Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

winantivirus can't get rid of

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

winantivirus can't get rid of

Unread postby foxydman » October 17th, 2006, 4:24 pm

Hi,

It's so annoying I can't get rid of winativirus which keeps hijacking my results and saying computer is infected.

Heres my log

Logfile of HijackThis v1.99.1
Scan saved at 21:24:11, on 29/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\dskrfuoui.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?ezaog (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {6EB4642F-EA0D-8471-1005-DAB0CAF3D9F6} - sbin.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {D79559E8-9991-41C5-AA2B-A96EC766F43F} - (no file)
O4 - HKLM\..\Run: [ajofaxe] c:\windows\system32\ejoubhg.exe r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [backorif] corrida.exe
O4 - HKCU\..\Run: [progmen] UserSp1.exe
O4 - HKCU\..\Run: [NukeSpan] hyandex.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Corel Network monitor worker - {E9F0AA63-7ED2-44E3-9B11-30D760476969} - C:\WINDOWS\System32\intlmain.dll (file missing)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {E9F0AA63-7ED2-44E3-9B11-30D760476969} - C:\WINDOWS\System32\intlmain.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\remove_me.dll (file missing) (HKCU)
O9 - Extra button: Corel Network monitor worker - {E9F0AA63-7ED2-44E3-9B11-30D760476969} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {E9F0AA63-7ED2-44E3-9B11-30D760476969} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 6819242075
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F1DC907-D1C8-476B-A89A-D1B946ECEB34}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D519547-75E9-4458-91FF-3180BABCC870}: NameServer = 69.50.184.84,195.225.176.37
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

PLEASE PLEASE HELP ME......I'm so not enjoying surfing anymore
foxydman
Regular Member
 
Posts: 24
Joined: October 1st, 2006, 2:13 pm
Advertisement
Register to Remove

Unread postby Blade81 » October 18th, 2006, 1:00 am

I am currently looking over your log. As I am an Undergraduate, everything that I post to you must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long. I will post back shortly with a potential fix.

Thanks for your patience! :)
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Unread postby Blade81 » October 18th, 2006, 10:40 am

Your computer is heavily infected. It will need more than just one post to fix it.


HJT in it's own folder & renaming HijackThis.exe
-------------------------------------------------------

Please put your HijackThis in it's own folder, (I create a new folder in C:\ named HJT).
You can do a Right Click on any open area on the desktop, New> Folder, then rename the folder HJT.

Go to where your HijackThis is and Right Click on HijackThis.exe, select Cut, then open the new folder you just created (HJT) Right Click in the folder and select paste.

The reason we do this is Hijackthis creates backup files just in case you'd need to restore one and we'll be cleaning out the temp files.

You'll need to rename HijackThis.exe file to scanner.exe to make some hiding infections visible.

  • Download DLLCompare.
  • Double-click on DllCompare.exe to run the program.
  • Click "Run Locate.com" and it will scan your system for files.
  • Once the scan has finished click "Compare" to compare your files to valid Windows files.
  • Once it has finished comparing click "Make a Log of what was found".
  • Click "Yes" at the View Log file? prompt to view the log.
  • Copy and paste the entire log into this topic.
  • If you accidentally close out of the log it is also saved as log.txt to where you saved DllCompare.exe.
  • Click "Exit" to exit DLLCompare.



You may want to print out these instructions for reference, since you
will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/l ... areout.exe


Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

At the end of the fix, you may need to restart your computer again.

Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt and DLLCompare's log
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Unread postby foxydman » October 18th, 2006, 3:07 pm

Hi here is the first log...

* DLLCompare Log version()
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\pmnnm.dll Sun 22 Oct 2006 19:06:08 ..SH. 577,588 564.05 K
________________________________________________

1,496 items found: 1,496 files (1 H/S), 0 directories.
Total of file sizes: 318,837,250 bytes 304.07 M

Administrator Account = True

--------------------End log---------------------
foxydman
Regular Member
 
Posts: 24
Joined: October 1st, 2006, 2:13 pm

Unread postby foxydman » October 18th, 2006, 3:11 pm

Hi,

could not do the fixwareout as it says error download connection.

any ideas?
foxydman
Regular Member
 
Posts: 24
Joined: October 1st, 2006, 2:13 pm

Unread postby Blade81 » October 18th, 2006, 3:17 pm

Hi

Did you try downloading using Free Download Manager? If you did, try downloading without it.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Unread postby foxydman » October 18th, 2006, 3:34 pm

I tried downloading from your both of your links.

Both give the same message
foxydman
Regular Member
 
Posts: 24
Joined: October 1st, 2006, 2:13 pm

Unread postby Blade81 » October 18th, 2006, 4:28 pm

You didn't answer my question. :) Did you try downloading without Free Download Manager? I suspect that might cause the problem.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Unread postby Blade81 » October 19th, 2006, 12:52 am

Okay. We can deal this fixwareout problem later. Do the following things.


HJT in it's own folder & renaming HijackThis.exe
-------------------------------------------------------

Please put your HijackThis in it's own folder, (I create a new folder in C:\ named HJT).
You can do a Right Click on any open area on the desktop, New> Folder, then rename the folder HJT.

Go to where your HijackThis is and Right Click on HijackThis.exe, select Cut, then open the new folder you just created (HJT) Right Click in the folder and select paste.

The reason we do this is Hijackthis creates backup files just in case you'd need to restore one and we'll be cleaning out the temp files.

You'll need to rename HijackThis.exe file to scanner.exe to make some hiding infections visible.


Please download F-Secure's trial Blacklight from here
- Print out the help page for guidance. It will be found here
- Click the "I Accept" button at the the license agreement
- Click the "Download" button to start the download
- Save it to your Desktop

- Double-click the blbeta.exe file on your Desktop
- Select the "I Accept the agreement" at the license agreement, then click "Next"
- Make sure all open programs and windows are closed (including this IE window) before clicking the "Scan" button
- Click "Scan
- When the animated graphics, in the bottom right-hand corner, disappears, click "Next"
- A text log file will appear on your Desktop when the scan is complete. It will start with fsbl-xxxxxx.txt (ie: fsbl-20051017165931.log)
- Paste the contents of that log back here. Send also a fresh HJT log.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Unread postby foxydman » October 19th, 2006, 1:47 pm

Heres the log from blacklight

12/01/06 18:01:39 [Info]: BlackLight Engine 1.0.47 initialized
12/01/06 18:01:39 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/01/06 18:01:40 [Note]: 7019 4
12/01/06 18:01:40 [Note]: 7005 0
12/01/06 18:01:41 [Note]: 7006 0
12/01/06 18:01:41 [Note]: 7011 2000
12/01/06 18:01:42 [Note]: 7026 0
12/01/06 18:01:42 [Note]: 7026 0
12/01/06 18:01:53 [Note]: FSRAW library version 1.7.1020
12/01/06 18:08:55 [Note]: 4013 9164
12/01/06 18:08:55 [Note]: 4020 29 65536
12/01/06 18:08:55 [Note]: 4018 29 65536
12/01/06 18:09:33 [Note]: 4013 9164
12/01/06 18:09:33 [Note]: 4020 29 65536
12/01/06 18:09:33 [Note]: 4018 29 65536
12/01/06 18:10:50 [Note]: 4013 9164
12/01/06 18:10:50 [Note]: 4020 29 65536
12/01/06 18:10:50 [Note]: 4018 29 65536
12/01/06 18:31:18 [Note]: 7006 0
12/01/06 18:31:18 [Note]: 7011 2000
12/01/06 18:31:19 [Note]: 7026 0
12/01/06 18:31:19 [Note]: 7026 0
12/01/06 18:31:31 [Note]: FSRAW library version 1.7.1020
12/01/06 18:38:22 [Note]: 4013 9217
12/01/06 18:38:22 [Note]: 4020 29 65536
12/01/06 18:38:22 [Note]: 4018 29 65536
12/01/06 18:38:36 [Note]: 4020 29 65536
12/01/06 18:38:36 [Note]: 4018 29 65536
12/01/06 18:39:51 [Note]: 4013 9519
12/01/06 18:39:51 [Note]: 4020 29 65536
12/01/06 18:39:51 [Note]: 4018 29 65536
12/01/06 18:41:21 [Note]: 4013 9217
12/01/06 18:41:21 [Note]: 4020 29 65536
12/01/06 18:41:21 [Note]: 4018 29 65536
12/01/06 18:45:52 [Note]: 7007 0
foxydman
Regular Member
 
Posts: 24
Joined: October 1st, 2006, 2:13 pm

Unread postby foxydman » October 19th, 2006, 1:48 pm

and the HJT log....think i did it right.

Logfile of HijackThis v1.99.1
Scan saved at 18:48:33, on 01/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\dskrfuoui.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?ezaog (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {6EB4642F-EA0D-8471-1005-DAB0CAF3D9F6} - sbin.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {709734B5-7260-49D8-BAC1-262CEC2F9378} - C:\WINDOWS\system32\pmnnm.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\ljhpkouq.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {D79559E8-9991-41C5-AA2B-A96EC766F43F} - (no file)
O4 - HKLM\..\Run: [ajofaxe] c:\windows\system32\ejoubhg.exe r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [backorif] corrida.exe
O4 - HKCU\..\Run: [progmen] UserSp1.exe
O4 - HKCU\..\Run: [NukeSpan] hyandex.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Corel Network monitor worker - {E9F0AA63-7ED2-44E3-9B11-30D760476969} - C:\WINDOWS\System32\intlmain.dll (file missing)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {E9F0AA63-7ED2-44E3-9B11-30D760476969} - C:\WINDOWS\System32\intlmain.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\remove_me.dll (file missing) (HKCU)
O9 - Extra button: Corel Network monitor worker - {E9F0AA63-7ED2-44E3-9B11-30D760476969} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {E9F0AA63-7ED2-44E3-9B11-30D760476969} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 6819242075
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F1DC907-D1C8-476B-A89A-D1B946ECEB34}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D519547-75E9-4458-91FF-3180BABCC870}: NameServer = 69.50.184.84,195.225.176.37
O20 - Winlogon Notify: pmnnm - C:\WINDOWS\system32\pmnnm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
foxydman
Regular Member
 
Posts: 24
Joined: October 1st, 2006, 2:13 pm

Unread postby Blade81 » October 20th, 2006, 8:09 am

Please download
VundoFix.exe
to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files,
    click YES
  • Once you click yes, your desktop will go blank as it starts removing
    Vundo.
  • When completed, it will prompt that it will reboot your computer,
    click OK.
  • Please post the contents of C:\vundofix.txt and a new
    HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button."
when VundoFix appears at reboot.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Unread postby foxydman » October 21st, 2006, 8:51 am

Heres the vundo report:

VundoFix V6.2.6

Checking Java version...

Java version is 1.4.2.5

Scan started at 13:36:25 03/12/2006

Listing files found while scanning....

C:\WINDOWS\system32\dthcnyag.dll
C:\WINDOWS\system32\ljhpkouq.dll
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\mnnmp.bak2
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\ssylbyvn.dll
C:\WINDOWS\system32\vlvdfpao.dll
C:\WINDOWS\system32\rieokuhs.exe
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\mnnmp.bak2
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\mnnmp.bak2
C:\WINDOWS\system32\mnnmp.ini2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dthcnyag.dll
C:\WINDOWS\system32\dthcnyag.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljhpkouq.dll
C:\WINDOWS\system32\ljhpkouq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\pmnnm.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\mnnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mnnmp.bak2
C:\WINDOWS\system32\mnnmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\mnnmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssylbyvn.dll
C:\WINDOWS\system32\ssylbyvn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vlvdfpao.dll
C:\WINDOWS\system32\vlvdfpao.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rieokuhs.exe
C:\WINDOWS\system32\rieokuhs.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\pmnnm.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\pmnnm.dll Has been deleted!

Performing Repairs to the registry.
Done!
foxydman
Regular Member
 
Posts: 24
Joined: October 1st, 2006, 2:13 pm

Unread postby Blade81 » October 21st, 2006, 8:54 am

Post also a fresh hjt log, please. :)
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Unread postby foxydman » October 21st, 2006, 9:02 am

heres the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 13:55:44, on 03/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\dskrfuoui.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?ezaog (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {6EB4642F-EA0D-8471-1005-DAB0CAF3D9F6} - sbin.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\ssylbyvn.dll (file missing)
O2 - BHO: (no name) - {5F50D52C-B35C-4027-AEBD-E9BED2103826} - C:\WINDOWS\system32\pmnnm.dll (file missing)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {D79559E8-9991-41C5-AA2B-A96EC766F43F} - (no file)
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [ajofaxe] c:\windows\system32\ejoubhg.exe r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [backorif] corrida.exe
O4 - HKCU\..\Run: [progmen] UserSp1.exe
O4 - HKCU\..\Run: [NukeSpan] hyandex.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Corel Network monitor worker - {E9F0AA63-7ED2-44E3-9B11-30D760476969} - C:\WINDOWS\System32\intlmain.dll (file missing)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {E9F0AA63-7ED2-44E3-9B11-30D760476969} - C:\WINDOWS\System32\intlmain.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\remove_me.dll (file missing) (HKCU)
O9 - Extra button: Corel Network monitor worker - {E9F0AA63-7ED2-44E3-9B11-30D760476969} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {E9F0AA63-7ED2-44E3-9B11-30D760476969} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 6819242075
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F1DC907-D1C8-476B-A89A-D1B946ECEB34}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D519547-75E9-4458-91FF-3180BABCC870}: NameServer = 69.50.184.84,195.225.176.37
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
foxydman
Regular Member
 
Posts: 24
Joined: October 1st, 2006, 2:13 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 323 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware