Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Please Help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Please Help!

Unread postby vetteengr » November 13th, 2006, 5:07 pm

Help please. I have attached my Hijack file...
Logfile of HijackThis v1.99.1
Scan saved at 2:51:19 PM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Documents and Settings\Power User\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dhanyanair.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... r.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 http://www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: (no name) - % - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - `% - (no file)
O2 - BHO: (no name) - {17DC0A5A-15A1-4695-45CE-04CCE17A6347} - C:\WINDOWS\system32\ckpvode.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {3C5B3070-57F7-A253-4FFF-028F4AB89ACF} - C:\WINDOWS\system32\acpvadl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9660013F-CF01-49BB-9A62-718631A70E8D} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\sgfhbcsj.dll (file missing)
O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\jkkhfdd.dll
O2 - BHO: (no name) - à$ - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series on NAIR] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P43 "Auto EPSON Stylus Photo R300 Series on NAIR" /O15 "\\NAIR\Printer5" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvren.dll,startup
O4 - HKLM\..\Run: [ckpvode.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ckpvode.dll,urjcvdc
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dzntpsc.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\dzntpsc.dll,cbjfgud
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... se8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3432767164
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/ins ... downde.cab
O18 - Protocol: bw+0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: jkkhfdd - C:\WINDOWS\SYSTEM32\jkkhfdd.dll
O20 - Winlogon Notify: mljgh - C:\WINDOWS\system32\mljgh.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
vetteengr
Regular Member
 
Posts: 33
Joined: November 13th, 2006, 4:55 pm
Top
Advertisement
Register to Remove

Unread postby Mr_JAk3 » November 14th, 2006, 1:38 am

Hi vetteengr and welcome to Malware Removal Forums :)

You got some infections there...

At first you need to disable a few realtime protections. These may interfere with our cleaning process.
We'll enable these when you're clean...

Disable Windows Defender's realtime protection.
  • Open Windows Defender
  • Click on "Tools"
  • Click on "General Settings"
  • Scroll down to "Real-time protection options"
  • Uncheck "Turn on Real-time protection (recommended)"
  • Click "Save"
  • Exit the program.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

NOTE: Do not run any other options from SmitfraudFix until I tell you to do so!
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland
Top

Please Help!

Unread postby vetteengr » November 14th, 2006, 10:15 pm

You have no idea how much I appreciate you taking the time to help me fix my problem. After running Vundofix and rebooting I got a few dll missing pop-ups. I have attached the context of the text file from Smitfraudfx below.
Thnx again!

SmitFraudFix v2.121

Scan done at 20:09:42.73, Tue 11/14/2006
Run from C:\Documents and Settings\Power User\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Power User


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Power User\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\POWERU~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="sockspy.dll"


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
vetteengr
Regular Member
 
Posts: 33
Joined: November 13th, 2006, 4:55 pm
Top

Unread postby Mr_JAk3 » November 15th, 2006, 2:16 am

Hi again :)

You ran VundoFix too, right ?

Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Then we'll continue ;)
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland
Top

Help Please!

Unread postby vetteengr » November 15th, 2006, 7:03 am

HI:
Yes I ran vudofix - This is the txt file

VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.6

Scan started at 7:12:28 PM 11/14/2006

Listing files found while scanning....

C:\WINDOWS\system32\acpvadl.dll
C:\WINDOWS\system32\cdvuqfb.dll
C:\WINDOWS\system32\ckpvode.dll
C:\WINDOWS\system32\dzntpsc.dll
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.tmp
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\acpvadl.dll
C:\WINDOWS\system32\acpvadl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cdvuqfb.dll
C:\WINDOWS\system32\cdvuqfb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ckpvode.dll
C:\WINDOWS\system32\ckpvode.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dzntpsc.dll
C:\WINDOWS\system32\dzntpsc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mljgh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.tmp
C:\WINDOWS\system32\hgjlm.tmp Has been deleted!

Performing Repairs to the registry.
Done!


and the new Hijackthis file is:

Logfile of HijackThis v1.99.1
Scan saved at 4:59:58 AM, on 11/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Power User\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dhanyanair.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... r.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 http://www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: (no name) - % - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - `% - (no file)
O2 - BHO: (no name) - {17DC0A5A-15A1-4695-45CE-04CCE17A6347} - C:\WINDOWS\system32\ckpvode.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {3C5B3070-57F7-A253-4FFF-028F4AB89ACF} - C:\WINDOWS\system32\acpvadl.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9660013F-CF01-49BB-9A62-718631A70E8D} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\sgfhbcsj.dll (file missing)
O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\jkkhfdd.dll
O2 - BHO: (no name) - à$ - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series on NAIR] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P43 "Auto EPSON Stylus Photo R300 Series on NAIR" /O15 "\\NAIR\Printer5" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvren.dll,startup
O4 - HKLM\..\Run: [ckpvode.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ckpvode.dll,urjcvdc
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dzntpsc.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\dzntpsc.dll,cbjfgud
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... se8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3432767164
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/ins ... downde.cab
O18 - Protocol: bw+0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: jkkhfdd - C:\WINDOWS\SYSTEM32\jkkhfdd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


Thanx again :)
vetteengr
Regular Member
 
Posts: 33
Joined: November 13th, 2006, 4:55 pm
Top

Unread postby Mr_JAk3 » November 15th, 2006, 9:29 am

Hi again :)

Before we'll continue I would like you to do something for me...
I need you too upload a malware file for further inspection.

Make your hidden files visible:
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Uncheck "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.
Please go here to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread
    • Click "Browse" on the 1. field.
      Browse to the following file and click the file with your mouse, press "Open"
      C:\WINDOWS\system32\jkkhfdd.dll
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File
Please let me know when you have done this and then we'll get you cleaned ;)
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland
Top

Please Help!

Unread postby vetteengr » November 15th, 2006, 8:55 pm

Hi :)
I have posted the file that you requested :)

various errors happening currently:(
1. system freezes up - explorer using up 50% and setpoint using up 50% of CPU.
2. When i do a force reboot two dll files not found msg .. hmmm

thnx again..
vetteengr
Regular Member
 
Posts: 33
Joined: November 13th, 2006, 4:55 pm
Top

Unread postby Mr_JAk3 » November 16th, 2006, 5:47 am

Hi again and thanks for the upload :)

Open VundoFix again:
  • Click the Scan for Vundo button.
  • Once the scan is complete, Right Click inside the listbox (white box) and click add more files
  • Copy&Paste the 2 entries below into the top 2 boxes
  • C:\WINDOWS\system32\jkkhfdd.dll
  • C:\WINDOWS\system32\ddfhkkj.*
  • Click Add Files and Click Close Window
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Then we'll clean the remainings...
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland
Top

Please Help!

Unread postby vetteengr » November 16th, 2006, 9:09 pm

Hi: I have included the new Hijack file and the vundofix.txt file...


thnx again:)

Logfile of HijackThis v1.99.1
Scan saved at 7:06:37 PM, on 11/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Power User\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dhanyanair.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... r.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 http://www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: (no name) - % - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - `% - (no file)
O2 - BHO: (no name) - {17DC0A5A-15A1-4695-45CE-04CCE17A6347} - C:\WINDOWS\system32\ckpvode.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {3C5B3070-57F7-A253-4FFF-028F4AB89ACF} - C:\WINDOWS\system32\acpvadl.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9660013F-CF01-49BB-9A62-718631A70E8D} - C:\WINDOWS\system32\mljgh.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\sgfhbcsj.dll (file missing)
O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\jkkhfdd.dll (file missing)
O2 - BHO: (no name) - à$ - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series on NAIR] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P43 "Auto EPSON Stylus Photo R300 Series on NAIR" /O15 "\\NAIR\Printer5" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ckpvode.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ckpvode.dll,urjcvdc
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dzntpsc.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\dzntpsc.dll,cbjfgud
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... se8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3432767164
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/ins ... downde.cab
O18 - Protocol: bw+0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.6

Scan started at 7:12:28 PM 11/14/2006

Listing files found while scanning....

C:\WINDOWS\system32\acpvadl.dll
C:\WINDOWS\system32\cdvuqfb.dll
C:\WINDOWS\system32\ckpvode.dll
C:\WINDOWS\system32\dzntpsc.dll
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.tmp
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\acpvadl.dll
C:\WINDOWS\system32\acpvadl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cdvuqfb.dll
C:\WINDOWS\system32\cdvuqfb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ckpvode.dll
C:\WINDOWS\system32\ckpvode.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dzntpsc.dll
C:\WINDOWS\system32\dzntpsc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mljgh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.tmp
C:\WINDOWS\system32\hgjlm.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.6

Scan started at 6:57:40 PM 11/16/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkkhfdd.dll
C:\WINDOWS\system32\jkkhfdd.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkkhfdd.dll
C:\WINDOWS\system32\jkkhfdd.dll Has been deleted!

Performing Repairs to the registry.
Done!
vetteengr
Regular Member
 
Posts: 33
Joined: November 13th, 2006, 4:55 pm
Top

Unread postby Mr_JAk3 » November 17th, 2006, 2:51 am

Hi again, we'll continue :)

You seem to have this Logitech Desktop Messenger installed. The program is legitimate but a huge "resource hog".
If you don't use it, I recommend that you uninstall it via Control Panel -> Add/Remove programs

You should print these instructions or save these to a text file. Follow these instructions carefully.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.

Disable Windows Defender's realtime protection.
  • Open Windows Defender
  • Click on "Tools"
  • Click on "General Settings"
  • Scroll down to "Real-time protection options"
  • Uncheck "Turn on Real-time protection (recommended)"
  • Click "Save"
  • Exit the program.
There is a new version of SmitfraudFix available. Please remove the old version from your computer.
Please download the latets version of SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop

==================

Open Control Panel -> Add/Remove programs -> Remove all the of the following or similar entries if found:

J2SE Runtime Environment 5.0 Update 6 <--- We'll download & install the latest version later
and any other programs you didn't install or don't recognize - if your not sure please ask first

Open VundoFix again:
  • Click the Scan for Vundo button.
  • Once the scan is complete, Right Click inside the listbox (white box) and click add more files
  • Copy&Paste the 2 entries below into the top 2 boxes
  • C:\WINDOWS\system32\mljgh.dll
  • C:\WINDOWS\system32\hgjlm.*
  • Click Add Files and Click Close Window
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

O2 - BHO: (no name) - % - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - `% - (no file)
O2 - BHO: (no name) - {17DC0A5A-15A1-4695-45CE-04CCE17A6347} - C:\WINDOWS\system32\ckpvode.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {3C5B3070-57F7-A253-4FFF-028F4AB89ACF} - C:\WINDOWS\system32\acpvadl.dll (file missing)
O2 - BHO: (no name) - {9660013F-CF01-49BB-9A62-718631A70E8D} - C:\WINDOWS\system32\mljgh.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\sgfhbcsj.dll (file missing)
O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\jkkhfdd.dll (file missing)
O2 - BHO: (no name) - à$ - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ckpvode.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ckpvode.dll,urjcvdc
O4 - HKLM\..\Run: [dzntpsc.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\dzntpsc.dll,cbjfgud
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.

Go to the My Computer and delete the following folders (if present):
C:\Program Files\Java

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Restart to the safe mode again.

Run ATF Cleaner
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

================

When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
- contents of C:\Rapport.txt
- contents of C:\Vundofix.txt
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland
Top

Help Please

Unread postby vetteengr » November 18th, 2006, 7:30 am

Hi Again :)
Took for ever to do the scans.. lol.. system crashed couple times :)

Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 5:26:35 AM, on 11/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Power User\Desktop\hijackthis\HijackThis.exe

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 http://www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series on NAIR] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P43 "Auto EPSON Stylus Photo R300 Series on NAIR" /O15 "\\NAIR\Printer5" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... se8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3432767164
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/ins ... downde.cab
O18 - Protocol: bw+0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {D1DF8606-0C76-4CA5-A5E2-4823E8CC76D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

AVG Scan:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:19:57 AM 11/18/2006

+ Scan result:



C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP215\A0133253.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP216\A0134296.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP218\A0135359.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP218\A0135395.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP211\A0122950.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP211\A0122962.dll -> Adware.CommAd : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39F25B12-74FF-4079-A51F-1D70F5B08B84} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39F25B12-74FF-4079-A51F-1D70F5B08B84} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1214440339-220523388-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1214440339-220523388-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39F25B12-74FF-4079-A51F-1D70F5B08B84} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP214\A0133029.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP213\A0125003.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{9C9DCE6A-0F96-1033-1108-050405120001}\services.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP211\A0122957.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP214\A0133082.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP215\A0133084.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP215\A0133085.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP212\A0122979.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasdc.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasers.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP210\A0122948.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP216\A0133272.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\Documents and Settings\Power User\My Documents\Мicrosoft\explorer.exe -> Downloader.PurityScan.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP208\A0122941.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\Program Files\Common Files\muif\muifd\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP208\A0122943.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP208\A0122940.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP208\A0122942.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP211\A0122952.exe -> Downloader.Zlob.aes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP213\A0127156.dll -> Downloader.Zlob.akg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP211\A0122954.exe -> Downloader.Zlob.auw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP213\A0127158.exe -> Downloader.Zlob.auy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP215\A0133086.exe -> Downloader.Zlob.avb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP215\A0133087.exe -> Downloader.Zlob.avb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP212\A0122980.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP234\A0148400.dll -> Not-A-Virus.Hoax.Win32.Renos.ge : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP234\A0148401.dll -> Not-A-Virus.Hoax.Win32.Renos.ge : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP211\A0122949.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP216\A0134303.dll -> Trojan.Agent.vg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACAF45EF-530D-4057-A9AD-845E48410CFB}\RP216\A0133290.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).


::Report end

Vundofix log:
undoFix V6.2.8

Checking Java version...

Java version is 1.5.0.6

Scan started at 7:12:28 PM 11/14/2006

Listing files found while scanning....

C:\WINDOWS\system32\acpvadl.dll
C:\WINDOWS\system32\cdvuqfb.dll
C:\WINDOWS\system32\ckpvode.dll
C:\WINDOWS\system32\dzntpsc.dll
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.tmp
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\acpvadl.dll
C:\WINDOWS\system32\acpvadl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cdvuqfb.dll
C:\WINDOWS\system32\cdvuqfb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ckpvode.dll
C:\WINDOWS\system32\ckpvode.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dzntpsc.dll
C:\WINDOWS\system32\dzntpsc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mljgh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.tmp
C:\WINDOWS\system32\hgjlm.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.6

Scan started at 6:57:40 PM 11/16/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkkhfdd.dll
C:\WINDOWS\system32\jkkhfdd.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkkhfdd.dll
C:\WINDOWS\system32\jkkhfdd.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.6

Scan started at 7:31:22 PM 11/17/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

Attempting to delete C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mljgh.dll Has been deleted!

Performing Repairs to the registry.
Done!

Rapport log:

SmitFraudFix v2.122

Scan done at 20:00:15.90, Fri 11/17/2006
Run from C:\Documents and Settings\Power User\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



Thank you again for your help :)
vetteengr
Regular Member
 
Posts: 33
Joined: November 13th, 2006, 4:55 pm
Top

Unread postby Mr_JAk3 » November 18th, 2006, 10:30 am

Hi again, looks much better now :)

We'll continue...

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland
Top

Help Please!

Unread postby vetteengr » November 19th, 2006, 11:27 am

Hi Again :) Sorry for the delay..

Combofix log file:

Power User - 06-11-19 9:25:44.13 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Power User\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{3C9DCE6A-0F96-1033-1108-050405120001}
C:\Program Files\Common Files\{9C9DCE6A-0F96-1033-1108-050405120001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Power User\My Documents\ICROSO~1
C:\QooBox\Purity\Documents and Settings\Power User\My Documents\ICROSO~1\?icrosoft
C:\QooBox\Purity\Program Files\ICROSO~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-19 to 2006-11-19 ))))))))))))))))))))))))))))))))))


2006-11-17 20:31 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-17 19:55 3,002 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-13 19:15 692,276 --a------ C:\WINDOWS\system32\ssqrs.dll
2006-11-13 19:11 692,276 --a------ C:\WINDOWS\system32\ssttu.dll
2006-11-13 19:11 692,276 --a------ C:\WINDOWS\system32\ddabc.dll
2006-11-13 19:10 692,276 --a------ C:\WINDOWS\system32\gebya.dll
2006-11-13 19:06 692,276 --a------ C:\WINDOWS\system32\pmnlm.dll
2006-11-13 19:05 692,276 --a------ C:\WINDOWS\system32\ddaba.dll
2006-11-13 19:04 692,276 --a------ C:\WINDOWS\system32\mljji.dll
2006-11-13 19:00 692,276 --a------ C:\WINDOWS\system32\vtuts.dll
2006-11-13 19:00 692,276 --a------ C:\WINDOWS\system32\vtsts.dll
2006-11-13 18:59 692,276 --a------ C:\WINDOWS\system32\ssqpo.dll
2006-11-13 18:55 692,276 --a------ C:\WINDOWS\system32\mllji.dll
2006-11-13 18:54 692,276 --a------ C:\WINDOWS\system32\pmkhg.dll
2006-11-13 18:53 692,276 --a------ C:\WINDOWS\system32\gebcy.dll
2006-11-13 18:49 692,276 --a------ C:\WINDOWS\system32\sstqq.dll
2006-11-13 18:49 692,276 --a------ C:\WINDOWS\system32\ddccd.dll
2006-11-13 18:48 692,276 --a------ C:\WINDOWS\system32\mljjk.dll
2006-11-13 18:44 692,276 --a------ C:\WINDOWS\system32\jkhhe.dll
2006-11-13 18:44 692,276 --a------ C:\WINDOWS\system32\awtqp.dll
2006-11-13 18:43 692,276 --a------ C:\WINDOWS\system32\vtutr.dll
2006-11-13 18:39 692,276 --a------ C:\WINDOWS\system32\mljgg.dll
2006-11-13 18:39 692,276 --a------ C:\WINDOWS\system32\jkklj.dll
2006-11-13 18:38 692,276 --a------ C:\WINDOWS\system32\geebb.dll
2006-11-13 18:34 692,276 --a------ C:\WINDOWS\system32\ssqpm.dll
2006-11-13 18:34 692,276 --a------ C:\WINDOWS\system32\mlljk.dll
2006-11-13 18:33 692,276 --a------ C:\WINDOWS\system32\vturo.dll
2006-11-13 18:29 692,276 --a------ C:\WINDOWS\system32\pmkjh.dll
2006-11-13 18:29 692,276 --a------ C:\WINDOWS\system32\ddayv.dll
2006-11-13 18:28 692,276 --a------ C:\WINDOWS\system32\awvvs.dll
2006-11-13 18:24 692,276 --a------ C:\WINDOWS\system32\vtsqp.dll
2006-11-13 18:23 692,276 --a------ C:\WINDOWS\system32\ssqpn.dll
2006-11-13 18:22 692,276 --a------ C:\WINDOWS\system32\ssqrp.dll
2006-11-13 18:18 692,276 --a------ C:\WINDOWS\system32\vturr.dll
2006-11-13 18:18 692,276 --a------ C:\WINDOWS\system32\awtst.dll
2006-11-13 18:17 692,276 --a------ C:\WINDOWS\system32\vtsqr.dll
2006-11-13 18:13 692,276 --a------ C:\WINDOWS\system32\geebx.dll
2006-11-13 18:13 692,276 --a------ C:\WINDOWS\system32\ddayw.dll
2006-11-13 18:12 692,276 --a------ C:\WINDOWS\system32\vtsqo.dll
2006-11-13 18:08 692,276 --a------ C:\WINDOWS\system32\jkhhg.dll
2006-11-13 18:08 692,276 --a------ C:\WINDOWS\system32\jkhfg.dll
2006-11-13 18:07 692,276 --a------ C:\WINDOWS\system32\sstqr.dll
2006-11-13 18:03 692,276 --a------ C:\WINDOWS\system32\ssttq.dll
2006-11-13 18:03 692,276 --a------ C:\WINDOWS\system32\mllmk.dll
2006-11-13 18:02 692,276 --a------ C:\WINDOWS\system32\gebca.dll
2006-11-13 17:58 692,276 --a------ C:\WINDOWS\system32\mljjj.dll
2006-11-13 17:58 692,276 --a------ C:\WINDOWS\system32\gebyx.dll
2006-11-13 17:57 692,276 --a------ C:\WINDOWS\system32\vtutt.dll
2006-11-13 17:53 692,276 --a------ C:\WINDOWS\system32\pmkhe.dll
2006-11-13 17:53 692,276 --a------ C:\WINDOWS\system32\awtsq.dll
2006-11-13 17:52 692,276 --a------ C:\WINDOWS\system32\gebyw.dll
2006-11-13 17:48 692,276 --a------ C:\WINDOWS\system32\pmnlk.dll
2006-11-13 17:48 692,276 --a------ C:\WINDOWS\system32\awvvv.dll
2006-11-13 17:47 692,276 --a------ C:\WINDOWS\system32\geedd.dll
2006-11-13 17:43 692,276 --a------ C:\WINDOWS\system32\ssqpq.dll
2006-11-13 17:43 692,276 --a------ C:\WINDOWS\system32\ddabx.dll
2006-11-13 17:42 692,276 --a------ C:\WINDOWS\system32\pmnnm.dll
2006-11-13 17:38 692,276 --a------ C:\WINDOWS\system32\jkkji.dll
2006-11-13 17:38 692,276 --a------ C:\WINDOWS\system32\jkhhf.dll
2006-11-13 17:36 692,276 --a------ C:\WINDOWS\system32\ddcya.dll
2006-11-13 17:33 692,276 --a------ C:\WINDOWS\system32\jkhhi.dll
2006-11-13 17:33 692,276 --a------ C:\WINDOWS\system32\ddabb.dll
2006-11-13 17:31 692,276 --a------ C:\WINDOWS\system32\jkkjh.dll
2006-11-13 17:28 692,276 --a------ C:\WINDOWS\system32\pmkjj.dll
2006-11-13 17:27 692,276 --a------ C:\WINDOWS\system32\pmkhh.dll
2006-11-13 17:26 692,276 --a------ C:\WINDOWS\system32\mllmn.dll
2006-11-13 17:22 692,276 --a------ C:\WINDOWS\system32\vtutq.dll
2006-11-13 17:22 692,276 --a------ C:\WINDOWS\system32\ssqrr.dll
2006-11-13 17:21 692,276 --a------ C:\WINDOWS\system32\pmkjg.dll
2006-11-13 17:17 692,276 --a------ C:\WINDOWS\system32\sstqn.dll
2006-11-13 17:17 692,276 --a------ C:\WINDOWS\system32\mlljh.dll
2006-11-13 17:16 692,276 --a------ C:\WINDOWS\system32\jkkjk.dll
2006-11-13 17:12 692,276 --a------ C:\WINDOWS\system32\jkhhh.dll
2006-11-13 17:11 692,276 --a------ C:\WINDOWS\system32\awtsr.dll
2006-11-13 17:10 692,276 --a------ C:\WINDOWS\system32\ddaby.dll
2006-11-13 17:07 692,276 --a------ C:\WINDOWS\system32\awtqn.dll
2006-11-13 17:06 692,276 --a------ C:\WINDOWS\system32\vtstu.dll
2006-11-13 17:05 692,276 --a------ C:\WINDOWS\system32\ssttt.dll
2006-11-13 17:02 692,276 --a------ C:\WINDOWS\system32\awvts.dll
2006-11-13 17:01 692,276 --a------ C:\WINDOWS\system32\mljge.dll
2006-11-13 17:00 692,276 --a------ C:\WINDOWS\system32\vturp.dll
2006-11-13 16:57 692,276 --a------ C:\WINDOWS\system32\geedb.dll
2006-11-13 16:56 692,276 --a------ C:\WINDOWS\system32\ddayy.dll
2006-11-13 16:55 692,276 --a------ C:\WINDOWS\system32\vtsqq.dll
2006-11-13 16:52 692,276 --a------ C:\WINDOWS\system32\vtstt.dll
2006-11-13 16:51 692,276 --a------ C:\WINDOWS\system32\geeda.dll
2006-11-13 16:50 692,276 --a------ C:\WINDOWS\system32\mljjg.dll
2006-11-13 16:47 692,276 --a------ C:\WINDOWS\system32\geeby.dll
2006-11-13 16:46 692,276 --a------ C:\WINDOWS\system32\mllml.dll
2006-11-13 16:45 692,276 --a------ C:\WINDOWS\system32\vtstr.dll
2006-11-13 16:41 692,276 --a------ C:\WINDOWS\system32\pmnll.dll
2006-11-13 16:41 692,276 --a------ C:\WINDOWS\system32\jkhfc.dll
2006-11-13 16:36 692,276 --a------ C:\WINDOWS\system32\geedc.dll
2006-11-13 16:36 692,276 --a------ C:\WINDOWS\system32\awtsp.dll
2006-11-13 16:35 692,276 --a------ C:\WINDOWS\system32\mlljg.dll
2006-11-13 16:31 692,276 --a------ C:\WINDOWS\system32\gebcd.dll
2006-11-13 16:31 692,276 --a------ C:\WINDOWS\system32\awvvu.dll
2006-11-13 16:30 692,276 --a------ C:\WINDOWS\system32\sstts.dll
2006-11-13 16:26 692,276 --a------ C:\WINDOWS\system32\jkkjg.dll
2006-11-13 16:26 692,276 --a------ C:\WINDOWS\system32\awvtq.dll
2006-11-13 16:25 692,276 --a------ C:\WINDOWS\system32\mllmm.dll
2006-11-13 16:21 692,276 --a------ C:\WINDOWS\system32\pmkhf.dll
2006-11-13 16:20 692,276 --a------ C:\WINDOWS\system32\pmnnl.dll
2006-11-13 16:19 692,276 --a------ C:\WINDOWS\system32\pmkjk.dll
2006-11-13 16:15 692,276 --a------ C:\WINDOWS\system32\gebcb.dll
2006-11-13 16:15 692,276 --a------ C:\WINDOWS\system32\ddccb.dll
2006-11-13 16:14 692,276 --a------ C:\WINDOWS\system32\gebyv.dll
2006-11-13 16:10 692,276 --a------ C:\WINDOWS\system32\vturs.dll
2006-11-13 16:10 692,276 --a------ C:\WINDOWS\system32\pmkhi.dll
2006-11-13 16:09 692,276 --a------ C:\WINDOWS\system32\pmkji.dll
2006-11-13 16:05 692,276 --a------ C:\WINDOWS\system32\pmnlj.dll
2006-11-13 16:05 692,276 --a------ C:\WINDOWS\system32\ddcyw.dll
2006-11-13 16:04 692,276 --a------ C:\WINDOWS\system32\pmnno.dll
2006-11-13 16:00 692,276 --a------ C:\WINDOWS\system32\jkkjj.dll
2006-11-13 16:00 692,276 --a------ C:\WINDOWS\system32\awtss.dll
2006-11-13 15:59 692,276 --a------ C:\WINDOWS\system32\geeba.dll
2006-11-13 15:55 692,276 --a------ C:\WINDOWS\system32\pmnnk.dll
2006-11-13 15:55 692,276 --a------ C:\WINDOWS\system32\ddcyv.dll
2006-11-13 15:54 692,276 --a------ C:\WINDOWS\system32\jkhff.dll
2006-11-13 15:50 692,276 --a------ C:\WINDOWS\system32\gebyy.dll
2006-11-13 15:50 692,276 --a------ C:\WINDOWS\system32\ddayx.dll
2006-11-13 15:48 692,276 --a------ C:\WINDOWS\system32\gebcc.dll
2006-11-13 15:44 692,276 --a------ C:\WINDOWS\system32\vtutu.dll
2006-11-13 15:44 692,276 --a------ C:\WINDOWS\system32\mlljj.dll
2006-11-13 15:43 692,276 --a------ C:\WINDOWS\system32\geebc.dll
2006-11-13 15:39 692,276 --a------ C:\WINDOWS\system32\jkkll.dll
2006-11-13 15:39 692,276 --a------ C:\WINDOWS\system32\jkkli.dll
2006-11-13 15:38 692,276 --a------ C:\WINDOWS\system32\ssqrq.dll
2006-11-13 15:34 692,276 --a------ C:\WINDOWS\system32\geede.dll
2006-11-13 15:34 692,276 --a------ C:\WINDOWS\system32\awtqq.dll
2006-11-13 15:33 692,276 --a------ C:\WINDOWS\system32\ddaya.dll
2006-11-13 15:29 692,276 --a------ C:\WINDOWS\system32\jkklm.dll
2006-11-13 15:29 692,276 --a------ C:\WINDOWS\system32\awvtr.dll
2006-11-13 15:28 692,276 --a------ C:\WINDOWS\system32\awtqo.dll
2006-11-13 15:24 692,276 --a------ C:\WINDOWS\system32\vtstq.dll
2006-11-13 15:24 692,276 --a------ C:\WINDOWS\system32\jkhfe.dll
2006-11-13 15:23 692,276 --a------ C:\WINDOWS\system32\awvtt.dll
2006-11-13 15:19 692,276 --a------ C:\WINDOWS\system32\ddccy.dll
2006-11-13 15:18 692,276 --a------ C:\WINDOWS\system32\ddcyy.dll
2006-11-13 15:17 692,276 --a------ C:\WINDOWS\system32\pmnnn.dll
2006-11-13 15:13 692,276 --a------ C:\WINDOWS\system32\ssqpp.dll
2006-11-13 15:13 692,276 --a------ C:\WINDOWS\system32\jkhfd.dll
2006-11-13 15:12 692,276 --a------ C:\WINDOWS\system32\mljgd.dll
2006-11-13 15:10 692,276 --a------ C:\WINDOWS\system32\ddccc.dll
2006-11-13 15:08 692,276 --a------ C:\WINDOWS\system32\ddcyx.dll
2006-11-13 15:07 692,276 --a------ C:\WINDOWS\system32\awvtu.dll
2006-11-13 15:06 692,276 --a------ C:\WINDOWS\system32\ssqro.dll
2006-11-13 15:02 692,276 --a------ C:\WINDOWS\system32\vtsqn.dll
2006-11-13 15:02 692,276 --a------ C:\WINDOWS\system32\pmnli.dll
2006-11-13 15:00 692,276 --a------ C:\WINDOWS\system32\awtqr.dll
2006-11-13 14:57 692,276 --a------ C:\WINDOWS\system32\sstqo.dll
2006-11-13 14:56 692,276 --a------ C:\WINDOWS\system32\mllmj.dll
2006-11-13 14:55 692,276 --a------ C:\WINDOWS\system32\ssttr.dll
2006-11-13 14:51 692,276 --a------ C:\WINDOWS\system32\ddcca.dll
2006-11-13 14:51 692,276 --a------ C:\WINDOWS\system32\awvvt.dll
2006-11-13 14:49 692,276 --a------ C:\WINDOWS\system32\mljgf.dll
2006-11-13 14:46 692,276 --a------ C:\WINDOWS\system32\jkklk.dll
2006-11-13 14:45 692,276 --a------ C:\WINDOWS\system32\mljjh.dll
2006-11-13 14:44 692,276 --a------ C:\WINDOWS\system32\vturq.dll
2006-11-13 14:40 692,276 --a------ C:\WINDOWS\system32\awvvw.dll
2006-11-13 14:14 692,276 --a------ C:\WINDOWS\system32\sstqp.dll
2006-11-13 09:51 121,856 --a------ C:\WINDOWS\system32\xmllite.dll
2006-11-09 20:57 110,612 --a------ C:\WINDOWS\system32\xdpsmlqr.exe
2006-11-09 20:57 110,612 --a------ C:\WINDOWS\system32\qinfwjwm.exe
2006-11-09 20:54 110,612 --a------ C:\WINDOWS\system32\ygacdgkj.exe
2006-11-09 17:58 110,612 --a------ C:\WINDOWS\system32\tweoshno.exe
2006-11-08 17:58 110,612 --a------ C:\WINDOWS\system32\eltjwtjd.exe
2006-11-07 17:58 110,612 --a------ C:\WINDOWS\system32\jnekaypb.exe
2006-11-06 17:58 110,612 --a------ C:\WINDOWS\system32\tbhavaty.exe
2006-11-06 17:53 110,612 --a------ C:\WINDOWS\system32\dumkapkx.exe
2006-11-06 17:36 40,973 --ahs---- C:\WINDOWS\system32\qomllmk.dll
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-27 02:44 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-19 09:25 -------- d-------- C:\Program Files\Common Files
2006-11-19 09:23 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-18 05:31 -------- d-------- C:\Program Files\Logitech
2006-11-18 05:19 -------- d-------- C:\Program Files\VSAdd-in
2006-11-18 05:19 -------- d-------- C:\Program Files\DIGStream
2006-11-18 05:19 -------- d-------- C:\Program Files\Common Files\WinAntiSpyware 2006 Free
2006-11-17 20:31 -------- d-------- C:\Program Files\Grisoft
2006-11-17 08:00 -------- d-------- C:\Documents and Settings\Power User\Application Data\AVG7
2006-11-17 03:00 -------- d-------- C:\Program Files\Internet Explorer
2006-11-13 14:18 -------- d-------- C:\Program Files\Common Files\Softwin
2006-11-13 13:59 -------- d-------- C:\Program Files\Windows Live Safety Center
2006-11-11 16:51 -------- d-------- C:\Program Files\Opera
2006-11-08 20:51 -------- d-------- C:\Program Files\Trend Micro
2006-11-07 11:57 -------- d-------- C:\Documents and Settings\Power User\Application Data\Mozilla
2006-11-06 21:57 -------- d-------- C:\Program Files\Yahoo!
2006-11-06 21:57 -------- d-------- C:\Program Files\Roguescanfix
2006-11-06 20:23 -------- d-------- C:\Program Files\Alwil Software
2006-11-06 19:20 -------- d-------- C:\Program Files\Softwin
2006-11-06 19:12 -------- d-------- C:\Program Files\Windows Defender
2006-11-06 19:06 -------- d-------- C:\Program Files\Common Files\muif
2006-11-06 18:50 -------- d-------- C:\Documents and Settings\Power User\Application Data\Help
2006-11-06 17:51 -------- d-------- C:\Documents and Settings\Power User\Application Data\Yahoo!
2006-11-06 17:47 -------- d-------- C:\Documents and Settings\Power User\Application Data\WinAntiSpyware 2006
2006-11-06 17:34 -------- d-------- C:\Program Files\PQDVD
2006-11-02 22:50 -------- d-------- C:\Program Files\iTunes
2006-10-29 18:00 -------- d-------- C:\Program Files\dvdSanta
2006-10-29 09:05 -------- d-------- C:\Program Files\Common Files\Real
2006-10-25 06:01 -------- d-------- C:\Program Files\QuickTime
2006-10-25 06:01 -------- d-------- C:\Program Files\iPod
2006-10-25 06:01 -------- d-------- C:\Documents and Settings\Power User\Application Data\Apple Computer
2006-10-16 17:08 -------- d-------- C:\Documents and Settings\Power User\Application Data\uTorrent
2006-10-15 02:00 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-13 13:08 -------- d---s---- C:\Documents and Settings\Power User\Application Data\Microsoft
2006-10-13 06:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 06:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 06:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 04:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-09-12 23:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-08 18:50 164352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2006-09-06 17:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 09:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 19:54 21112 --a------ C:\Documents and Settings\Power User\Application Data\GDIPFONTCACHEV1.DAT
2006-08-21 06:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 03:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"EPSON Stylus Photo R300 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2F1.EXE /P30 \"EPSON Stylus Photo R300 Series\" /O6 \"USB001\" /M \"Stylus Photo R300\""
"Auto EPSON Stylus Photo R300 Series on NAIR"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2F1.EXE /P43 \"Auto EPSON Stylus Photo R300 Series on NAIR\" /O15 \"\\\\NAIR\\Printer5\" /M \"Stylus Photo R300\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"MediaLifeService"="\"C:\\Program Files\\Logitech\\MediaLife\\MediaLifeService.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
"DisableTaskMgr"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-11-19 9:26:19.18
C:\ComboFix.txt ... 06-11-19 09:26

thanx again
vetteengr
Regular Member
 
Posts: 33
Joined: November 13th, 2006, 4:55 pm
Top

Unread postby Mr_JAk3 » November 20th, 2006, 2:21 am

Hi again, we'll continue :)

Sorry for the delay...

You seem to have this WinAntiSpyware 2006 Free program installed. It has a suspicious reputation and AVG AntiSpyware already removed parts of it. We'll remove it completely. You can read more from here. If you really want to continue using this, you need to download & install it again.

Save these to a text file to your desktop, you need to have access to this from safe mode. Follow these instructions carefully.

Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

Open Control Panel -> Add/Remove programs -> Remove all the of the following or similar entries if found:

WinAntiSpyware

and any other programs you didn't install or don't recognize - if your not sure please ask first

Backup your registry:
  • Start
  • Run
  • Type the following to the box and hit Ok: regedit
  • A window opens, click on File
  • Choose Export form the menu
  • Change the save location to C:\
  • Give the filename, RegBackUp
  • Make sure that the filetype is set to Registryfiles (*.reg)
  • Click on Save and Close the window
Open Notepad (NOT WORDPAD!) and copy the following lines from the quote box below into a new document, leaving a blank line at the end. (don't forget to copy and paste the word REGEDIT4) :

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2}"=-


Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Save the document to your desktop as Fix.reg and filetype: All Files
Go to your desktop and double click on the file to run Fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.
Go to the My Computer and delete the following folders (if present):
C:\Program Files\VSAdd-in
C:\Program Files\Common Files\WinAntiSpyware 2006 Free
C:\Program Files\Common Files\muif
C:\Documents and Settings\Power User\Application Data\WinAntiSpyware 2006

Run ATF Cleaner
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Please run Killbox.

Select "Delete on Reboot".
Select "All Files".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\sstqq.dll
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\awtqp.dll
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\ssqpm.dll
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\vturo.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\awvvs.dll
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\vturr.dll
C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\ddayw.dll
C:\WINDOWS\system32\vtsqo.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\gebyw.dll
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\pmkhh.dll
C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\vtutq.dll
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\geeby.dll
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\jkkjg.dll
C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\pmkjk.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\pmnnk.dll
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\gebyy.dll
C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\geede.dll
C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\jkklm.dll
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\vtsqn.dll
C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\sstqo.dll
C:\WINDOWS\system32\mllmj.dll
C:\WINDOWS\system32\ssttr.dll
c:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\xdpsmlqr.exe
C:\WINDOWS\system32\qinfwjwm.exe
C:\WINDOWS\system32\ygacdgkj.exe
C:\WINDOWS\system32\tweoshno.exe
C:\WINDOWS\system32\eltjwtjd.exe
C:\WINDOWS\system32\jnekaypb.exe
C:\WINDOWS\system32\tbhavaty.exe
C:\WINDOWS\system32\dumkapkx.exe
C:\WINDOWS\system32\qomllmk.dll
C:\WINDOWS\system32\SpoonUninstall.exe

Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If the computer isn't automatically restarted, restart it yourself.
Be patient, the reboot may take a while because a large amount of files is removed during the reboot.

Run ComboFix again.
================

When you're ready, please post the following logs to here:
- new Combofix log
- a fresh HijackThis log
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland
Top

Help Please

Unread postby vetteengr » November 20th, 2006, 8:53 pm

Hello:)
Here are my Hijackthis and Combofix logs:

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 6:53:48 PM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Power User\Desktop\hijackthis\HijackThis.exe

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 http://www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series on NAIR] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P43 "Auto EPSON Stylus Photo R300 Series on NAIR" /O15 "\\NAIR\Printer5" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... se8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3432767164
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/ins ... downde.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Combofix log:

Power User - 06-11-20 18:52:52.23 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Power User\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Power User\My Documents\ICROSO~1
C:\QooBox\Purity\Documents and Settings\Power User\My Documents\ICROSO~1\?icrosoft
C:\QooBox\Purity\Program Files\ICROSO~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-20 to 2006-11-20 ))))))))))))))))))))))))))))))))))


2006-11-20 18:28 15,083,368 --a------ C:\RegBackUp.reg
2006-11-19 18:35 1,933,312 --a------ C:\WINDOWS\system32\cdintf250.dll
2006-11-17 20:31 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-17 19:55 3,002 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-13 09:51 121,856 --a------ C:\WINDOWS\system32\xmllite.dll
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-27 02:44 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-20 18:42 -------- d-------- C:\Program Files\Common Files
2006-11-20 18:32 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-19 18:35 -------- d-------- C:\Program Files\Quicken
2006-11-19 18:35 -------- d-------- C:\Program Files\Common Files\Palo Alto Software
2006-11-19 18:35 -------- d-------- C:\Program Files\Common Files\Intuit
2006-11-19 18:35 -------- d-------- C:\Documents and Settings\Power User\Application Data\Intuit
2006-11-18 05:31 -------- d-------- C:\Program Files\Logitech
2006-11-18 05:19 -------- d-------- C:\Program Files\DIGStream
2006-11-17 20:31 -------- d-------- C:\Program Files\Grisoft
2006-11-17 08:00 -------- d-------- C:\Documents and Settings\Power User\Application Data\AVG7
2006-11-17 03:00 -------- d-------- C:\Program Files\Internet Explorer
2006-11-13 14:18 -------- d-------- C:\Program Files\Common Files\Softwin
2006-11-13 13:59 -------- d-------- C:\Program Files\Windows Live Safety Center
2006-11-11 16:51 -------- d-------- C:\Program Files\Opera
2006-11-08 20:51 -------- d-------- C:\Program Files\Trend Micro
2006-11-07 11:57 -------- d-------- C:\Documents and Settings\Power User\Application Data\Mozilla
2006-11-06 21:57 -------- d-------- C:\Program Files\Yahoo!
2006-11-06 21:57 -------- d-------- C:\Program Files\Roguescanfix
2006-11-06 20:23 -------- d-------- C:\Program Files\Alwil Software
2006-11-06 19:20 -------- d-------- C:\Program Files\Softwin
2006-11-06 19:12 -------- d-------- C:\Program Files\Windows Defender
2006-11-06 18:50 -------- d-------- C:\Documents and Settings\Power User\Application Data\Help
2006-11-06 17:51 -------- d-------- C:\Documents and Settings\Power User\Application Data\Yahoo!
2006-11-06 17:34 -------- d-------- C:\Program Files\PQDVD
2006-11-02 22:50 -------- d-------- C:\Program Files\iTunes
2006-10-29 18:00 -------- d-------- C:\Program Files\dvdSanta
2006-10-29 09:05 -------- d-------- C:\Program Files\Common Files\Real
2006-10-25 06:01 -------- d-------- C:\Program Files\QuickTime
2006-10-25 06:01 -------- d-------- C:\Program Files\iPod
2006-10-25 06:01 -------- d-------- C:\Documents and Settings\Power User\Application Data\Apple Computer
2006-10-16 17:08 -------- d-------- C:\Documents and Settings\Power User\Application Data\uTorrent
2006-10-15 02:00 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-13 13:08 -------- d---s---- C:\Documents and Settings\Power User\Application Data\Microsoft
2006-10-13 06:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 06:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 06:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 04:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-09-12 23:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 17:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 09:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 19:54 21112 --a------ C:\Documents and Settings\Power User\Application Data\GDIPFONTCACHEV1.DAT
2006-08-21 06:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 03:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"EPSON Stylus Photo R300 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2F1.EXE /P30 \"EPSON Stylus Photo R300 Series\" /O6 \"USB001\" /M \"Stylus Photo R300\""
"Auto EPSON Stylus Photo R300 Series on NAIR"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2F1.EXE /P43 \"Auto EPSON Stylus Photo R300 Series on NAIR\" /O15 \"\\\\NAIR\\Printer5\" /M \"Stylus Photo R300\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"MediaLifeService"="\"C:\\Program Files\\Logitech\\MediaLife\\MediaLifeService.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
"DisableTaskMgr"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-11-20 18:53:17.78
C:\ComboFix.txt ... 06-11-20 18:53
C:\ComboFix2.txt ... 06-11-19 09:26

Thanx again :)
vetteengr
Regular Member
 
Posts: 33
Joined: November 13th, 2006, 4:55 pm
Top
Advertisement
Register to Remove
Next
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 157 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index