb
O4 - HKCU\..\Run: [Nsmjcn] C:\WINDOWS\S?mantec\w?crtupd.exe
O4 - HKCU\..\Run: [Sonic RecordNow!] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo RX580 wireless @ Kazuhiro Itoh’s Computer] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPA.EXE /FU "C:\WINDOWS\TEMP\E_S9C7.tmp" /EF "HKCU"
O4 - Global Startup: Avvenu Connector.lnk = C:\Program Files\Avvenu\Avvenu_agent.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Mobipassword 2.0 - {5D1DD345-27E1-4767-80A5-D64852D86D98} - C:\Program Files\Icom Consulting Inc\Mobipassword 2.01\PKLinksScript2.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://pst.itcsusa.com/Remote/msrdp.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O20 - Winlogon Notify: mljiijk - mljiijk.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Xpress Mail Personal Edition Service (SevenConnectionService) - Unknown owner - C:\Program Files\Xpress Mail\Personal Edition\ConnectionService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)
bebops75
Active Member
 
Posts: 12
Joined: July 29th, 2007, 8:23 pm

Unread postby __RiP_ChAiN_ » July 31st, 2007, 2:53 pm

Hello bebops75,

Please download http://www.atribune.org/ccount/click.php?id=1 ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Please download http://download.bleepingcomputer.com/ol ... MoveIt.exe OTMoveIt by Oldtimer and save it to your desktop.

Using Add Or Remove Programs remove the following entries (if present): (To get into add Or Remove Programs press the START button > Control Panel > Add Or Remove Programs.)

ViewPoint

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {0C8ABC4F-8867-4892-8B65-8EC7BFEF6366} - C:\Program Files\Windows Media Player\hotez83122.dll (file missing)
O2 - BHO: (no name) - {1d5d679d-0cd3-4e1c-9b4a-2103a37caadc} - C:\WINDOWS\system32\dxkrjpl.dll
O2 - BHO: (no name) - {2CE30782-C2FB-4016-8E6A-9A2A21A78B15} - C:\WINDOWS\system32\ddayx.dll (file missing)
O4 - HKLM\..\Run: [Trirot] Trirot.exe
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\system32\MCROSO~1\tracert.exe" -vt yazb
O4 - HKCU\..\Run: [Nsmjcn] C:\WINDOWS\S?mantec\w?crtupd.exe
O4 - HKCU\..\Run: [Sonic RecordNow!] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O20 - Winlogon Notify: mljiijk - mljiijk.dll (file missing)
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)


Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.



Please copy (Ctrl C) and paste (Ctrl V) the following text in the quote to Notepad. Save it as "All Files" and name it FixService.bat. Please save it on your desktop.

sc stop wscsvc
sc delete wscsvc
exit


Double click FixService.bat. A window will open and close. This is normal.

Open notepad and copy (Ctrl C) and paste (Ctrl V) the following text in the quote:

Code: Select all
REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22e69c98-6590-11d9-9e9d-00038a000015}] 

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a6a031e-3126-11db-a288-00038a000015}]

Save it to your desktop as fix133.reg and as Type "All files"
Double click on fix133.reg and allow when prompted to let it merge with the registry.

Run ATF Cleaner:
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Run OTMoveIt:
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\Trirot.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\VundoFix Backups
C:\WINDOWS\SYSTEM32\uivhboqa.dll
C:\WINDOWS\SYSTEM32\cquvscor.dll
C:\WINDOWS\SYSTEM32\oyoancwi.dll
C:\WINDOWS\SYSTEM32\xhnbbkml.dll
C:\WINDOWS\SYSTEM32\leflxjui.dll
C:\WINDOWS\SYSTEM32\dqjllnqw.dll
C:\WINDOWS\SYSTEM32\ybmjvjqm.dll
C:\WINDOWS\SYSTEM32\ypdseglr.dll
C:\WINDOWS\SYSTEM32\ivengpcc.dll
C:\WINDOWS\SYSTEM32\vqgjatog.dll
C:\WINDOWS\SYSTEM32\ckifxoyh.dll
C:\WINDOWS\SYSTEM32\bkmopytf.dll
C:\WINDOWS\SYSTEM32\eshdxlcm.dll
C:\WINDOWS\SYSTEM32\eovuchtb.dll
C:\WINDOWS\SYSTEM32\xivostte.dll
C:\WINDOWS\SYSTEM32\sjdqjyop.dll
C:\WINDOWS\SYSTEM32\olginuod.dll
C:\WINDOWS\SYSTEM32\vyxmcedf.dll
C:\DOCUME~1\LOCALS~1\APPLIC~1\Viewpoint
C:\Temp\bY001.exe
C:\WINDOWS\SYSTEM32\dxkrjpl.dll
C:\Temp\brr
C:\Temp\0c2

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt

(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)
Click the red Moveit! button.
Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Reboot into Normal Mode.

In your next reply please include the following:

A newHijackthis log.
The OTMoveItlog.
__RiP_ChAiN_
Regular Member
 
Posts: 330
Joined: July 9th, 2007, 2:39 am

getting better

Unread postby bebops75 » July 31st, 2007, 11:29 pm

I have followed all commands.
I removed Viewpoint manager and Viewpoint media player.
I am posting the OTMoveIt log followed by the HiJackThis log.

Thank you so much again for your time and help.


C:\WINDOWS\system32\Trirot.exe moved successfully.
C:\Program Files\Print Server\PTP\PSDiagnostic.exe moved successfully.
C:\VundoFix Backups moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\uivhboqa.dll
C:\WINDOWS\SYSTEM32\uivhboqa.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\uivhboqa.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\cquvscor.dll
C:\WINDOWS\SYSTEM32\cquvscor.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\cquvscor.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\oyoancwi.dll
C:\WINDOWS\SYSTEM32\oyoancwi.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\oyoancwi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\xhnbbkml.dll
C:\WINDOWS\SYSTEM32\xhnbbkml.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\xhnbbkml.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\leflxjui.dll
C:\WINDOWS\SYSTEM32\leflxjui.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\leflxjui.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\dqjllnqw.dll
C:\WINDOWS\SYSTEM32\dqjllnqw.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\dqjllnqw.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\ybmjvjqm.dll
C:\WINDOWS\SYSTEM32\ybmjvjqm.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\ybmjvjqm.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\ypdseglr.dll
C:\WINDOWS\SYSTEM32\ypdseglr.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\ypdseglr.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\ivengpcc.dll
C:\WINDOWS\SYSTEM32\ivengpcc.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\ivengpcc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\vqgjatog.dll
C:\WINDOWS\SYSTEM32\vqgjatog.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\vqgjatog.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\ckifxoyh.dll
C:\WINDOWS\SYSTEM32\ckifxoyh.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\ckifxoyh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\bkmopytf.dll
C:\WINDOWS\SYSTEM32\bkmopytf.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\bkmopytf.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\eshdxlcm.dll
C:\WINDOWS\SYSTEM32\eshdxlcm.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\eshdxlcm.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\eovuchtb.dll
C:\WINDOWS\SYSTEM32\eovuchtb.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\eovuchtb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\xivostte.dll
C:\WINDOWS\SYSTEM32\xivostte.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\xivostte.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\sjdqjyop.dll
C:\WINDOWS\SYSTEM32\sjdqjyop.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\sjdqjyop.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\olginuod.dll
C:\WINDOWS\SYSTEM32\olginuod.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\olginuod.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\vyxmcedf.dll
C:\WINDOWS\SYSTEM32\vyxmcedf.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\vyxmcedf.dll moved successfully.
C:\DOCUME~1\LOCALS~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources moved successfully.
C:\DOCUME~1\LOCALS~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology moved successfully.
C:\DOCUME~1\LOCALS~1\APPLIC~1\Viewpoint moved successfully.
C:\Temp\bY001.exe moved successfully.
File/Folder C:\WINDOWS\SYSTEM32\dxkrjpl.dll not found.
C:\Temp\brr moved successfully.
C:\Temp\0c2 moved successfully.

Created on 07/31/2007 23:22:58



HiJackThis log -



Logfile of HijackThis v1.99.1
Scan saved at 11:25:36 PM, on 7/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\XGI\XWatDog.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: PKIEhlpr Class - {FF32A4CE-E54D-11D3-9FB7-E3582B1BD44D} - C:\WINDOWS\system32\PKIEHLP1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [XGIWatchDog] C:\Program Files\XGI\XWatDog.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Avvenu Update] C:\Program Files\Avvenu\Avvenu_updater.exe
O4 - HKLM\..\Run: [Avvenu Access n Share Update] "C:\Program Files\Avvenu\Avvenu_updater.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo RX580 wireless @ Kazuhiro Itoh’s Computer] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPA.EXE /FU "C:\WINDOWS\TEMP\E_S9C7.tmp" /EF "HKCU"
O4 - Global Startup: Avvenu Connector.lnk = C:\Program Files\Avvenu\Avvenu_agent.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Mobipassword 2.0 - {5D1DD345-27E1-4767-80A5-D64852D86D98} - C:\Program Files\Icom Consulting Inc\Mobipassword 2.01\PKLinksScript2.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://pst.itcsusa.com/Remote/msrdp.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Xpress Mail Personal Edition Service (SevenConnectionService) - Unknown owner - C:\Program Files\Xpress Mail\Personal Edition\ConnectionService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
bebops75
Active Member
 
Posts: 12
Joined: July 29th, 2007, 8:23 pm

Unread postby __RiP_ChAiN_ » August 1st, 2007, 2:52 am

Hello bebops75,

Please do an online scan with Kaspersky Webscanner here http://www.kaspersky.com/virusscanner Please note: You MUST use Internet Explorer for this scan to work. )

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
__RiP_ChAiN_
Regular Member
 
Posts: 330
Joined: July 9th, 2007, 2:39 am

Unread postby bebops75 » August 1st, 2007, 2:00 pm

I left the scan running...When I came back to it Internet Explorer had shut down on its own and I did not see the infected display. I'm sure it scanned to about 83% then it was taking much longer for the % to increase.
So I'm not sure if the scan finished or if it shut down before finishing.
Also, I am getting the message from McAfee VirusScan that -

The file C:\System Volume Information\_restore202550A8-7A33-4BCA-9586-051D24DDBF8F\RP510\A0196244.exe was infected by the Puper trojan and has been deleted to complete the clean process

and also


The file C:\System Volume Information\_restore202550A8-7A33-4BCA-9586-051D24DDBF8F\RP510\A0196275.exe was infected by the Generic Downloader.s trojan and has been deleted to complete the clean process

and they don't go away.

On the other hand it seems like the pop-ups have cooled down.

I am going to try the scan again to see if it works better this time.
Please let me know if there is anything else I may need to do.

Thank you again.
bebops75
Active Member
 
Posts: 12
Joined: July 29th, 2007, 8:23 pm

Unread postby bebops75 » August 1st, 2007, 2:02 pm

actually the McAfee messages stopped after it showed me that it had cleaned about 10 trojans. I will try scanning again...
bebops75
Active Member
 
Posts: 12
Joined: July 29th, 2007, 8:23 pm

Unread postby bebops75 » August 1st, 2007, 11:41 pm

I scanned again and the same thing happened...when it finished it did not display anything so I have nothing to save as text. McAfee did find another trojan which it cleaned.

Does this mean that it is not infected, or that the scan was interrupted and shut down?

Asides from that, the computer seems to be running fine.
bebops75
Active Member
 
Posts: 12
Joined: July 29th, 2007, 8:23 pm

Unread postby __RiP_ChAiN_ » August 2nd, 2007, 3:44 pm

Hello bebops75,

We'll try a different scanner instead:
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
__RiP_ChAiN_
Regular Member
 
Posts: 330
Joined: July 9th, 2007, 2:39 am

Unread postby bebops75 » August 3rd, 2007, 11:17 am

Here are the contents of the scan report.

Thank you for your help and concern.




Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tazz\Cookies\tazz@2o7[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tazz\Cookies\tazz@advertising[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tazz\Cookies\tazz@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Tazz\Cookies\tazz@bluestreak[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tazz\Cookies\tazz@doubleclick[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Tazz\Desktop\ComboFix.exe[nircmd.exe]
Virus:Trj/Clicker.XQ Disinfected C:\Program Files\func.js
Adware:Adware/CWS Not disinfected C:\QooBox\Quarantine\C\WINDOWS\acdt-pid67N.exe.vir
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe.vir
Adware:Adware/PurityScan Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SMANTE~1\w?crtupd.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bikkwxhq.exe.vir
Adware:Adware/WebSearch Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\buqddnsp.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fxtlejdo.exe.vir
Adware:Adware/WebSearch Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gfxlhnie.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gpjlnwex.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hsxqfvql.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hypjsonq.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ichbkalc.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jilmhrht.exe.vir
Virus:Trj/Downloader.PNC Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\L3\wr716.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lflbyurw.exe.vir
Adware:Adware/WebSearch Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mgaxiaum.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ngofyyta.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nxivhyqh.exe.vir
Adware:Adware/WebSearch Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\polwtmka.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qkickqhc.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rdmflyup.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rfiiblmt.exe.vir
Adware:Adware/WebSearch Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\romgxsia.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\sckyamxn.exe.vir
Adware:Adware/PurityScan Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\touk.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uhfmhxmc.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uyhcpgfm.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\waacgbtc.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\whncnnup.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wiylucmj.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wxyiaiiw.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ypvxvsrr.exe.vir
Adware:Adware/Zenosearch Not disinfected C:\QooBox\Quarantine\C\WINDOWS\TISKY009.exe.vir
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\catchme2007-07-30_153900.48.zip[core.sys]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Adware:Adware/TTC Not disinfected C:\_OTMoveIt\MovedFiles\Temp\bY001.exe[mwspasrt83122.exe][TTC.dll]
Virus:Trj/Downloader.PNC Not disinfected C:\_OTMoveIt\MovedFiles\Temp\bY001.exe[wr716.exe]
Virus:Trj/Downloader.MDW Not disinfected C:\_OTMoveIt\MovedFiles\Temp\bY001.exe[tns2.exe]
Spyware:Spyware/Virtumonde Not disinfected C:\_OTMoveIt\MovedFiles\Temp\bY001.exe[rssm18.exe]
Virus:Trj/Downloader.PJT Disinfected C:\_OTMoveIt\MovedFiles\VundoFix Backups\axfhcmjn.exe.bad
Virus:Trj/Downloader.PJT Disinfected C:\_OTMoveIt\MovedFiles\VundoFix Backups\ceyhgbbd.exe.bad
Virus:Trj/Downloader.PJT Disinfected C:\_OTMoveIt\MovedFiles\VundoFix Backups\chanvcaw.exe.bad
Virus:Trj/Downloader.PJT Disinfected C:\_OTMoveIt\MovedFiles\VundoFix Backups\copctcfk.exe.bad
Virus:Trj/Downloader.PCQ Disinfected C:\_OTMoveIt\MovedFiles\VundoFix Backups\egwfekga.exe.bad
Virus:Trj/Downloader.PJT Disinfected C:\_OTMoveIt\MovedFiles\VundoFix Backups\fpylrhtc.exe.bad
Virus:Trj/Downloader.PJT Disinfected C:\_OTMoveIt\MovedFiles\VundoFix Backups\geulbqea.exe.bad
Virus:Trj/Downloader.PJT Disinfected C:\_OTMoveIt\MovedFiles\VundoFix Backups\jnurntyv.exe.bad
Virus:Trj/Downloader.PCQ Disinfected C:\_OTMoveIt\MovedFiles\VundoFix Backups\jwlxwvma.exe.bad
Virus:Trj/Downloader.PJT Disinfected C:\_OTMoveIt\MovedFiles\VundoFix Backups\ledssclt.exe.bad
Virus:Trj/Downloader.PJT Disinfected C:\_OTMoveIt\MovedFiles\VundoFix Backups\oimasemn.exe.bad
Virus:Trj/Downloader.PJT Disinfected C:\_OTMoveIt\MovedFiles\VundoFix Backups\oiyjciyb.exe.bad
Virus:Trj/Downloader.PJT Disinfected C:\_OTMoveIt\MovedFiles\VundoFix Backups\pxwrxnnu.exe.bad
Virus:Trj/Downloader.PJT Disinfected C:\_OTMoveIt\MovedFiles\VundoFix Backups\rfiepley.exe.bad
Virus:Trj/Downloader.PJT Disinfected C:\_OTMoveIt\MovedFiles\VundoFix Backups\sgchlabt.exe.bad
Virus:Trj/Downloader.PJT Disinfected C:\_OTMoveIt\MovedFiles\VundoFix Backups\wbkbhxhp.exe.bad
Virus:Trj/Downloader.PJT Disinfected C:\_OTMoveIt\MovedFiles\VundoFix Backups\wngtyyem.exe.bad
Virus:Trj/Downloader.PJT Disinfected C:\_OTMoveIt\MovedFiles\VundoFix Backups\xjqxhnxh.exe.bad
Spyware:Spyware/Virtumonde Not disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\system32\olginuod.dll
bebops75
Active Member
 
Posts: 12
Joined: July 29th, 2007, 8:23 pm

Unread postby __RiP_ChAiN_ » August 3rd, 2007, 1:45 pm

Hello bebops75,

Using Windows Explorer delete the following folders (if present): ([color="#FF0000"]To get into Windows Explorer, right click the START button and select "explore."[/color])

C:\QooBox
C:\_OTMoveIt\MovedFiles

Please post back with a fresh HJT log and an update on how your computer is running.
__RiP_ChAiN_
Regular Member
 
Posts: 330
Joined: July 9th, 2007, 2:39 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 15 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware