Infected By Various Unknown Virus/malware/spyware

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Infected By Various Unknown Virus/malware/spyware, Found some virus, but unable to delete it.

Options

mabok View Member Profile	Jul 7 2008, 02:23 AM Post #1
New Member Group: Members Posts: 10 Joined: 5-May 08 Member No.: 207,110	Deckard's System Scanner v20071014.68 Run by Owner on 2008-07-07 15:15:55 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:15:59, on 7/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {41B93EB1-608A-465B-A1F0-EA1DFEC3E247} - C:\WINDOWS\system32\awtqqnnM.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {8B5EDCE5-E91A-4757-BA98-DFFF814D9DD7} - C:\WINDOWS\system32\hgGwVlMc.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.5.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: awtqqnnM - awtqqnnM.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 7879 bytes -- Files created between 2008-06-07 and 2008-07-07 ----------------------------- 2008-07-07 14:53:14 89088 --a------ C:\WINDOWS\system32\txxprdnp.dll 2008-07-07 14:50:19 89088 -----n--- C:\WINDOWS\system32\kgmyejjm.dll 2008-07-06 14:49:31 88576 --a------ C:\WINDOWS\system32\pyoxdppc.dll 2008-07-06 14:36:02 88576 --a------ C:\WINDOWS\system32\rvjynqbh.dll 2008-07-02 20:55:35 0 d--h----- C:\$AVG8.VAULT$ 2008-07-02 20:45:03 0 d-------- C:\WINDOWS\system32\drivers\Avg 2008-07-02 20:44:57 0 d-------- C:\Program Files\AVG 2008-07-02 20:44:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-29 20:43:16 0 d--hs---- C:\FOUND.013 2008-06-28 16:01:25 0 d-------- C:\Program Files\SweetIM 2008-06-28 16:01:25 0 d-------- C:\Documents and Settings\All Users\Application Data\SweetIM 2008-06-27 00:59:05 92747 --ahs---- C:\WINDOWS\system32\cMlVwGgh.ini2 2008-06-27 00:59:01 318208 --a------ C:\WINDOWS\system32\hgGwVlMc.dll 2008-06-27 00:45:33 163840 --a------ C:\WINDOWS\tovafrnm.exe 2008-06-27 00:45:33 163840 --a------ C:\WINDOWS\etgv.exe 2008-06-25 18:53:32 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer 2008-06-25 18:52:51 0 d-------- C:\Program Files\iPod 2008-06-25 18:52:39 0 d-------- C:\Program Files\iTunes 2008-06-25 18:52:14 0 d-------- C:\Program Files\Bonjour 2008-06-25 18:50:46 0 d-------- C:\Program Files\QuickTime 2008-06-25 18:50:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-25 18:49:54 0 d-------- C:\Program Files\Apple Software Update 2008-06-25 18:48:56 0 d-------- C:\Program Files\Common Files\Apple 2008-06-25 18:48:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-06-22 23:39:33 0 d-------- C:\Documents and Settings\Owner\Application Data\Help 2008-06-22 15:05:08 0 d--hs---- C:\FOUND.011 2008-06-11 09:07:06 0 d--hs---- C:\FOUND.010 2008-06-07 15:52:50 0 d--hs---- C:\FOUND.008 2008-06-07 13:34:24 0 d-------- C:\Documents and Settings\Owner\Application Data\HP 2008-06-07 13:33:43 0 d-------- C:\Documents and Settings\All Users\Application Data\WEBREG 2008-06-07 13:08:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2008-06-07 13:06:28 0 d--hs---- C:\FOUND.007 2008-06-07 12:17:51 0 d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY 2008-06-07 12:17:38 0 d-------- C:\Documents and Settings\Owner\Application Data\HPAppData 2008-06-07 12:15:33 0 d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant 2008-06-07 12:15:32 0 d-------- C:\Documents and Settings\All Users\Application Data\HP 2008-06-07 12:15:21 0 d-------- C:\Program Files\Common Files\HP 2008-06-07 12:15:06 0 d-------- C:\Program Files\Hewlett-Packard 2008-06-07 12:14:57 0 d-------- C:\Program Files\Common Files\Hewlett-Packard 2008-06-07 12:13:55 0 d-------- C:\Program Files\HP 2008-06-07 12:12:46 2000 -----n--- C:\WINDOWS\hpomdl14.dat 2008-06-07 12:12:46 141048 --a------ C:\WINDOWS\hpoins14.dat -- Find3M Report --------------------------------------------------------------- 2008-06-27 18:54:42 2248 --a------ C:\WINDOWS\system32\tmp.reg 2008-06-06 22:18:50 0 d-------- C:\Program Files\Microsoft Silverlight 2008-05-11 13:31:56 0 d-------- C:\Documents and Settings\Owner\Application Data\Download Manager 2008-05-11 13:24:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun 2008-05-11 13:24:06 0 d-------- C:\Program Files\Java 2008-05-11 13:24:04 0 d-------- C:\Program Files\Common Files\Java 2008-05-09 17:42:58 0 d-------- C:\Documents and Settings\Owner\Application Data\Google 2008-05-09 17:42:16 0 d-------- C:\Program Files\Google 2008-05-09 15:04:56 0 d-------- C:\Program Files\movie maker 2008-05-09 15:04:40 0 d-------- C:\Program Files\msn gaming zone 2008-05-09 15:04:36 0 d-------- C:\Program Files\microsoft frontpage 2008-05-08 14:22:50 0 d-------- C:\Program Files\Trend Micro -- Registry Dump --------------------------------------------------------------- Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] 03/02/2007 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] 03/02/2007 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41B93EB1-608A-465B-A1F0-EA1DFEC3E247}] C:\WINDOWS\system32\awtqqnnM.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B5EDCE5-E91A-4757-BA98-DFFF814D9DD7}] 06/27/2008 00:59 318208 --a------ C:\WINDOWS\system32\hgGwVlMc.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 03/27/2008 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [03/27/2008 14:12 1164600] [-HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [05/25/2005 16:50] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 21:34] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/02/2008 21:44] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [02/20/2007 00:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/12/2004 06:00] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/18/2008 19:31] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 9:26:24 PM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) "NoRecentDocsHistory"=1 (0x1) "NoSMConfigurePrograms"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) "NoRecentDocsHistory"=1 (0x1) "NoSMConfigurePrograms"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{41B93EB1-608A-465B-A1F0-EA1DFEC3E247}"= C:\WINDOWS\system32\awtqqnnM.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqqnnM] awtqqnnM.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGwVlMc [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^.protected] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected backup=C:\WINDOWS\pss\.protectedCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^.protected] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\.protected backup=C:\WINDOWS\pss\.protectedStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3c31832c] rundll32.exe "C:\WINDOWS\system32\txxprdnp.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F13C2B7.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F13C2B7.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options] sstray.exe /r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\walinusj] C:\WINDOWS\system32\unqnqvqb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MDM"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService WebClient LmHosts upnphost SSDPSRV HPZ12 Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07fb71c6-0180-11dd-bf39-0010dcd5264b}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL delautorun.bat É±¶¾(&K)\command- I:\delautorun.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{324b6d4e-fe7d-11d5-befd-d2c383f8503a}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86d58a9a-33b7-11dd-bfd7-0010dcd5264b}] AutoRun\command- I:\jfvkcsy.bat explore\Command- I:\jfvkcsy.bat open\Command- I:\jfvkcsy.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be639380-0d29-11dd-bf66-0010dcd5264b}] AutoRun\command- I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0a0dcaa-1b09-11dd-bf93-0010dcd5264b}] AutoRun\command- I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3c1b3f4-f373-11dc-bf0f-0010dcd5264b}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb0d597d-f22b-11dc-bf0c-0010dcd5264b}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif -- End of Deckard's System Scanner: finished at 2008-07-07 15:16:35 ------------ ---------------------- Wierd, i only able to get "main.txt" but not "extra.txt" Btw, some virus scanner unable to detect the infected files. When i try to delete it, it says something about written-protected. Also, when i run msconfig > Startup , there will be a (random letters).dll there. If i try to disable it, another new one will exist.

Thunder View Member Profile	Jul 9 2008, 04:17 AM Post #2
Forum Addict Group: HJT Team Posts: 3,291 Joined: 12-December 05 From: Belgium Member No.: 44,294	Hello Mabok and welcome to BleepingComputer, 1. * Clean your Cache and Cookies in IE: Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tab Under Browsing History, click Delete. Click Delete Files, Delete cookies and Delete history Click Close below. * Clean your Cache and Cookies in Firefox (In case you also have Firefox installed): Go to Tools > Options. Click Privacy in the menu.. Click the Clear now button below.. A new window will popup what to clear. Select all and click the Clear button again. Click OK to close the Options window * Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked. Press OK to remove them. 2. Please download Malwarebytes' Anti-Malware from Here or Here Doubleclick mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply along with a fresh HijackThis log. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. 3. Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !). The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC) In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial. It must be saved directly to your desktop. Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze. Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !! Greetings, Thunder -------------------- Whatever happens, make believe it was intended to ... ----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware. ----------------------------------------------------------------------- Stand Up & Be Counted --> <-- And make a difference

mabok View Member Profile	Jul 9 2008, 06:30 AM Post #3
New Member Group: Members Posts: 10 Joined: 5-May 08 Member No.: 207,110	"Go to start > run and type: cleanmgr and click ok." Cannot find "cleanmgr".

Thunder View Member Profile	Jul 9 2008, 07:31 AM Post #4
Forum Addict Group: HJT Team Posts: 3,291 Joined: 12-December 05 From: Belgium Member No.: 44,294	Hello Mabok, If cleanmgr is somehow blocked, don't mind, just continue with next steps. Greetings, Thunder -------------------- Whatever happens, make believe it was intended to ... ----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware. ----------------------------------------------------------------------- Stand Up & Be Counted --> <-- And make a difference

mabok View Member Profile	Jul 11 2008, 11:36 PM Post #5
New Member Group: Members Posts: 10 Joined: 5-May 08 Member No.: 207,110	Malwarebytes' Anti-Malware 1.20 Database version: 941 Windows 5.1.2600 Service Pack 2 12:29:12 PM 7/12/2008 mbam-log-7-12-2008 (12-29-12).txt Scan type: Quick Scan Objects scanned: 41110 Time elapsed: 12 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 37 Registry Values Infected: 3 Registry Data Items Infected: 3 Folders Infected: 11 Files Infected: 71 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\hgGwVlMc.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\kixpdokp.dll (Trojan.Vundo) -> Unloaded module successfully. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{41b93eb1-608a-465b-a1f0-ea1dfec3e247} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{839714ee-1a44-4eb5-9ce7-aa9ef6e3b238} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\absolutetransfer.absolutetransfer (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\absolutetransfer.absolutetransfer.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\spinstall (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Adsl Software Limited (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Drivers (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41b93eb1-608a-465b-a1f0-ea1dfec3e247} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{839714ee-1a44-4eb5-9ce7-aa9ef6e3b238} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7c4bcd17-bdba-4078-9d8c-8ca8b7eabe77} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{41b93eb1-608a-465b-a1f0-ea1dfec3e247} (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a0a4ab1b-f6b0-481e-8c67-45058433f544}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.77,85.255.112.133 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggwvlmc -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggwvlmc -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2007 (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Adsl Software Limited\MalWarrior 2007 (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Adsl Software Limited\MalWarrior 2007\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Adsl Software Limited\MalWarrior 2007\DELETED (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Adsl Software Limited\MalWarrior 2007\LOG (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Adsl Software Limited\MalWarrior 2007\SAVED (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2007\program.id (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Adsl Software Limited\MalWarrior 2007\BASE\vbase.dat (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Adsl Software Limited\MalWarrior 2007\LOG\20080405121033875.log (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Adsl Software Limited\MalWarrior 2007\LOG\20080405130440843.log (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Adsl Software Limited\MalWarrior 2007\LOG\20080405160308796.log (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Adsl Software Limited\MalWarrior 2007\LOG\20080405173112359.log (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Adsl Software Limited\MalWarrior 2007\LOG\20080405174007046.log (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Adsl Software Limited\MalWarrior 2007\Malwarrior.exe (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Adsl Software Limited\MalWarrior 2007\program.ini (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\PC-Cleaner\log.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\PC-Cleaner\settings.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Desktopblackbird.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32Rundl1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32WINWGPX.EXE (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32anticipator.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32awtoolb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32bdn.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32bsva-egihsg52.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32dpcproxy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32emesx.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32h@tkeysh@@k.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32hoproxy.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32hxiwlgpm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32medup012.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32medup020.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32msgp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32msnbho.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32mssecu.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32msvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32mtr2.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32mwin32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32netode.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32newsd32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32ps1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32psof1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32psoft1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32regc64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32regm64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32sncntr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32ssurf022.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32ssvchost.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32ssvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32sysreq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32taack.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32temp#01.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32thun.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32thun32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32vbsys2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32vcatchpi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32winlogonpc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cMlVwGgh.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cMlVwGgh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cppdxoyp.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hbqnyjvr.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hgGwVlMc.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\kixpdokp.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\pkodpxik.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pyoxdppc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rvjynqbh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Deckard's System Scanner v20071014.68 Run by Owner on 2008-07-12 12:34:20 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:34:35, on 7/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.5.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: awtqqnnM - awtqqnnM.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 7882 bytes -- Files created between 2008-06-12 and 2008-07-12 ----------------------------- 2008-07-12 12:09:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes 2008-07-12 12:09:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-12 12:09:16 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-11 20:21:47 92672 -----n--- C:\WINDOWS\system32\kixpdokp.dll 2008-07-02 20:55:35 0 d--h----- C:\$AVG8.VAULT$ 2008-07-02 20:45:03 0 d-------- C:\WINDOWS\system32\drivers\Avg 2008-07-02 20:44:57 0 d-------- C:\Program Files\AVG 2008-07-02 20:44:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-29 20:43:16 0 d--hs---- C:\FOUND.013 2008-06-28 16:01:25 0 d-------- C:\Program Files\SweetIM 2008-06-28 16:01:25 0 d-------- C:\Documents and Settings\All Users\Application Data\SweetIM 2008-06-27 00:59:01 318208 -----n--- C:\WINDOWS\system32\hgGwVlMc.dll 2008-06-25 18:53:32 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer 2008-06-25 18:52:51 0 d-------- C:\Program Files\iPod 2008-06-25 18:52:39 0 d-------- C:\Program Files\iTunes 2008-06-25 18:52:14 0 d-------- C:\Program Files\Bonjour 2008-06-25 18:50:46 0 d-------- C:\Program Files\QuickTime 2008-06-25 18:50:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-25 18:49:54 0 d-------- C:\Program Files\Apple Software Update 2008-06-25 18:48:56 0 d-------- C:\Program Files\Common Files\Apple 2008-06-25 18:48:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-06-22 23:39:33 0 d-------- C:\Documents and Settings\Owner\Application Data\Help 2008-06-22 15:05:08 0 d--hs---- C:\FOUND.011 -- Find3M Report --------------------------------------------------------------- 2008-06-27 18:54:42 2248 --a------ C:\WINDOWS\system32\tmp.reg 2008-06-07 13:34:26 0 d-------- C:\Documents and Settings\Owner\Application Data\HP 2008-06-07 13:34:10 141048 --a------ C:\WINDOWS\hpoins14.dat 2008-06-07 12:17:40 0 d-------- C:\Documents and Settings\Owner\Application Data\HPAppData 2008-06-07 12:15:22 0 d-------- C:\Program Files\Common Files\HP 2008-06-07 12:15:08 0 d-------- C:\Program Files\Hewlett-Packard 2008-06-07 12:14:58 0 d-------- C:\Program Files\Common Files\Hewlett-Packard 2008-06-07 12:13:56 0 d-------- C:\Program Files\HP 2008-06-06 22:18:50 0 d-------- C:\Program Files\Microsoft Silverlight -- Registry Dump --------------------------------------------------------------- Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] 03/02/2007 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] 03/02/2007 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 03/27/2008 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [03/27/2008 14:12 1164600] [-HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [05/25/2005 16:50] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 21:34] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/02/2008 21:44] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [02/20/2007 00:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/12/2004 06:00] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/18/2008 19:31] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 9:26:24 PM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) "NoRecentDocsHistory"=1 (0x1) "NoSMConfigurePrograms"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) "NoRecentDocsHistory"=1 (0x1) "NoSMConfigurePrograms"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqqnnM] awtqqnnM.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^.protected] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected backup=C:\WINDOWS\pss\.protectedCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^.protected] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\.protected backup=C:\WINDOWS\pss\.protectedStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3c31832c] rundll32.exe "C:\WINDOWS\system32\kixpdokp.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F13C2B7.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F13C2B7.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options] sstray.exe /r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\walinusj] C:\WINDOWS\system32\unqnqvqb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MDM"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService WebClient LmHosts upnphost SSDPSRV HPZ12 Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07fb71c6-0180-11dd-bf39-0010dcd5264b}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL delautorun.bat É±¶¾(&K)\command- I:\delautorun.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86d58a9a-33b7-11dd-bfd7-0010dcd5264b}] AutoRun\command- I:\jfvkcsy.bat explore\Command- I:\jfvkcsy.bat open\Command- I:\jfvkcsy.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be639380-0d29-11dd-bf66-0010dcd5264b}] AutoRun\command- I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3c1b3f4-f373-11dc-bf0f-0010dcd5264b}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb0d597d-f22b-11dc-bf0c-0010dcd5264b}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif -- End of Deckard's System Scanner: finished at 2008-07-12 12:35:07 ------------

Thunder View Member Profile	Jul 12 2008, 05:49 AM Post #6
Forum Addict Group: HJT Team Posts: 3,291 Joined: 12-December 05 From: Belgium Member No.: 44,294	Hello Mabok, Looks like we're not quite there yet. Did you run ComboFix ? If so, can I see the ComboFix log please (can also be found as C:\ComboFix.txt) Greetings, Thunder -------------------- Whatever happens, make believe it was intended to ... ----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware. ----------------------------------------------------------------------- Stand Up & Be Counted --> <-- And make a difference

Thunder View Member Profile	Aug 11 2008, 04:19 AM Post #7
Forum Addict Group: HJT Team Posts: 3,291 Joined: 12-December 05 From: Belgium Member No.: 44,294	Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed. If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- Whatever happens, make believe it was intended to ... ----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware. ----------------------------------------------------------------------- Stand Up & Be Counted --> <-- And make a difference

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 4th July 2009 - 06:51 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List \| Virus Removal Guides
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides Archive