Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Conhook.b And Popups


  • This topic is locked This topic is locked
17 replies to this topic

#1 mozley411

mozley411

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 23 September 2007 - 05:55 PM

:thumbsup: Computer is super slow and even takes forever to type


Hijack Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:01:31 PM, on 9/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ebgdijgp] rundll32.exe "C:\Program Files\ebgdijgp\uxepafaj.dll",Init
O4 - HKLM\..\Run: [utwvojoj] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\utwvojoj.dll"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Tbsa] "C:\DOCUME~1\HP-USE~1\MYDOCU~1\WNSXS~1\iexplore.exe" -vt yazb
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 11541 bytes

BC AdBot (Login to Remove)

 


#2 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 25 September 2007 - 02:33 PM

Hello mozley411

Copy and Paste this post into a new text document or print it for reference

You will need to ensure this system has only One Firewall and One Anti-Virus software installed, Firewall and Anti-Virus resident scanners run inside the kernel mode of Windows, or deep inside of the operating system.

1. Please disable All your Real-time when doing this or any fix on your system

To Disable Windows Defender
Open Windows Defender
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

To Disable Tea-Timer
Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose Yes at the Warning prompt.
Expand the Tools menu.
Click Resident.
Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
In the File menu click Exit to exit Spybot Search & Destroy.


2. Now go to: http://virusscan.jotti.org/
At the top select the Browse button then navigate to this File and Submit it to be scanned.
C:\Program Files\ebgdijgp\uxepafaj.dll
any results please Copy & Paste them in your next reply

Can you please also have Jotti scan these files and post the results back to me
C:\Documents and Settings\All Users\Application Data\utwvojoj.dll


3. Re-open HijackThis and select "Do a System Scan only" and place a checkmark in the boxes before the following entries:

O4 - HKLM\..\Run: [ebgdijgp] rundll32.exe "C:\Program Files\ebgdijgp\uxepafaj.dll",Init
O4 - HKLM\..\Run: [utwvojoj] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\utwvojoj.dll"
O4 - HKCU\..\Run: [Tbsa] "C:\DOCUME~1\HP-USE~1\MYDOCU~1\WNSXS~1\iexplore.exe" -vt yazb

Close any Explorer windows which may be open and click the "Fix Checked" button.


4. Please navigate to this path: C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
now Right-click on HijackThis.exe and select "Rename"
I would like you to Rename HijackThis.exe to mozley.exe

Re-scan with HijackThis ( mozley.exe ) and post the new log and the Jotti results in your next reply

Thank you.

#3 mozley411

mozley411
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 28 September 2007 - 06:22 PM

Thanks, I followed the instructions, but then I could not connect to the internet. I deleted some things and magically, I was able to connect this evening??!!! One of the files you asked me to scan that was located in "Documents and Settings/All Users/Application Data" I could not find, but when I did a file search it appeared but was actually a .zip file that was named something else. I scanned the .zip file and it came up clean. Here are the results of the scan:

Service load: 0% 100%

File: uxepafaj.dll
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 9ff39effcdff89284370a4a9f9c1a2bc
Packers detected: -
Bit9 reports: Not analyzed yet (more info)

mozley.exe log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:35 PM, on 9/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\mozley.exe.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {04A097CE-A786-42CB-8265-C9C7F26FCB4F} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - C:\Program Files\Image ActiveX Access\iesplg.dll (file missing)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {35CF149D-D0EA-48D8-9051-BC1398977B6F} - (no file)
O2 - BHO: (no name) - {39C6B6C8-E01E-3175-B583-04FDA1EE088B} - C:\Program Files\Kifoaese\xuowkifx.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {565906D3-4FD7-4DEF-9094-7603635E1B39} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {6ACAE080-FED0-4969-86C8-FCCE0FF9F30B} - (no file)
O2 - BHO: (no name) - {731E8BA0-4645-3091-6757-4B71B45192C1} - (no file)
O2 - BHO: (no name) - {731E8BD8-4647-3194-6726-4D71B02192BF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7F94E116-D0E1-4FB2-89C4-23A02F679A3B} - (no file)
O2 - BHO: (no name) - {8B5D9851-FE2C-461F-B37C-AF1914758CC2} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {94FBC53E-0401-40C4-AEC2-4005B1AA4382} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B054EF09-4445-403E-91BC-31EAD82A6965} - (no file)
O2 - BHO: (no name) - {C070DF8F-28C0-4B34-90EC-DEB0473FF8D5} - C:\WINDOWS\system32\mlljh.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\gnnxvddb.dll
O2 - BHO: (no name) - {CF52EA9F-C568-48D6-AB93-6CBEAE7DA707} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: xxyxywv - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 10946 bytes


Now my computer is really fast, and I am able to connect to the internet, but I am afraid that I am not protected from further threats because I uninstalled my McAfee???

#4 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 29 September 2007 - 02:11 AM

Hello mozley411

Copy and Paste this post into a new text document or print it for reference

Please disable all your Real-time protection

1. Re-open HijackThis and select "Do a System Scan only" and place a checkmark in the boxes before the following entries:

O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {04A097CE-A786-42CB-8265-C9C7F26FCB4F} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - C:\Program Files\Image ActiveX Access\iesplg.dll (file missing)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {35CF149D-D0EA-48D8-9051-BC1398977B6F} - (no file)
O2 - BHO: (no name) - {39C6B6C8-E01E-3175-B583-04FDA1EE088B} - C:\Program Files\Kifoaese\xuowkifx.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {565906D3-4FD7-4DEF-9094-7603635E1B39} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {6ACAE080-FED0-4969-86C8-FCCE0FF9F30B} - (no file)
O2 - BHO: (no name) - {731E8BA0-4645-3091-6757-4B71B45192C1} - (no file)
O2 - BHO: (no name) - {731E8BD8-4647-3194-6726-4D71B02192BF} - (no file)
O2 - BHO: (no name) - {7F94E116-D0E1-4FB2-89C4-23A02F679A3B} - (no file)
O2 - BHO: (no name) - {8B5D9851-FE2C-461F-B37C-AF1914758CC2} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {94FBC53E-0401-40C4-AEC2-4005B1AA4382} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - (no file)
O2 - BHO: (no name) - {C070DF8F-28C0-4B34-90EC-DEB0473FF8D5} - C:\WINDOWS\system32\mlljh.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\gnnxvddb.dll
O2 - BHO: (no name) - {CF52EA9F-C568-48D6-AB93-6CBEAE7DA707} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O20 - Winlogon Notify: xxyxywv - C:\WINDOWS\

Close any Explorer windows which may be open and click the "Fix Checked" button.


2. Double-click on My Computer, Double-click on Local Disk and navigate to then Right Click on and Delete the following Bold entries if present:

C:\Program Files\Image ActiveX Access
C:\Program Files\Kifoaese
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\gnnxvddb.dll


3. Now please download this latest version of VundoFix to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files,
    click YES
  • Once you click yes, your desktop will go blank as it starts removing
    Vundo.
  • When completed, it will prompt that it will reboot your computer,
    click OK.
  • Please post the contents of C:\vundofix.txt in your next reply
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button."
when VundoFix appears at reboot.



4. I would like to recommend if you are using The Windows Firewall that you replace it as soon as possible Please choose to install One of these good free firewalls below to fully protect your system anyone of these will give you Full control over everything that requests Internet access a feature not available in the default Windows Firewall

ZoneAlarm
Kerio Personal Firewall
OutPost Firewall Free
Sygate Personal Firewall

For Anti-Virus protection choose one of these

AVG Anti-Virus
Avast
Bit Defender


5. Please Re-scan with HijackThis and post the new log and the C:\vundofix.txt

Thank you

#5 mozley411

mozley411
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 29 September 2007 - 10:33 AM

:thumbsup:
After I preformed the last instructions:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:57 AM, on 9/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\mozley.exe.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {04A097CE-A786-42CB-8265-C9C7F26FCB4F} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {35CF149D-D0EA-48D8-9051-BC1398977B6F} - (no file)
O2 - BHO: (no name) - {39C6B6C8-E01E-3175-B583-04FDA1EE088B} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {565906D3-4FD7-4DEF-9094-7603635E1B39} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {6ACAE080-FED0-4969-86C8-FCCE0FF9F30B} - (no file)
O2 - BHO: (no name) - {6E39385E-669E-48A3-8AC0-257F69509714} - C:\WINDOWS\system32\mlljh.dll (file missing)
O2 - BHO: (no name) - {731E8BA0-4645-3091-6757-4B71B45192C1} - (no file)
O2 - BHO: (no name) - {731E8BD8-4647-3194-6726-4D71B02192BF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7F94E116-D0E1-4FB2-89C4-23A02F679A3B} - (no file)
O2 - BHO: (no name) - {8B5D9851-FE2C-461F-B37C-AF1914758CC2} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {94FBC53E-0401-40C4-AEC2-4005B1AA4382} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B054EF09-4445-403E-91BC-31EAD82A6965} - (no file)
O2 - BHO: (no name) - {C070DF8F-28C0-4B34-90EC-DEB0473FF8D5} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - (no file)
O2 - BHO: (no name) - {CF52EA9F-C568-48D6-AB93-6CBEAE7DA707} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: xxyxywv - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9214 bytes


VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 8:27:37 AM 9/29/2007

Listing files found while scanning....

C:\windows\system32\drvsuwr.dll
C:\windows\system32\hjllm.bak1
C:\windows\system32\hjllm.bak2
C:\windows\system32\hjllm.ini
C:\windows\system32\mlljh.dll
C:\windows\system32\qcdthwuy.ini
C:\windows\system32\yuwhtdcq.dll

Beginning removal...

Attempting to delete C:\windows\system32\drvsuwr.dll
C:\windows\system32\drvsuwr.dll Has been deleted!

Attempting to delete C:\windows\system32\hjllm.bak1
C:\windows\system32\hjllm.bak1 Has been deleted!

Attempting to delete C:\windows\system32\hjllm.bak2
C:\windows\system32\hjllm.bak2 Has been deleted!

Attempting to delete C:\windows\system32\hjllm.ini
C:\windows\system32\hjllm.ini Has been deleted!

Attempting to delete C:\windows\system32\mlljh.dll
C:\windows\system32\mlljh.dll Could not be deleted.

Attempting to delete C:\windows\system32\qcdthwuy.ini
C:\windows\system32\qcdthwuy.ini Has been deleted!

Attempting to delete C:\windows\system32\yuwhtdcq.dll
C:\windows\system32\yuwhtdcq.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 8:43:17 AM 9/29/2007

Listing files found while scanning....

C:\windows\system32\hjllm.ini
C:\windows\system32\mlljh.dll

Beginning removal...

Attempting to delete C:\windows\system32\hjllm.ini
C:\windows\system32\hjllm.ini Has been deleted!

Attempting to delete C:\windows\system32\mlljh.dll
C:\windows\system32\mlljh.dll Has been deleted!

Performing Repairs to the registry.
Done!


Thanks for all your help!!

#6 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 29 September 2007 - 10:42 AM

Hello mozley411

Thank you for doing that for me :thumbsup:

Copy and Paste this post into a new text document or print it for reference

1. Re-open HijackThis and select "Do a System Scan only" and place a checkmark in the boxes before the following entries:

O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {04A097CE-A786-42CB-8265-C9C7F26FCB4F} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {35CF149D-D0EA-48D8-9051-BC1398977B6F} - (no file)
O2 - BHO: (no name) - {39C6B6C8-E01E-3175-B583-04FDA1EE088B} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {565906D3-4FD7-4DEF-9094-7603635E1B39} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {6ACAE080-FED0-4969-86C8-FCCE0FF9F30B} - (no file)
O2 - BHO: (no name) - {6E39385E-669E-48A3-8AC0-257F69509714} - C:\WINDOWS\system32\mlljh.dll (file missing)
O2 - BHO: (no name) - {731E8BA0-4645-3091-6757-4B71B45192C1} - (no file)
O2 - BHO: (no name) - {731E8BD8-4647-3194-6726-4D71B02192BF} - (no file)
O2 - BHO: (no name) - {7F94E116-D0E1-4FB2-89C4-23A02F679A3B} - (no file)
O2 - BHO: (no name) - {8B5D9851-FE2C-461F-B37C-AF1914758CC2} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {94FBC53E-0401-40C4-AEC2-4005B1AA4382} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - (no file)
O2 - BHO: (no name) - {B054EF09-4445-403E-91BC-31EAD82A6965} - (no file)
O2 - BHO: (no name) - {C070DF8F-28C0-4B34-90EC-DEB0473FF8D5} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - (no file)
O2 - BHO: (no name) - {CF52EA9F-C568-48D6-AB93-6CBEAE7DA707} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O20 - Winlogon Notify: xxyxywv - C:\WINDOWS\

Close any Explorer windows which may be open and click the "Fix Checked" button.


2. Download ComboFix.exe to your desktop.
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.

Post this log in your next reply

Thank you

#7 mozley411

mozley411
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 29 September 2007 - 11:38 AM

:thumbsup:

ComboFix 07-09-21.2 - "HP- User" 2007-09-29 11:24:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.172 [GMT -7:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\DOCUME~1\HP-USE~1\MYDOCU~1\WNSXS~1
C:\DOCUME~1\HP-USE~1\MYDOCU~1\WNSXS~1\iexplore.exe
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\Common Files\racle~1
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\ISM
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\SecCenter\scprot4.exe.bak
C:\Program Files\Ultimate Cleaner
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\nusrmgr.exe
C:\WINDOWS\system32\qtypvhgs.dll
C:\WINDOWS\system32\sghvpytq.ini
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wapisvsu.exe
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-29 )))))))))))))))))))))))))))))))
.

2007-09-29 11:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-29 09:18 258,080 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-29 09:17 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-29 09:17 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-29 09:17 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-29 09:17 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-29 09:17 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-29 09:17 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-29 09:17 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-29 09:17 <DIR> d-------- C:\Program Files\Alwil Software
2007-09-29 09:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-09-29 09:13 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-09-29 08:44 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-09-29 08:27 <DIR> d-------- C:\VundoFix Backups
2007-09-28 06:23 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
2007-09-28 06:12 <DIR> d-------- C:\Program Files\Broadcom
2007-09-23 16:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-23 11:40 85,568 --a------ C:\WINDOWS\system32\vyxqvidj.dll
2007-09-23 09:28 85,568 --------- C:\WINDOWS\system32\twgegdff.dll
2007-09-23 08:00 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-09-22 22:13 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-22 22:09 <DIR> d-------- C:\DOCUME~1\HP-USE~1\.housecall6.6
2007-09-22 09:53 <DIR> d-------- C:\McAfee
2007-09-18 22:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-09-17 23:51 <DIR> d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\Sonic
2007-09-17 23:51 <DIR> d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\Leadertech
2007-09-13 03:12 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-09-11 22:55 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-09-11 22:40 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-09 18:36 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-09-09 14:27 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-09 13:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Intuit
2007-09-08 13:47 <DIR> d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\Netscape
2007-09-08 09:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-08 08:04 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-08 08:04 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-08 08:04 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-08 07:44 <DIR> d---s---- C:\DOCUME~1\NETWOR~1\Temporary Internet Files
2007-09-08 07:44 <DIR> d---s---- C:\DOCUME~1\NETWOR~1\History
2007-09-08 07:24 <DIR> d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\McAfee
2007-09-07 20:50 <DIR> d-------- C:\Program Files\America Online 9.0
2007-09-07 20:46 <DIR> d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\MSNInstaller
2007-09-06 22:43 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-09-06 22:43 <DIR> d-------- C:\WINDOWS\system32\acespy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-29 11:30 4028 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-28 17:30 --------- d-------- C:\Program Files\McAfee
2007-09-28 17:30 --------- d-------- C:\Program Files\Common Files\McAfee
2007-09-28 17:30 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-09-09 20:34 --------- d-------- C:\Program Files\Common Files\AOL
2007-09-09 20:32 --------- d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\AOL
2007-09-09 20:32 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-06 22:24 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-06 16:14 75248 --a------ C:\WINDOWS\zllsputility.exe
2007-09-06 16:14 1086952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-08-16 04:37 --------- d-------- C:\Program Files\Alarm
2007-08-16 03:11 --------- d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\Viewpoint
2007-08-16 03:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-08-11 00:33 --------- d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\HP
2007-08-10 23:12 --------- d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\Real
2007-08-09 14:31 --------- d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\AdobeUM
2007-08-09 14:01 --------- d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\GTek
2007-08-09 14:01 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gtek
2007-08-08 22:20 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-08 22:20 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-08 20:05 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2007-08-08 20:05 --------- d-------- C:\Program Files\Real
2007-08-08 20:05 --------- d-------- C:\Program Files\QuickTime
2007-08-08 20:05 --------- d-------- C:\Program Files\Common Files\Real
2007-08-08 20:05 --------- d-------- C:\Program Files\Common Files\Nullsoft
2007-08-08 20:05 --------- d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\You've Got Pictures Screensaver
2007-08-08 20:05 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-08-08 20:04 --------- d-------- C:\Program Files\Viewpoint
2007-08-08 20:04 --------- d-------- C:\Program Files\Common Files\AolCoach
2007-08-08 19:54 --------- d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\Google
2007-08-08 19:47 --------- d-------- C:\Program Files\Common Files\SWF Studio
2007-08-08 19:46 --------- d-------- C:\Program Files\Google
2007-08-08 19:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-07-30 20:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 20:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 20:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 20:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 20:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 20:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 20:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 20:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 20:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 20:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 20:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 20:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 20:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 20:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 20:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2005-09-24 09:49 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 22:03]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 19:49]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 05:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 05:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 05:17]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 04:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 22:46]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 21:54]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 13:38]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" []
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 09:52]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-08-08 20:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-08 20:05]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 21:07]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 10:39:30]

R3 HBtnKey;HBtnKey;C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
S3 USBDongle;USBDongle;C:\WINDOWS\system32\DRIVERS\USBKey.sys

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-29 11:32:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???`W??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-29 11:34:14 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-29 11:34
.
--- E O F ---

#8 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 29 September 2007 - 12:25 PM

Hello mozley411

This folder appear to belong to a keylogger, did you install them yourself?
C:\WINDOWS\system32\acespy

---------------------------

1. Please return to: http://virusscan.jotti.org/
At the top select the Browse button then navigate to this File and Submit it to be scanned.
C:\WINDOWS\system32\vyxqvidj.dll
any results please Copy & Paste them in your next reply

Can you please also have Jotti scan these files and post the results back to me
C:\WINDOWS\system32\twgegdff.dll
C:\WINDOWS\system32\stfv.bin




2. Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


3. Please now use Internet Explorer and run this online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases


Click OK
Now under select a target to scan: Select My Computer

This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.

Copy and paste that information in your next post along with a new HijackThis log, the Jotti results and information about acespy

Thank you

#9 mozley411

mozley411
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 29 September 2007 - 05:28 PM

:thumbsup: I have no idea what acespy is. If it was downloaded, it was by mistake.

Here are my latest results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:07 PM, on 9/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\mozley.exe.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6995 bytes


Service load:
0% 100%
File: vyxqvidj.dll
Status:
INFECTED/MALWARE
MD5: e8bb8edd6131d290e4ec3524aea8e6b5
Packers detected:
-
Bit9 reports: File not found
Scanner results
Scan taken on 29 Sep 2007 18:25:48 (GMT)
A-Squared
Found Heuristic.LOP
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Service load:
0% 100%
File: twgegdff.dll
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: e8bb8edd6131d290e4ec3524aea8e6b5
Packers detected:
-
Bit9 reports: File not found
Scanner results
Scan taken on 29 Sep 2007 18:28:17 (GMT)
A-Squared
Found Heuristic.LOP
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Service load:
0% 100%
File: stfv.bin
Status:
OK
MD5: cbe23d9655fccd4311acdd6261c81bd8
Packers detected:
-
Bit9 reports: Not analyzed yet (more info)
Scanner results
Scan taken on 29 Sep 2007 18:30:59 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, September 29, 2007 5:22:08 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 29/09/2007
Kaspersky Anti-Virus database records: 425211
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 57779
Number of viruses found: 7
Number of infected objects: 16
Number of suspicious objects: 8
Duration of the scan process: 01:30:26

Infected Object Name / Virus Name / Last Action
C:\9A.tmp/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\9A.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.jl skipped
C:\9A.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.jl skipped
C:\9A.tmp NSIS: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak10.zip/hcwprn.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak10.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC19.zip/wml.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC19.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1552OinUninstaller.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip/Yazzle1162OinUninstaller.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\HP- User\.housecall6.6\Quarantine\uxepafaj.dll.bac_a04248 Infected: Trojan.Win32.Obfuscated.hy skipped
C:\Documents and Settings\HP- User\Application Data\Mozilla\Firefox\Profiles\fi5w3rn4.default\cert8.db Object is locked skipped
C:\Documents and Settings\HP- User\Application Data\Mozilla\Firefox\Profiles\fi5w3rn4.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\HP- User\Application Data\Mozilla\Firefox\Profiles\fi5w3rn4.default\history.dat Object is locked skipped
C:\Documents and Settings\HP- User\Application Data\Mozilla\Firefox\Profiles\fi5w3rn4.default\key3.db Object is locked skipped
C:\Documents and Settings\HP- User\Application Data\Mozilla\Firefox\Profiles\fi5w3rn4.default\parent.lock Object is locked skipped
C:\Documents and Settings\HP- User\Application Data\Mozilla\Firefox\Profiles\fi5w3rn4.default\search.sqlite Object is locked skipped
C:\Documents and Settings\HP- User\Application Data\Mozilla\Firefox\Profiles\fi5w3rn4.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\HP- User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP- User\Desktop\antivirus stuff\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\HP- User\Desktop\antivirus stuff\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\HP- User\Desktop\antivirus stuff\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\HP- User\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\Mozilla\Firefox\Profiles\fi5w3rn4.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\Mozilla\Firefox\Profiles\fi5w3rn4.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\Mozilla\Firefox\Profiles\fi5w3rn4.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Application Data\Mozilla\Firefox\Profiles\fi5w3rn4.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\HP- User\Local Settings\Temp\~DF9F5.tmp Object is locked skipped
C:\Documents and Settings\HP- User\ntuser.dat Object is locked skipped
C:\Documents and Settings\HP- User\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\HP- User\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\ebgdijgp\uxepafaj.dll Infected: Trojan.Win32.Obfuscated.hy skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070929-081448-593.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070929-081448-835.dll Infected: Trojan.Win32.Obfuscated.hy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\nusrmgr.exe.vir Infected: not-virus:Hoax.Win32.Renos.ig skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP10\A0003125.exe Infected: not-virus:Hoax.Win32.Renos.ig skipped
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP10\change.log Object is locked skipped
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP7\A0002364.dll Infected: Trojan.Win32.Obfuscated.hy skipped
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP7\A0002372.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\VundoFix Backups\mlljh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\MOMMAS.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_7c4.dat Object is locked skipped
C:\WINDOWS\temp\ZLT019f5.TMP Object is locked skipped
C:\WINDOWS\temp\ZLT019f8.TMP Object is locked skipped
C:\WINDOWS\temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP10\change.log Object is locked skipped

Scan process completed.

#10 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 30 September 2007 - 02:24 AM

Hello mozley411

To uninstall AceSpy go to Start / Run then click "Browse" and go to your Windows directory, then double-click on "System32" Then double click "AceSpy" then double click the "uninst000" or "uninstall". Then click ok and the uninstall program will run. Follow the prompts and restart your system and Navigate to and delete this Bold Folder if listed C:\WINDOWS\system32\acespy

----------------------------

Please Open notepad - don't use any other text editor

I would like you to now Copy/paste the text in the quotebox below into notepad:

File::
C:\9A.tmp
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\vyxqvidj.dll
C:\WINDOWS\system32\twgegdff.dll

Folder::
C:\Program Files\ebgdijgp



Name the file CFScript and Save it to your Desktop

Posted Image
Refering to the picture above, drag CFScript.txt into ComboFix.exe

Run "ComboFix" again and post the resultant log and can you please let me know how you system is running now

Thank you.

#11 mozley411

mozley411
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 30 September 2007 - 10:39 AM

When I go to Windows/system32/acespy there is not an uninstall file, there is only one application file and it is named systune. Should I run that one?

#12 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 30 September 2007 - 11:42 AM

Hello mozley411

Please Just Right-click on and delete this Bold Folder

C:\WINDOWS\system32\acespy

and continue on with my last instruction's

Thank you

Edited by ourwilly, 30 September 2007 - 11:51 AM.


#13 mozley411

mozley411
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 30 September 2007 - 01:39 PM

Results of combofix:
ComboFix 07-09-21.2 - "HP- User" 2007-09-30 13:28:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.161 [GMT -7:00]
* Created a new restore point

FILE::
C:\9A.tmp
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\vyxqvidj.dll
C:\WINDOWS\system32\twgegdff.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\9A.tmp
C:\Program Files\ebgdijgp
C:\Program Files\ebgdijgp\uxepafaj.dll
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\twgegdff.dll
C:\WINDOWS\system32\vyxqvidj.dll

.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-30 )))))))))))))))))))))))))))))))
.

2007-09-30 10:36 <DIR> d--h----- C:\WINDOWS\PIF
2007-09-29 14:16 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-29 14:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-29 11:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-29 09:18 1,218,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-29 09:17 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-29 09:17 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-29 09:17 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-29 09:17 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-29 09:17 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-29 09:17 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-29 09:17 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-29 09:17 <DIR> d-------- C:\Program Files\Alwil Software
2007-09-29 09:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-09-29 09:13 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-09-29 08:44 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-09-29 08:27 <DIR> d-------- C:\VundoFix Backups
2007-09-28 06:23 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
2007-09-28 06:12 <DIR> d-------- C:\Program Files\Broadcom
2007-09-23 16:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-23 08:00 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-09-22 22:13 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-22 22:09 <DIR> d-------- C:\DOCUME~1\HP-USE~1\.housecall6.6
2007-09-22 09:53 <DIR> d-------- C:\McAfee
2007-09-18 22:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-09-17 23:51 <DIR> d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\Sonic
2007-09-17 23:51 <DIR> d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\Leadertech
2007-09-13 03:12 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-09-11 22:55 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-09-11 22:40 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-09 18:36 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-09-09 14:27 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-09 13:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Intuit
2007-09-08 13:47 <DIR> d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\Netscape
2007-09-08 09:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-08 08:04 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-08 08:04 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-08 08:04 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-08 07:44 <DIR> d---s---- C:\DOCUME~1\NETWOR~1\Temporary Internet Files
2007-09-08 07:44 <DIR> d---s---- C:\DOCUME~1\NETWOR~1\History
2007-09-08 07:24 <DIR> d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\McAfee
2007-09-07 20:50 <DIR> d-------- C:\Program Files\America Online 9.0
2007-09-07 20:46 <DIR> d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\MSNInstaller
2007-08-16 15:34 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-08-16 08:50 <DIR> d--hs---- C:\DOCUME~1\HP-USE~1\UserData
2007-08-16 04:37 <DIR> d-------- C:\Program Files\Alarm
2007-08-16 03:11 <DIR> d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\Viewpoint
2007-08-14 10:10 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-11 00:33 <DIR> d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\HP
2007-08-10 23:12 <DIR> d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\Real
2007-08-10 07:20 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-08-10 07:20 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-08-10 07:20 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-08-09 14:31 <DIR> d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\AdobeUM
2007-08-09 14:01 <DIR> d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\GTek
2007-08-09 14:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gtek
2007-08-08 22:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-08-08 20:06 <DIR> d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\AOL
2007-08-08 20:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2007-08-08 20:05 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2007-08-08 20:05 173,184 --a------ C:\WINDOWS\system32\ygpss.scr
2007-08-08 20:05 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-08-08 20:05 <DIR> d-------- C:\Program Files\Real
2007-08-08 20:05 <DIR> d-------- C:\Program Files\QuickTime
2007-08-08 20:05 <DIR> d-------- C:\Program Files\Common Files\Real
2007-08-08 20:05 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-08-08 20:05 <DIR> d-------- C:\My Music
2007-08-08 20:05 <DIR> d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\You've Got Pictures Screensaver
2007-08-08 20:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-08-08 20:04 33,588 -ra------ C:\WINDOWS\system32\drivers\wanatw4.sys
2007-08-08 20:04 102,400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll
2007-08-08 20:04 10,752 --a------ C:\WINDOWS\system32\aamd532.dll
2007-08-08 20:04 <DIR> d-------- C:\Program Files\Viewpoint
2007-08-08 20:04 <DIR> d-------- C:\Program Files\Common Files\AolCoach
2007-08-08 20:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-08-08 20:03 335 --a------ C:\WINDOWS\nsreg.dat
2007-08-08 20:03 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-08-08 20:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-08-08 20:00 <DIR> d--h----- C:\TEMP
2007-08-08 19:53 <DIR> d-------- C:\DOCUME~1\HP-USE~1\APPLIC~1\Google
2007-08-08 19:50 8,453,632 --------- C:\WINDOWS\system32\dllcache\shell32.dll
2007-08-08 19:50 536,576 --------- C:\WINDOWS\system32\dllcache\msado15.dll
2007-08-08 19:50 200,704 --------- C:\WINDOWS\system32\dllcache\msadox.dll
2007-08-08 19:50 180,224 --------- C:\WINDOWS\system32\dllcache\msadomd.dll
2007-08-08 19:50 142,336 --------- C:\WINDOWS\system32\dllcache\nwprovau.dll
2007-08-08 19:50 134,656 --------- C:\WINDOWS\system32\dllcache\shsvcs.dll
2007-08-08 19:50 102,400 --------- C:\WINDOWS\system32\dllcache\msjro.dll
2007-08-08 19:50 1,498,112 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-08 19:49 86,528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-08-08 19:49 85,504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-08-08 19:49 683,520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-08 19:49 510,976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-08-08 19:49 292,864 --------- C:\WINDOWS\system32\dllcache\winsrv.dll
2007-08-08 19:49 1,314,816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
2007-08-08 19:47 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-08-08 19:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-07 09:42 44,192 --a------ C:\WINDOWS\system32\drivers\PcdrNt.sys
2007-08-07 09:42 167,456 --a------ C:\WINDOWS\system32\BOCOF.DLL
2007-08-07 09:42 109,056 --a------ C:\WINDOWS\UNWISE32.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-30 13:31 15308 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-28 17:30 --------- d-------- C:\Program Files\McAfee
2007-09-28 17:30 --------- d-------- C:\Program Files\Common Files\McAfee
2007-09-06 22:24 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-06 16:14 75248 --a------ C:\WINDOWS\zllsputility.exe
2007-09-06 16:14 1086952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-08-08 22:20 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-08 22:20 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-08 19:46 --------- d-------- C:\Program Files\Google
2007-07-30 20:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 20:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 20:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 20:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 20:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 20:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 20:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 20:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 20:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 20:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 20:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 20:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 20:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 20:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 20:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-06-27 07:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 07:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 07:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 07:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 07:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 01:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-26 08:13 851968 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 07:35 665600 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 01:12 96256 --a------ C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 01:12 616960 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 01:12 55808 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 01:12 532480 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 01:12 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 01:12 449024 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 01:12 39424 --a------ C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 01:12 357888 --a------ C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 01:12 3064320 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 01:12 251904 --a------ C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 01:12 205824 --a------ C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 01:12 16384 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 01:12 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 01:12 146432 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 01:12 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 01:12 1022976 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 03:32 18432 --a------ C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2005-09-24 09:49 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot_2007-09-29_113338.73 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 213,048 2005-05-24 18:27:16 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
----a-w 94,208 2007-09-07 18:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
----a-w 946,176 2007-09-07 18:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
----atw 16,384 2007-09-30 20:32:34 C:\WINDOWS\temp\Perflib_Perfdata_7f0.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 22:03]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 19:49]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 05:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 05:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 05:17]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 04:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 22:46]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 21:54]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 13:38]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" []
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 09:52]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-08-08 20:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-08 20:05]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 21:07]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 10:39:30]

R3 HBtnKey;HBtnKey;C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
S3 USBDongle;USBDongle;C:\WINDOWS\system32\DRIVERS\USBKey.sys

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-30 13:33:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???`W??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-30 13:36:05 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-30 13:36
C:\ComboFix2.txt ... 2007-09-29 11:34
.
--- E O F ---


It seems to be running fine. Can you tell by this log file if there is still a problem?
Thanks.

#14 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 02 October 2007 - 09:47 AM

Hello mozley411

Sorry to keep you waiting can you post a new HijackThis log and let me know how your system is running now

Thank you.

#15 mozley411

mozley411
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 03 October 2007 - 08:42 PM

That's ok. I've been really busy also. Here is the latest log. The system was acting fine for a while, but then started to act weird and I wasn't able to connect to the internet. I looked up troubleshooting tips in my Zone Alarm about connection problems and it said to deselect "Run Zone Alarm on startup". I deselected it and restarted - then it worked fine and I was able to connect. Coincidence or not, I don't know.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:10 PM, on 10/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Trend Micro\HijackThis\mozley.exe.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6881 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users