Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Adware-Zeno Removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Adware-Zeno Removal

Unread postby Paul W. » August 27th, 2007, 3:16 am

Howdy To All:
I'm hoping somebody would kindly help me remove this adware program from my computer. My McAfee has alerted me to blocking an Unwanted Program (PUP) named Adware-Zeno. Whenever I sign onto the net, I keep getting the annoying pop-ups. My son dropped off an Ad-Aware SE plus edition CD which I installed and ran. I followed all instructions to no avail, it appears I still have this adware program? Any and all help will be greatly appreciated. Thank you in advance, Paul.
Paul W.
Regular Member
 
Posts: 19
Joined: August 27th, 2007, 3:03 am
Location: Illinois
Advertisement
Register to Remove

Unread postby Paul W. » August 27th, 2007, 3:38 am

Here's my Hi-Jack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:36:19 AM, on 8/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\PAULWI~1\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\oxstfycy.dll",forkonce
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=9a966111-ec8c-4369-be6c-74dd82ac6fe6
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
Paul W.
Regular Member
 
Posts: 19
Joined: August 27th, 2007, 3:03 am
Location: Illinois

Unread postby ndmmxiaomayi » August 27th, 2007, 5:32 am

Hello Paul W. :)

Welcome to Malware Removal Forum. My name is mayi and I will be helping you. As I am still an undergraduate, I will need my fixes checked before posting back to you. Thank you for your patience.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby ndmmxiaomayi » August 27th, 2007, 9:45 am

Hello Paul W.,

Your HijackThis is running directly from a zipped file and this is not recommended as HijackThis makes backups. These backups will be lost when you close HijackThis and the zip program.

Step 1

  1. Please download the self-extracting version of HijackThis from here. Do Not run it directly via a browser. Save it to your desktop.
  2. Double click on hijackthis_sfx1991.exe to run it.
  3. Click on the Unzip button. It will install HijackThis to C:\Program Files\HijackThis.
  4. Go to C:\Program Files\HijackThis and right click on HijackThis.exe. Select Rename.
  5. Type in dumb and press Enter.
  6. Double click on dumb to run it.
  7. Select Do a system scan and save a logfile. Please post back this log in your next reply.
Do not fix anything you see as not all entries are harmful and are needed for the normal functioning of Windows.

Don't close HijackThis yet.

Step 2

  1. Click on the Config... button at the bottom right hand corner.
  2. At the top, click on the Misc Tools button.
  3. Look under System tools.
  4. Click on the Open Uninstall Manager... button.
  5. Click on the Save list... button.
  6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  7. Notepad will open. Please post this list in your next reply.

In your next reply, please post:

  1. A new HijackThis log
  2. The Uninstall list
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Paul W. » August 27th, 2007, 2:06 pm

Hello Mayi, and thank kindly you for your help. I've followed all your instructions above. I'm able to get as far as Save List in the UnInstall Manager, when I click on Save List it just closes out without any other prompts or options? It doesn't give me the opportunity to save the uninstall list. What to do? Paul
Paul W.
Regular Member
 
Posts: 19
Joined: August 27th, 2007, 3:03 am
Location: Illinois

Unread postby ndmmxiaomayi » August 27th, 2007, 2:28 pm

Hi Paul,

We will worry about that one later.

Could you please post the HijackThis log first?

Thanks.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Paul W. » August 27th, 2007, 2:33 pm

Sure thing:

Logfile of HijackThis v1.99.1
Scan saved at 12:52:58 PM, on 8/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Dumb\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\oxstfycy.dll",forkonce
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=9a966111-ec8c-4369-be6c-74dd82ac6fe6
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
Paul W.
Regular Member
 
Posts: 19
Joined: August 27th, 2007, 3:03 am
Location: Illinois

Unread postby ndmmxiaomayi » August 27th, 2007, 2:50 pm

Hi Paul,

You've renamed the HijackThis folder, not the program itself.

Let's try this instead:

Please open Notepad and copy and paste the following in the Code box into Notepad:

Code: Select all
cd C:\Program Files\Dumb
ren HijackThis.exe dumb.exe
start dumb.exe


Click on File > Save As....

In the File Name box, copy and paste in rename.bat
In the Save as type box, select All Files from the drop-down list.

Click Save. Close Notepad.

Double click rename.bat to run it. A Command Prompt window will open and close quickly; this is normal. After this, HijackThis will start.

Please do the following:

  1. Select Do a system scan and save a logfile. Please post back this log in your next reply.

    Do not fix anything you see as not all entries are harmful and are needed for the normal functioning of Windows.
  2. Click on the Config... button at the bottom right hand corner.
  3. At the top, click on the Misc Tools button.
  4. Look under System tools.
  5. Click on the Open Uninstall Manager... button.
  6. Click on the Save list... button.
  7. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  8. Notepad will open. Please post this list in your next reply.

In your next reply, please post:

  1. A new HijackThis log
  2. The Uninstall list
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Paul W. » August 27th, 2007, 3:02 pm

Hello, forgive me but I think I have it now. Computers are not my forte:

Logfile of HijackThis v1.99.1
Scan saved at 1:56:18 PM, on 8/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Dumb\dumb.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {47289790-9B67-46FA-81C6-FEFF961F7312} - C:\WINDOWS\system32\sstts.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\onalvvur.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\oxstfycy.dll",forkonce
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=9a966111-ec8c-4369-be6c-74dd82ac6fe6
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O20 - Winlogon Notify: sstts - C:\WINDOWS\system32\sstts.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe


Ad-Aware SE Plus
Adobe Reader 7.0
AIM 6.0
ATI Display Driver
Comcast Rhapsody
Comcast Toolbar
Creative MediaSource
Dell Driver Reset Tool
DellSupport
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
hp deskjet 3600
hp deskjet 3600 series
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
HP Update
Image Resizer Powertoy for Windows XP
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iTunes
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Macromedia Flash Player
McAfee SecurityCenter
McAfee SpamKiller
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Office Excel Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft PowerPoint Viewer 97
Modem Event Monitor
Modem Helper
Modem On Hold
Musicmatch® Jukebox
Picture Package
PowerDVD 5.3
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Sonic Encoders
Sony USB Driver
Sound Blaster Live! 24-bit
The Weather Channel Desktop
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Paul W.
Regular Member
 
Posts: 19
Joined: August 27th, 2007, 3:03 am
Location: Illinois

Unread postby ndmmxiaomayi » August 28th, 2007, 6:24 am

  1. Please download VundoFix.exe by Atribune from Atribune and save it to your desktop.
  2. Double click VundoFix.exe to run it.
  3. Click the Scan for Vundo button.
  4. Once it's done scanning, click the Remove Vundo button.
  5. You will receive a prompt asking if you want to remove the files, click YES
  6. Once you click yes, your desktop will go blank as it starts removing Vundo.
  7. When completed, it will prompt that it will reboot your computer, click OK.
  8. Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

In your next reply, please post:

  1. VundoFix report (C:\VundoFix.txt)
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Paul W. » August 28th, 2007, 10:10 am

Thank You, here is the HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:00:56 AM, on 8/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\uybxtwmk.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {769FDC93-9326-4C09-A9EF-AA4BA67284C3} - C:\WINDOWS\system32\sstts.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\oxstfycy.dll",forkonce
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=9a966111-ec8c-4369-be6c-74dd82ac6fe6
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DomainService - - C:\WINDOWS\system32\uybxtwmk.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe


Ad-Aware SE Plus
Adobe Reader 7.0
AIM 6.0
ATI Display Driver
Comcast Rhapsody
Comcast Toolbar
Creative MediaSource
Dell Driver Reset Tool
DellSupport
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
hp deskjet 3600
hp deskjet 3600 series
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
HP Update
Image Resizer Powertoy for Windows XP
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iTunes
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Macromedia Flash Player
McAfee SecurityCenter
McAfee SpamKiller
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Office Excel Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft PowerPoint Viewer 97
Modem Event Monitor
Modem Helper
Modem On Hold
Musicmatch® Jukebox
Picture Package
PowerDVD 5.3
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Sonic Encoders
Sony USB Driver
Sound Blaster Live! 24-bit
The Weather Channel Desktop
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086



VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:47:29 AM 8/28/2007

Listing files found while scanning....

C:\windows\system32\abivmufl.exe
C:\windows\system32\awfxfctm.dll
C:\windows\system32\bmijorcq.dll
C:\windows\system32\bnuxiyes.exe
C:\windows\system32\cdwxtnev.ini
C:\windows\system32\ckyfbknq.ini
C:\windows\system32\cxrtwftf.dll
C:\windows\system32\dfsjfatn.dll
C:\windows\system32\dsrjjoew.dll
C:\windows\system32\elexrvgi.ini
C:\windows\system32\epujdqik.ini
C:\windows\system32\ftfwtrxc.ini
C:\windows\system32\fwikvujh.ini
C:\windows\system32\fxdhnhxq.exe
C:\windows\system32\giqhrjoh.ini
C:\windows\system32\hhtsxpwt.dll
C:\windows\system32\hiqdnkxu.dll
C:\windows\system32\hjuvkiwf.dll
C:\windows\system32\hojrhqig.dll
C:\windows\system32\htpvlcsc.exe
C:\windows\system32\igvrxele.dll
C:\windows\system32\inixgujn.ini
C:\windows\system32\jpjmonlr.dll
C:\windows\system32\jtghdtfw.ini
C:\windows\system32\kiqdjupe.dll
C:\windows\system32\lsxcophw.ini
C:\windows\system32\mhtclilw.ini
C:\windows\system32\mnaknmvp.ini
C:\windows\system32\mrpwfftl.exe
C:\windows\system32\mtcfxfwa.ini
C:\windows\system32\njugxini.dll
C:\windows\system32\ntafjsfd.ini
C:\windows\system32\ohsfsooo.ini
C:\windows\system32\olgisait.dll
C:\WINDOWS\system32\onalvvur.dll
C:\windows\system32\ooosfsho.dll
C:\windows\system32\orlbejqx.ini
C:\windows\system32\orsyvfcg.exe
C:\WINDOWS\system32\oxstfycy.dll
C:\windows\system32\pexpeqlv.exe
C:\windows\system32\pjnfopbw.ini
C:\windows\system32\psmwtctu.dll
C:\windows\system32\pvmnkanm.dll
C:\windows\system32\qcrojimb.ini
C:\windows\system32\qlwkhsgf.exe
C:\windows\system32\qnkbfykc.dll
C:\windows\system32\rcqcipxv.ini
C:\windows\system32\rlnomjpj.ini
C:\windows\system32\rpiahceo.exe
C:\windows\system32\rradbyxt.dll
C:\windows\system32\siitdbpu.ini
C:\WINDOWS\system32\sstts.dll
C:\windows\system32\tiasiglo.ini
C:\windows\system32\twpxsthh.ini
C:\windows\system32\txybdarr.ini
C:\windows\system32\upbdtiis.dll
C:\windows\system32\utctwmsp.ini
C:\windows\system32\uxkndqih.ini
C:\windows\system32\ventxwdc.dll
C:\windows\system32\vxpicqcr.dll
C:\windows\system32\wbpofnjp.dll
C:\windows\system32\weojjrsd.ini
C:\windows\system32\wftdhgtj.dll
C:\windows\system32\whpocxsl.dll
C:\windows\system32\wlilcthm.dll
C:\windows\system32\xqjeblro.dll
C:\windows\system32\ygvkoohu.exe

Beginning removal...

Attempting to delete C:\windows\system32\abivmufl.exe
C:\windows\system32\abivmufl.exe Has been deleted!

Attempting to delete C:\windows\system32\awfxfctm.dll
C:\windows\system32\awfxfctm.dll Has been deleted!

Attempting to delete C:\windows\system32\bmijorcq.dll
C:\windows\system32\bmijorcq.dll Has been deleted!

Attempting to delete C:\windows\system32\bnuxiyes.exe
C:\windows\system32\bnuxiyes.exe Has been deleted!

Attempting to delete C:\windows\system32\cdwxtnev.ini
C:\windows\system32\cdwxtnev.ini Has been deleted!

Attempting to delete C:\windows\system32\ckyfbknq.ini
C:\windows\system32\ckyfbknq.ini Has been deleted!

Attempting to delete C:\windows\system32\cxrtwftf.dll
C:\windows\system32\cxrtwftf.dll Has been deleted!

Attempting to delete C:\windows\system32\dfsjfatn.dll
C:\windows\system32\dfsjfatn.dll Has been deleted!

Attempting to delete C:\windows\system32\dsrjjoew.dll
C:\windows\system32\dsrjjoew.dll Has been deleted!

Attempting to delete C:\windows\system32\elexrvgi.ini
C:\windows\system32\elexrvgi.ini Has been deleted!

Attempting to delete C:\windows\system32\epujdqik.ini
C:\windows\system32\epujdqik.ini Has been deleted!

Attempting to delete C:\windows\system32\ftfwtrxc.ini
C:\windows\system32\ftfwtrxc.ini Has been deleted!

Attempting to delete C:\windows\system32\fwikvujh.ini
C:\windows\system32\fwikvujh.ini Has been deleted!

Attempting to delete C:\windows\system32\fxdhnhxq.exe
C:\windows\system32\fxdhnhxq.exe Has been deleted!

Attempting to delete C:\windows\system32\giqhrjoh.ini
C:\windows\system32\giqhrjoh.ini Has been deleted!

Attempting to delete C:\windows\system32\hhtsxpwt.dll
C:\windows\system32\hhtsxpwt.dll Has been deleted!

Attempting to delete C:\windows\system32\hiqdnkxu.dll
C:\windows\system32\hiqdnkxu.dll Has been deleted!

Attempting to delete C:\windows\system32\hjuvkiwf.dll
C:\windows\system32\hjuvkiwf.dll Has been deleted!

Attempting to delete C:\windows\system32\hojrhqig.dll
C:\windows\system32\hojrhqig.dll Has been deleted!

Attempting to delete C:\windows\system32\htpvlcsc.exe
C:\windows\system32\htpvlcsc.exe Has been deleted!

Attempting to delete C:\windows\system32\igvrxele.dll
C:\windows\system32\igvrxele.dll Has been deleted!

Attempting to delete C:\windows\system32\inixgujn.ini
C:\windows\system32\inixgujn.ini Has been deleted!

Attempting to delete C:\windows\system32\jpjmonlr.dll
C:\windows\system32\jpjmonlr.dll Has been deleted!

Attempting to delete C:\windows\system32\jtghdtfw.ini
C:\windows\system32\jtghdtfw.ini Has been deleted!

Attempting to delete C:\windows\system32\kiqdjupe.dll
C:\windows\system32\kiqdjupe.dll Has been deleted!

Attempting to delete C:\windows\system32\lsxcophw.ini
C:\windows\system32\lsxcophw.ini Has been deleted!

Attempting to delete C:\windows\system32\mhtclilw.ini
C:\windows\system32\mhtclilw.ini Has been deleted!

Attempting to delete C:\windows\system32\mnaknmvp.ini
C:\windows\system32\mnaknmvp.ini Has been deleted!

Attempting to delete C:\windows\system32\mrpwfftl.exe
C:\windows\system32\mrpwfftl.exe Has been deleted!

Attempting to delete C:\windows\system32\mtcfxfwa.ini
C:\windows\system32\mtcfxfwa.ini Has been deleted!

Attempting to delete C:\windows\system32\njugxini.dll
C:\windows\system32\njugxini.dll Has been deleted!

Attempting to delete C:\windows\system32\ntafjsfd.ini
C:\windows\system32\ntafjsfd.ini Has been deleted!

Attempting to delete C:\windows\system32\ohsfsooo.ini
C:\windows\system32\ohsfsooo.ini Has been deleted!

Attempting to delete C:\windows\system32\olgisait.dll
C:\windows\system32\olgisait.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\onalvvur.dll
C:\WINDOWS\system32\onalvvur.dll Has been deleted!

Attempting to delete C:\windows\system32\ooosfsho.dll
C:\windows\system32\ooosfsho.dll Has been deleted!

Attempting to delete C:\windows\system32\orlbejqx.ini
C:\windows\system32\orlbejqx.ini Has been deleted!

Attempting to delete C:\windows\system32\orsyvfcg.exe
C:\windows\system32\orsyvfcg.exe Has been deleted!

Attempting to delete C:\windows\system32\pexpeqlv.exe
C:\windows\system32\pexpeqlv.exe Has been deleted!

Attempting to delete C:\windows\system32\pjnfopbw.ini
C:\windows\system32\pjnfopbw.ini Has been deleted!

Attempting to delete C:\windows\system32\psmwtctu.dll
C:\windows\system32\psmwtctu.dll Has been deleted!

Attempting to delete C:\windows\system32\pvmnkanm.dll
C:\windows\system32\pvmnkanm.dll Has been deleted!

Attempting to delete C:\windows\system32\qcrojimb.ini
C:\windows\system32\qcrojimb.ini Has been deleted!

Attempting to delete C:\windows\system32\qlwkhsgf.exe
C:\windows\system32\qlwkhsgf.exe Has been deleted!

Attempting to delete C:\windows\system32\qnkbfykc.dll
C:\windows\system32\qnkbfykc.dll Has been deleted!

Attempting to delete C:\windows\system32\rcqcipxv.ini
C:\windows\system32\rcqcipxv.ini Has been deleted!

Attempting to delete C:\windows\system32\rlnomjpj.ini
C:\windows\system32\rlnomjpj.ini Has been deleted!

Attempting to delete C:\windows\system32\rpiahceo.exe
C:\windows\system32\rpiahceo.exe Has been deleted!

Attempting to delete C:\windows\system32\rradbyxt.dll
C:\windows\system32\rradbyxt.dll Has been deleted!

Attempting to delete C:\windows\system32\siitdbpu.ini
C:\windows\system32\siitdbpu.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sstts.dll Has been deleted!

Attempting to delete C:\windows\system32\tiasiglo.ini
C:\windows\system32\tiasiglo.ini Has been deleted!

Attempting to delete C:\windows\system32\twpxsthh.ini
C:\windows\system32\twpxsthh.ini Has been deleted!

Attempting to delete C:\windows\system32\txybdarr.ini
C:\windows\system32\txybdarr.ini Has been deleted!

Attempting to delete C:\windows\system32\upbdtiis.dll
C:\windows\system32\upbdtiis.dll Has been deleted!

Attempting to delete C:\windows\system32\utctwmsp.ini
C:\windows\system32\utctwmsp.ini Has been deleted!

Attempting to delete C:\windows\system32\uxkndqih.ini
C:\windows\system32\uxkndqih.ini Has been deleted!

Attempting to delete C:\windows\system32\ventxwdc.dll
C:\windows\system32\ventxwdc.dll Has been deleted!

Attempting to delete C:\windows\system32\vxpicqcr.dll
C:\windows\system32\vxpicqcr.dll Has been deleted!

Attempting to delete C:\windows\system32\wbpofnjp.dll
C:\windows\system32\wbpofnjp.dll Has been deleted!

Attempting to delete C:\windows\system32\weojjrsd.ini
C:\windows\system32\weojjrsd.ini Has been deleted!

Attempting to delete C:\windows\system32\wftdhgtj.dll
C:\windows\system32\wftdhgtj.dll Has been deleted!

Attempting to delete C:\windows\system32\whpocxsl.dll
C:\windows\system32\whpocxsl.dll Has been deleted!

Attempting to delete C:\windows\system32\wlilcthm.dll
C:\windows\system32\wlilcthm.dll Has been deleted!

Attempting to delete C:\windows\system32\xqjeblro.dll
C:\windows\system32\xqjeblro.dll Has been deleted!

Attempting to delete C:\windows\system32\ygvkoohu.exe
C:\windows\system32\ygvkoohu.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:52:43 AM 8/28/2007

Listing files found while scanning....

C:\WINDOWS\system32\oxstfycy.dll
C:\WINDOWS\system32\ycyftsxo.ini
C:\WINDOWS\system32\ycyftsxo.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ycyftsxo.ini
C:\WINDOWS\system32\ycyftsxo.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ycyftsxo.tmp
C:\WINDOWS\system32\ycyftsxo.tmp Has been deleted!

Performing Repairs to the registry.
Done!


The following also came up while I was running the Vundo so I blocked access:

A program on your computer wants to connect to the Internet. Before it can, you must decide whether to allow it access. To protect your computer, you should only allow programs that you trust.

About this Program
Program: DDC
Location: C:\WINDOWS\SYSTEM32\uybxtwmk.exe
Recommendation: Unknown program
Tell McAfee about this program.
Paul W.
Regular Member
 
Posts: 19
Joined: August 27th, 2007, 3:03 am
Location: Illinois

Unread postby ndmmxiaomayi » August 29th, 2007, 12:22 am

Hi Paul,

Step 1

  1. Please open VundoFix.
  2. In the blank white space above the Scan For Vundo and Remove Vundo buttons, right click and select Add more files?.
  3. Add in the following files:
    • c:\windows\system32\oxstfycy.*
  4. Click Add Files, then Close Window.
  5. Click on Remove Vundo.
  6. You will receive a prompt asking if you want to remove the files, click YES.
  7. Once you click yes, your desktop will go blank as it starts removing Vundo.
  8. When completed, it will prompt that it will reboot your computer, click OK.
  9. Please post the contents of C:\vundofix.txt and a new HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Step 2

Please open Notepad and copy and paste the following in the Code box into Notepad:

Code: Select all
sc stop DomainService
sc delete DomainService


Click on File > Save As....

In the File Name box, copy and paste in delservices.bat
In the Save as type box, select All Files from the drop-down list.

Click Save.

Double click on delservices.bat. A Command Prompt window will open and close quickly; this is normal.

Step 3

Please restart your computer in Safe Mode.

  1. When you see BIOS screen, start pressing F8.
  2. A boot menu will appear shortly.
  3. Using the up down arrows, select Safe Mode and press the Enter key.
  4. Windows will now load.
  5. Log in to your usual account.

Step 4

Show hidden files and folders
  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Select Show hidden files and folders.
  6. Uncheck (untick) Hide extensions of known file types.
  7. Uncheck (untick) Hide protected operating system files (Recommended).
  8. Click Yes when prompted.
  9. Click OK.
  10. Close My Computer.

Step 5

Please navigate to C:\WINDOWS\system32 folder and delete this file: uybxtwmk.exe

Step 6

Restart your computer back into Normal Mode. Open HijackThis and select Do a system scan and save a logfile. Please post this log file as well as the Vundofix log file in your next reply.

In your next reply, please post:

  1. Vundofix log (C:\VundoFix.txt)
  2. The HijackThis log from Step 6


A program on your computer wants to connect to the Internet. Before it can, you must decide whether to allow it access. To protect your computer, you should only allow programs that you trust.

About this Program
Program: DDC
Location: C:\WINDOWS\SYSTEM32\uybxtwmk.exe
Recommendation: Unknown program
Tell McAfee about this program.


Glad that you block it. This program must not be allowed to access the Internet.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Paul W. » August 29th, 2007, 2:10 am

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:47:29 AM 8/28/2007

Listing files found while scanning....

C:\windows\system32\abivmufl.exe
C:\windows\system32\awfxfctm.dll
C:\windows\system32\bmijorcq.dll
C:\windows\system32\bnuxiyes.exe
C:\windows\system32\cdwxtnev.ini
C:\windows\system32\ckyfbknq.ini
C:\windows\system32\cxrtwftf.dll
C:\windows\system32\dfsjfatn.dll
C:\windows\system32\dsrjjoew.dll
C:\windows\system32\elexrvgi.ini
C:\windows\system32\epujdqik.ini
C:\windows\system32\ftfwtrxc.ini
C:\windows\system32\fwikvujh.ini
C:\windows\system32\fxdhnhxq.exe
C:\windows\system32\giqhrjoh.ini
C:\windows\system32\hhtsxpwt.dll
C:\windows\system32\hiqdnkxu.dll
C:\windows\system32\hjuvkiwf.dll
C:\windows\system32\hojrhqig.dll
C:\windows\system32\htpvlcsc.exe
C:\windows\system32\igvrxele.dll
C:\windows\system32\inixgujn.ini
C:\windows\system32\jpjmonlr.dll
C:\windows\system32\jtghdtfw.ini
C:\windows\system32\kiqdjupe.dll
C:\windows\system32\lsxcophw.ini
C:\windows\system32\mhtclilw.ini
C:\windows\system32\mnaknmvp.ini
C:\windows\system32\mrpwfftl.exe
C:\windows\system32\mtcfxfwa.ini
C:\windows\system32\njugxini.dll
C:\windows\system32\ntafjsfd.ini
C:\windows\system32\ohsfsooo.ini
C:\windows\system32\olgisait.dll
C:\WINDOWS\system32\onalvvur.dll
C:\windows\system32\ooosfsho.dll
C:\windows\system32\orlbejqx.ini
C:\windows\system32\orsyvfcg.exe
C:\WINDOWS\system32\oxstfycy.dll
C:\windows\system32\pexpeqlv.exe
C:\windows\system32\pjnfopbw.ini
C:\windows\system32\psmwtctu.dll
C:\windows\system32\pvmnkanm.dll
C:\windows\system32\qcrojimb.ini
C:\windows\system32\qlwkhsgf.exe
C:\windows\system32\qnkbfykc.dll
C:\windows\system32\rcqcipxv.ini
C:\windows\system32\rlnomjpj.ini
C:\windows\system32\rpiahceo.exe
C:\windows\system32\rradbyxt.dll
C:\windows\system32\siitdbpu.ini
C:\WINDOWS\system32\sstts.dll
C:\windows\system32\tiasiglo.ini
C:\windows\system32\twpxsthh.ini
C:\windows\system32\txybdarr.ini
C:\windows\system32\upbdtiis.dll
C:\windows\system32\utctwmsp.ini
C:\windows\system32\uxkndqih.ini
C:\windows\system32\ventxwdc.dll
C:\windows\system32\vxpicqcr.dll
C:\windows\system32\wbpofnjp.dll
C:\windows\system32\weojjrsd.ini
C:\windows\system32\wftdhgtj.dll
C:\windows\system32\whpocxsl.dll
C:\windows\system32\wlilcthm.dll
C:\windows\system32\xqjeblro.dll
C:\windows\system32\ygvkoohu.exe

Beginning removal...

Attempting to delete C:\windows\system32\abivmufl.exe
C:\windows\system32\abivmufl.exe Has been deleted!

Attempting to delete C:\windows\system32\awfxfctm.dll
C:\windows\system32\awfxfctm.dll Has been deleted!

Attempting to delete C:\windows\system32\bmijorcq.dll
C:\windows\system32\bmijorcq.dll Has been deleted!

Attempting to delete C:\windows\system32\bnuxiyes.exe
C:\windows\system32\bnuxiyes.exe Has been deleted!

Attempting to delete C:\windows\system32\cdwxtnev.ini
C:\windows\system32\cdwxtnev.ini Has been deleted!

Attempting to delete C:\windows\system32\ckyfbknq.ini
C:\windows\system32\ckyfbknq.ini Has been deleted!

Attempting to delete C:\windows\system32\cxrtwftf.dll
C:\windows\system32\cxrtwftf.dll Has been deleted!

Attempting to delete C:\windows\system32\dfsjfatn.dll
C:\windows\system32\dfsjfatn.dll Has been deleted!

Attempting to delete C:\windows\system32\dsrjjoew.dll
C:\windows\system32\dsrjjoew.dll Has been deleted!

Attempting to delete C:\windows\system32\elexrvgi.ini
C:\windows\system32\elexrvgi.ini Has been deleted!

Attempting to delete C:\windows\system32\epujdqik.ini
C:\windows\system32\epujdqik.ini Has been deleted!

Attempting to delete C:\windows\system32\ftfwtrxc.ini
C:\windows\system32\ftfwtrxc.ini Has been deleted!

Attempting to delete C:\windows\system32\fwikvujh.ini
C:\windows\system32\fwikvujh.ini Has been deleted!

Attempting to delete C:\windows\system32\fxdhnhxq.exe
C:\windows\system32\fxdhnhxq.exe Has been deleted!

Attempting to delete C:\windows\system32\giqhrjoh.ini
C:\windows\system32\giqhrjoh.ini Has been deleted!

Attempting to delete C:\windows\system32\hhtsxpwt.dll
C:\windows\system32\hhtsxpwt.dll Has been deleted!

Attempting to delete C:\windows\system32\hiqdnkxu.dll
C:\windows\system32\hiqdnkxu.dll Has been deleted!

Attempting to delete C:\windows\system32\hjuvkiwf.dll
C:\windows\system32\hjuvkiwf.dll Has been deleted!

Attempting to delete C:\windows\system32\hojrhqig.dll
C:\windows\system32\hojrhqig.dll Has been deleted!

Attempting to delete C:\windows\system32\htpvlcsc.exe
C:\windows\system32\htpvlcsc.exe Has been deleted!

Attempting to delete C:\windows\system32\igvrxele.dll
C:\windows\system32\igvrxele.dll Has been deleted!

Attempting to delete C:\windows\system32\inixgujn.ini
C:\windows\system32\inixgujn.ini Has been deleted!

Attempting to delete C:\windows\system32\jpjmonlr.dll
C:\windows\system32\jpjmonlr.dll Has been deleted!

Attempting to delete C:\windows\system32\jtghdtfw.ini
C:\windows\system32\jtghdtfw.ini Has been deleted!

Attempting to delete C:\windows\system32\kiqdjupe.dll
C:\windows\system32\kiqdjupe.dll Has been deleted!

Attempting to delete C:\windows\system32\lsxcophw.ini
C:\windows\system32\lsxcophw.ini Has been deleted!

Attempting to delete C:\windows\system32\mhtclilw.ini
C:\windows\system32\mhtclilw.ini Has been deleted!

Attempting to delete C:\windows\system32\mnaknmvp.ini
C:\windows\system32\mnaknmvp.ini Has been deleted!

Attempting to delete C:\windows\system32\mrpwfftl.exe
C:\windows\system32\mrpwfftl.exe Has been deleted!

Attempting to delete C:\windows\system32\mtcfxfwa.ini
C:\windows\system32\mtcfxfwa.ini Has been deleted!

Attempting to delete C:\windows\system32\njugxini.dll
C:\windows\system32\njugxini.dll Has been deleted!

Attempting to delete C:\windows\system32\ntafjsfd.ini
C:\windows\system32\ntafjsfd.ini Has been deleted!

Attempting to delete C:\windows\system32\ohsfsooo.ini
C:\windows\system32\ohsfsooo.ini Has been deleted!

Attempting to delete C:\windows\system32\olgisait.dll
C:\windows\system32\olgisait.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\onalvvur.dll
C:\WINDOWS\system32\onalvvur.dll Has been deleted!

Attempting to delete C:\windows\system32\ooosfsho.dll
C:\windows\system32\ooosfsho.dll Has been deleted!

Attempting to delete C:\windows\system32\orlbejqx.ini
C:\windows\system32\orlbejqx.ini Has been deleted!

Attempting to delete C:\windows\system32\orsyvfcg.exe
C:\windows\system32\orsyvfcg.exe Has been deleted!

Attempting to delete C:\windows\system32\pexpeqlv.exe
C:\windows\system32\pexpeqlv.exe Has been deleted!

Attempting to delete C:\windows\system32\pjnfopbw.ini
C:\windows\system32\pjnfopbw.ini Has been deleted!

Attempting to delete C:\windows\system32\psmwtctu.dll
C:\windows\system32\psmwtctu.dll Has been deleted!

Attempting to delete C:\windows\system32\pvmnkanm.dll
C:\windows\system32\pvmnkanm.dll Has been deleted!

Attempting to delete C:\windows\system32\qcrojimb.ini
C:\windows\system32\qcrojimb.ini Has been deleted!

Attempting to delete C:\windows\system32\qlwkhsgf.exe
C:\windows\system32\qlwkhsgf.exe Has been deleted!

Attempting to delete C:\windows\system32\qnkbfykc.dll
C:\windows\system32\qnkbfykc.dll Has been deleted!

Attempting to delete C:\windows\system32\rcqcipxv.ini
C:\windows\system32\rcqcipxv.ini Has been deleted!

Attempting to delete C:\windows\system32\rlnomjpj.ini
C:\windows\system32\rlnomjpj.ini Has been deleted!

Attempting to delete C:\windows\system32\rpiahceo.exe
C:\windows\system32\rpiahceo.exe Has been deleted!

Attempting to delete C:\windows\system32\rradbyxt.dll
C:\windows\system32\rradbyxt.dll Has been deleted!

Attempting to delete C:\windows\system32\siitdbpu.ini
C:\windows\system32\siitdbpu.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sstts.dll Has been deleted!

Attempting to delete C:\windows\system32\tiasiglo.ini
C:\windows\system32\tiasiglo.ini Has been deleted!

Attempting to delete C:\windows\system32\twpxsthh.ini
C:\windows\system32\twpxsthh.ini Has been deleted!

Attempting to delete C:\windows\system32\txybdarr.ini
C:\windows\system32\txybdarr.ini Has been deleted!

Attempting to delete C:\windows\system32\upbdtiis.dll
C:\windows\system32\upbdtiis.dll Has been deleted!

Attempting to delete C:\windows\system32\utctwmsp.ini
C:\windows\system32\utctwmsp.ini Has been deleted!

Attempting to delete C:\windows\system32\uxkndqih.ini
C:\windows\system32\uxkndqih.ini Has been deleted!

Attempting to delete C:\windows\system32\ventxwdc.dll
C:\windows\system32\ventxwdc.dll Has been deleted!

Attempting to delete C:\windows\system32\vxpicqcr.dll
C:\windows\system32\vxpicqcr.dll Has been deleted!

Attempting to delete C:\windows\system32\wbpofnjp.dll
C:\windows\system32\wbpofnjp.dll Has been deleted!

Attempting to delete C:\windows\system32\weojjrsd.ini
C:\windows\system32\weojjrsd.ini Has been deleted!

Attempting to delete C:\windows\system32\wftdhgtj.dll
C:\windows\system32\wftdhgtj.dll Has been deleted!

Attempting to delete C:\windows\system32\whpocxsl.dll
C:\windows\system32\whpocxsl.dll Has been deleted!

Attempting to delete C:\windows\system32\wlilcthm.dll
C:\windows\system32\wlilcthm.dll Has been deleted!

Attempting to delete C:\windows\system32\xqjeblro.dll
C:\windows\system32\xqjeblro.dll Has been deleted!

Attempting to delete C:\windows\system32\ygvkoohu.exe
C:\windows\system32\ygvkoohu.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:52:43 AM 8/28/2007

Listing files found while scanning....

C:\WINDOWS\system32\oxstfycy.dll
C:\WINDOWS\system32\ycyftsxo.ini
C:\WINDOWS\system32\ycyftsxo.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ycyftsxo.ini
C:\WINDOWS\system32\ycyftsxo.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ycyftsxo.tmp
C:\WINDOWS\system32\ycyftsxo.tmp Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Beginning removal...

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 12:49:35 AM 8/29/2007

Listing files found while scanning....

C:\WINDOWS\system32\oxstfycy.dll

Beginning removal...

Beginning removal...

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 1:07:15 AM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\uybxtwmk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {769FDC93-9326-4C09-A9EF-AA4BA67284C3} - C:\WINDOWS\system32\sstts.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\oxstfycy.dll",forkonce
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=9a966111-ec8c-4369-be6c-74dd82ac6fe6
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DomainService - - C:\WINDOWS\system32\uybxtwmk.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe


Ad-Aware SE Plus
Adobe Reader 7.0
AIM 6.0
ATI Display Driver
Comcast Rhapsody
Comcast Toolbar
Creative MediaSource
Dell Driver Reset Tool
DellSupport
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
hp deskjet 3600
hp deskjet 3600 series
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
HP Update
Image Resizer Powertoy for Windows XP
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iTunes
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Macromedia Flash Player
McAfee SecurityCenter
McAfee SpamKiller
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Office Excel Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft PowerPoint Viewer 97
Modem Event Monitor
Modem Helper
Modem On Hold
Musicmatch® Jukebox
Picture Package
PowerDVD 5.3
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Sonic Encoders
Sony USB Driver
Sound Blaster Live! 24-bit
The Weather Channel Desktop
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Paul W.
Regular Member
 
Posts: 19
Joined: August 27th, 2007, 3:03 am
Location: Illinois

Unread postby Paul W. » August 29th, 2007, 2:48 am

Here are the logs with a message at the end. Thank You.
VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:47:29 AM 8/28/2007

Listing files found while scanning....

C:\windows\system32\abivmufl.exe
C:\windows\system32\awfxfctm.dll
C:\windows\system32\bmijorcq.dll
C:\windows\system32\bnuxiyes.exe
C:\windows\system32\cdwxtnev.ini
C:\windows\system32\ckyfbknq.ini
C:\windows\system32\cxrtwftf.dll
C:\windows\system32\dfsjfatn.dll
C:\windows\system32\dsrjjoew.dll
C:\windows\system32\elexrvgi.ini
C:\windows\system32\epujdqik.ini
C:\windows\system32\ftfwtrxc.ini
C:\windows\system32\fwikvujh.ini
C:\windows\system32\fxdhnhxq.exe
C:\windows\system32\giqhrjoh.ini
C:\windows\system32\hhtsxpwt.dll
C:\windows\system32\hiqdnkxu.dll
C:\windows\system32\hjuvkiwf.dll
C:\windows\system32\hojrhqig.dll
C:\windows\system32\htpvlcsc.exe
C:\windows\system32\igvrxele.dll
C:\windows\system32\inixgujn.ini
C:\windows\system32\jpjmonlr.dll
C:\windows\system32\jtghdtfw.ini
C:\windows\system32\kiqdjupe.dll
C:\windows\system32\lsxcophw.ini
C:\windows\system32\mhtclilw.ini
C:\windows\system32\mnaknmvp.ini
C:\windows\system32\mrpwfftl.exe
C:\windows\system32\mtcfxfwa.ini
C:\windows\system32\njugxini.dll
C:\windows\system32\ntafjsfd.ini
C:\windows\system32\ohsfsooo.ini
C:\windows\system32\olgisait.dll
C:\WINDOWS\system32\onalvvur.dll
C:\windows\system32\ooosfsho.dll
C:\windows\system32\orlbejqx.ini
C:\windows\system32\orsyvfcg.exe
C:\WINDOWS\system32\oxstfycy.dll
C:\windows\system32\pexpeqlv.exe
C:\windows\system32\pjnfopbw.ini
C:\windows\system32\psmwtctu.dll
C:\windows\system32\pvmnkanm.dll
C:\windows\system32\qcrojimb.ini
C:\windows\system32\qlwkhsgf.exe
C:\windows\system32\qnkbfykc.dll
C:\windows\system32\rcqcipxv.ini
C:\windows\system32\rlnomjpj.ini
C:\windows\system32\rpiahceo.exe
C:\windows\system32\rradbyxt.dll
C:\windows\system32\siitdbpu.ini
C:\WINDOWS\system32\sstts.dll
C:\windows\system32\tiasiglo.ini
C:\windows\system32\twpxsthh.ini
C:\windows\system32\txybdarr.ini
C:\windows\system32\upbdtiis.dll
C:\windows\system32\utctwmsp.ini
C:\windows\system32\uxkndqih.ini
C:\windows\system32\ventxwdc.dll
C:\windows\system32\vxpicqcr.dll
C:\windows\system32\wbpofnjp.dll
C:\windows\system32\weojjrsd.ini
C:\windows\system32\wftdhgtj.dll
C:\windows\system32\whpocxsl.dll
C:\windows\system32\wlilcthm.dll
C:\windows\system32\xqjeblro.dll
C:\windows\system32\ygvkoohu.exe

Beginning removal...

Attempting to delete C:\windows\system32\abivmufl.exe
C:\windows\system32\abivmufl.exe Has been deleted!

Attempting to delete C:\windows\system32\awfxfctm.dll
C:\windows\system32\awfxfctm.dll Has been deleted!

Attempting to delete C:\windows\system32\bmijorcq.dll
C:\windows\system32\bmijorcq.dll Has been deleted!

Attempting to delete C:\windows\system32\bnuxiyes.exe
C:\windows\system32\bnuxiyes.exe Has been deleted!

Attempting to delete C:\windows\system32\cdwxtnev.ini
C:\windows\system32\cdwxtnev.ini Has been deleted!

Attempting to delete C:\windows\system32\ckyfbknq.ini
C:\windows\system32\ckyfbknq.ini Has been deleted!

Attempting to delete C:\windows\system32\cxrtwftf.dll
C:\windows\system32\cxrtwftf.dll Has been deleted!

Attempting to delete C:\windows\system32\dfsjfatn.dll
C:\windows\system32\dfsjfatn.dll Has been deleted!

Attempting to delete C:\windows\system32\dsrjjoew.dll
C:\windows\system32\dsrjjoew.dll Has been deleted!

Attempting to delete C:\windows\system32\elexrvgi.ini
C:\windows\system32\elexrvgi.ini Has been deleted!

Attempting to delete C:\windows\system32\epujdqik.ini
C:\windows\system32\epujdqik.ini Has been deleted!

Attempting to delete C:\windows\system32\ftfwtrxc.ini
C:\windows\system32\ftfwtrxc.ini Has been deleted!

Attempting to delete C:\windows\system32\fwikvujh.ini
C:\windows\system32\fwikvujh.ini Has been deleted!

Attempting to delete C:\windows\system32\fxdhnhxq.exe
C:\windows\system32\fxdhnhxq.exe Has been deleted!

Attempting to delete C:\windows\system32\giqhrjoh.ini
C:\windows\system32\giqhrjoh.ini Has been deleted!

Attempting to delete C:\windows\system32\hhtsxpwt.dll
C:\windows\system32\hhtsxpwt.dll Has been deleted!

Attempting to delete C:\windows\system32\hiqdnkxu.dll
C:\windows\system32\hiqdnkxu.dll Has been deleted!

Attempting to delete C:\windows\system32\hjuvkiwf.dll
C:\windows\system32\hjuvkiwf.dll Has been deleted!

Attempting to delete C:\windows\system32\hojrhqig.dll
C:\windows\system32\hojrhqig.dll Has been deleted!

Attempting to delete C:\windows\system32\htpvlcsc.exe
C:\windows\system32\htpvlcsc.exe Has been deleted!

Attempting to delete C:\windows\system32\igvrxele.dll
C:\windows\system32\igvrxele.dll Has been deleted!

Attempting to delete C:\windows\system32\inixgujn.ini
C:\windows\system32\inixgujn.ini Has been deleted!

Attempting to delete C:\windows\system32\jpjmonlr.dll
C:\windows\system32\jpjmonlr.dll Has been deleted!

Attempting to delete C:\windows\system32\jtghdtfw.ini
C:\windows\system32\jtghdtfw.ini Has been deleted!

Attempting to delete C:\windows\system32\kiqdjupe.dll
C:\windows\system32\kiqdjupe.dll Has been deleted!

Attempting to delete C:\windows\system32\lsxcophw.ini
C:\windows\system32\lsxcophw.ini Has been deleted!

Attempting to delete C:\windows\system32\mhtclilw.ini
C:\windows\system32\mhtclilw.ini Has been deleted!

Attempting to delete C:\windows\system32\mnaknmvp.ini
C:\windows\system32\mnaknmvp.ini Has been deleted!

Attempting to delete C:\windows\system32\mrpwfftl.exe
C:\windows\system32\mrpwfftl.exe Has been deleted!

Attempting to delete C:\windows\system32\mtcfxfwa.ini
C:\windows\system32\mtcfxfwa.ini Has been deleted!

Attempting to delete C:\windows\system32\njugxini.dll
C:\windows\system32\njugxini.dll Has been deleted!

Attempting to delete C:\windows\system32\ntafjsfd.ini
C:\windows\system32\ntafjsfd.ini Has been deleted!

Attempting to delete C:\windows\system32\ohsfsooo.ini
C:\windows\system32\ohsfsooo.ini Has been deleted!

Attempting to delete C:\windows\system32\olgisait.dll
C:\windows\system32\olgisait.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\onalvvur.dll
C:\WINDOWS\system32\onalvvur.dll Has been deleted!

Attempting to delete C:\windows\system32\ooosfsho.dll
C:\windows\system32\ooosfsho.dll Has been deleted!

Attempting to delete C:\windows\system32\orlbejqx.ini
C:\windows\system32\orlbejqx.ini Has been deleted!

Attempting to delete C:\windows\system32\orsyvfcg.exe
C:\windows\system32\orsyvfcg.exe Has been deleted!

Attempting to delete C:\windows\system32\pexpeqlv.exe
C:\windows\system32\pexpeqlv.exe Has been deleted!

Attempting to delete C:\windows\system32\pjnfopbw.ini
C:\windows\system32\pjnfopbw.ini Has been deleted!

Attempting to delete C:\windows\system32\psmwtctu.dll
C:\windows\system32\psmwtctu.dll Has been deleted!

Attempting to delete C:\windows\system32\pvmnkanm.dll
C:\windows\system32\pvmnkanm.dll Has been deleted!

Attempting to delete C:\windows\system32\qcrojimb.ini
C:\windows\system32\qcrojimb.ini Has been deleted!

Attempting to delete C:\windows\system32\qlwkhsgf.exe
C:\windows\system32\qlwkhsgf.exe Has been deleted!

Attempting to delete C:\windows\system32\qnkbfykc.dll
C:\windows\system32\qnkbfykc.dll Has been deleted!

Attempting to delete C:\windows\system32\rcqcipxv.ini
C:\windows\system32\rcqcipxv.ini Has been deleted!

Attempting to delete C:\windows\system32\rlnomjpj.ini
C:\windows\system32\rlnomjpj.ini Has been deleted!

Attempting to delete C:\windows\system32\rpiahceo.exe
C:\windows\system32\rpiahceo.exe Has been deleted!

Attempting to delete C:\windows\system32\rradbyxt.dll
C:\windows\system32\rradbyxt.dll Has been deleted!

Attempting to delete C:\windows\system32\siitdbpu.ini
C:\windows\system32\siitdbpu.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sstts.dll Has been deleted!

Attempting to delete C:\windows\system32\tiasiglo.ini
C:\windows\system32\tiasiglo.ini Has been deleted!

Attempting to delete C:\windows\system32\twpxsthh.ini
C:\windows\system32\twpxsthh.ini Has been deleted!

Attempting to delete C:\windows\system32\txybdarr.ini
C:\windows\system32\txybdarr.ini Has been deleted!

Attempting to delete C:\windows\system32\upbdtiis.dll
C:\windows\system32\upbdtiis.dll Has been deleted!

Attempting to delete C:\windows\system32\utctwmsp.ini
C:\windows\system32\utctwmsp.ini Has been deleted!

Attempting to delete C:\windows\system32\uxkndqih.ini
C:\windows\system32\uxkndqih.ini Has been deleted!

Attempting to delete C:\windows\system32\ventxwdc.dll
C:\windows\system32\ventxwdc.dll Has been deleted!

Attempting to delete C:\windows\system32\vxpicqcr.dll
C:\windows\system32\vxpicqcr.dll Has been deleted!

Attempting to delete C:\windows\system32\wbpofnjp.dll
C:\windows\system32\wbpofnjp.dll Has been deleted!

Attempting to delete C:\windows\system32\weojjrsd.ini
C:\windows\system32\weojjrsd.ini Has been deleted!

Attempting to delete C:\windows\system32\wftdhgtj.dll
C:\windows\system32\wftdhgtj.dll Has been deleted!

Attempting to delete C:\windows\system32\whpocxsl.dll
C:\windows\system32\whpocxsl.dll Has been deleted!

Attempting to delete C:\windows\system32\wlilcthm.dll
C:\windows\system32\wlilcthm.dll Has been deleted!

Attempting to delete C:\windows\system32\xqjeblro.dll
C:\windows\system32\xqjeblro.dll Has been deleted!

Attempting to delete C:\windows\system32\ygvkoohu.exe
C:\windows\system32\ygvkoohu.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:52:43 AM 8/28/2007

Listing files found while scanning....

C:\WINDOWS\system32\oxstfycy.dll
C:\WINDOWS\system32\ycyftsxo.ini
C:\WINDOWS\system32\ycyftsxo.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ycyftsxo.ini
C:\WINDOWS\system32\ycyftsxo.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ycyftsxo.tmp
C:\WINDOWS\system32\ycyftsxo.tmp Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Beginning removal...

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 12:49:35 AM 8/29/2007

Listing files found while scanning....

C:\WINDOWS\system32\oxstfycy.dll

Beginning removal...

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 1:31:00 AM 8/29/2007

Listing files found while scanning....

C:\WINDOWS\system32\oxstfycy.dll

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 1:34:55 AM 8/29/2007

Listing files found while scanning....

C:\WINDOWS\system32\oxstfycy.dll

Beginning removal...

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 1:39:24 AM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {769FDC93-9326-4C09-A9EF-AA4BA67284C3} - C:\WINDOWS\system32\sstts.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\oxstfycy.dll",forkonce
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=9a966111-ec8c-4369-be6c-74dd82ac6fe6
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe


Ad-Aware SE Plus
Adobe Reader 7.0
AIM 6.0
ATI Display Driver
Comcast Rhapsody
Comcast Toolbar
Creative MediaSource
Dell Driver Reset Tool
DellSupport
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
hp deskjet 3600
hp deskjet 3600 series
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
HP Update
Image Resizer Powertoy for Windows XP
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iTunes
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Macromedia Flash Player
McAfee SecurityCenter
McAfee SpamKiller
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Office Excel Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft PowerPoint Viewer 97
Modem Event Monitor
Modem Helper
Modem On Hold
Musicmatch® Jukebox
Picture Package
PowerDVD 5.3
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Sonic Encoders
Sony USB Driver
Sound Blaster Live! 24-bit
The Weather Channel Desktop
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086

On start up, I keep getting these blue boxes with RUNDLL in the top left corner that state:
"Error Loading C:\WINDOWS\System32\oxstfycy.dll
The specified module could not be found"
Paul W.
Regular Member
 
Posts: 19
Joined: August 27th, 2007, 3:03 am
Location: Illinois

Unread postby ndmmxiaomayi » August 29th, 2007, 9:28 am

Hi Paul,

That's not the correct one. We'll go step-by-step.

  1. Please open VundoFix.
  2. In the blank white space above the Scan For Vundo and Remove Vundo buttons, right click and select Add more files?.
  3. Copy and paste in the following files:
    • c:\windows\system32\oxstfycy.*
  4. Click Add Files, then Close Window.
  5. Click on Remove Vundo.
  6. You will receive a prompt asking if you want to remove the files, click YES.
  7. Once you click yes, your desktop will go blank as it starts removing Vundo.
  8. When completed, it will prompt that it will reboot your computer, click OK.
  9. Open My Computer.
  10. Double click on your C drive.
  11. In your C drive, you will find a log named vundofix.txt.
  12. Double click to open it.
  13. Click on Edit > Select All.
  14. Click on Edit > Copy.
  15. Return back to this topic, click on Post Reply.
  16. Click on Edit > Paste to paste the VundoFix log.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 281 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware