Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Tray Popup


  • Please log in to reply
5 replies to this topic

#1 deezz

deezz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 23 October 2007 - 02:22 PM

Hello everyone. This is my first time posting here. I have been reading these forums for awhile and can ususally fix my own problem by looking at others. The problem is i keep getting a pop in my system tray that is and ! in a yellow triangle telling me i have trojans and virus's and i i right click to get rid of it and it keeps coming back. I keep getting Microsoft Visual C ++ Runtime Library errors right after this and i am sure the two are related.I have seen this problem and i have tried the solutions on here but they don't seem to be working for me. I have tried ad aware/ spybot s&d and i have used the smitfraud fix all of these in safe mode. Here is my HiJackthis log.

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:56 PM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adsense Helper Object - {18FA53D3-B7A8-4309-8045-D43D6AA2DCE9} - C:\Program Files\Adsense Helper Object\aho.v4.dll
O2 - BHO: (no name) - {215DF2C6-EE91-429B-89C0-BECCC3243E07} - (no file)
O2 - BHO: (no name) - {288FA1C4-44FD-43EF-8CF7-1C88E3C4BF5F} - C:\WINDOWS\system32\vtsqr.dll (file missing)
O2 - BHO: (no name) - {2BC5247B-430B-44FE-BBD7-EEA7A151FF9C} - C:\WINDOWS\system32\awvts.dll (file missing)
O2 - BHO: (no name) - {31F5E9BB-4496-46E5-B804-5AC19D851F42} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: (no name) - {38476826-EA15-488F-8212-7F5D1F4051FF} - C:\WINDOWS\system32\ddaya.dll (file missing)
O2 - BHO: (no name) - {43AD6BA9-3EB1-4FBC-8499-DE35CDCD5EC8} - C:\WINDOWS\system32\mllmn.dll (file missing)
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {68C42AC5-1BCD-4B68-9A5C-3D55E1ED88E0} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: 0 - {781EBD76-1DAD-4A1C-26BA-02C9E405FC1B} - C:\Program Files\CyberLink\lavuha.dll (file missing)
O2 - BHO: (no name) - {79533ED5-E896-4DA8-8341-F1465F5C4BDB} - C:\WINDOWS\system32\ddcya.dll (file missing)
O2 - BHO: (no name) - {7E9F747F-1FD3-4E6B-9B63-CF533C97DD59} - C:\WINDOWS\system32\mllml.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\nokdkphl.dll (file missing)
O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - C:\Program Files\ISM\BndDrive5.dll (file missing)
O2 - BHO: (no name) - {9FC422E7-3202-4654-AB51-EA3719CB42A7} - C:\WINDOWS\system32\awtqo.dll (file missing)
O2 - BHO: (no name) - {A498C649-47A8-4915-8A78-18CF13DBC62B} - \
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\tkffhmfr.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {CC18FC8B-B562-4886-AC25-D0FFD8C28838} - C:\WINDOWS\system32\kplvvhpl.dll (file missing)
O2 - BHO: (no name) - {ED8EB41F-171D-45AB-B787-0B83B420D070} - C:\WINDOWS\system32\mllmk.dll (file missing)
O2 - BHO: (no name) - {F037C830-C6CD-4B38-87B4-66A8A2FB5F30} - C:\WINDOWS\system32\ddaby.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {F49F65EC-F96D-412E-B7FC-1D180AC92E13} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O2 - BHO: (no name) - {F884BE4E-64D5-43FE-80A4-DB8D63C748F0} - C:\WINDOWS\system32\ljjhfge.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\tkffhmfr.dll
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 2\LMonitor.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: cpcScanner -
O16 - DPF: WebControlDeploy -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147486293015
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} -
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: ljjhfge - ljjhfge.dll (file missing)
O20 - Winlogon Notify: rqrsqol - rqrsqol.dll (file missing)
O20 - Winlogon Notify: tkffhmfr - C:\WINDOWS\SYSTEM32\tkffhmfr.dll
O20 - Winlogon Notify: vtsqr - C:\WINDOWS\system32\vtsqr.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\ddrvkons.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)

--
End of file - 9486 bytes

Thank you for your help it is greatly appreciated.

Anthony

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 23 October 2007 - 03:17 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.

Since you say you have already tried using SmitfraudFix, I am going to assume that it is still saved on your computer.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1, and press Enter.
A text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

In your next reply I would like to see the Combofix report, rapport.txt and a new HijackThis log [from Normal Mode].
Thanks,
Charles

Edited by rookie147, 23 October 2007 - 03:17 PM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 deezz

deezz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 23 October 2007 - 03:47 PM

Hello and thank you for your time here are the requested files.

SmitFraudFix v2.240

Scan done at 16:43:32.51, Tue 10/23/2007
Run from C:\Documents and Settings\Top Secret\Desktop\SmitFraud\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ddrvkons.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Top Secret


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Top Secret\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TOPSEC~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~4\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Rhine II Fast Ethernet Adapter
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1

Description: VIA Rhine II Fast Ethernet Adapter
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3C916BC0-FE44-42CC-B266-1B1B1EC7FB84}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7E27FE93-43C5-44AF-B207-A3E82B80A6E6}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A07907FA-4BCD-421D-95D9-967B32E62BB0}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3C916BC0-FE44-42CC-B266-1B1B1EC7FB84}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E27FE93-43C5-44AF-B207-A3E82B80A6E6}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A07907FA-4BCD-421D-95D9-967B32E62BB0}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3C916BC0-FE44-42CC-B266-1B1B1EC7FB84}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7E27FE93-43C5-44AF-B207-A3E82B80A6E6}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A07907FA-4BCD-421D-95D9-967B32E62BB0}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

ComboFix 07-10-23.1 - Top Secret 2007-10-23 16:23:37.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.542 [GMT -4:00]
Running from: C:\Documents and Settings\Top Secret\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\amy behrens\Desktop\Find Spyware Remover.lnk
C:\Documents and Settings\amy behrens\Desktop\Live Safety Center.lnk
C:\Documents and Settings\amy behrens\Desktop\Online Security Guide.lnk
C:\Documents and Settings\amy behrens\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Top Secret\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Top Secret\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Top Secret\Favorites\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\tkffhmfr.dllbox
C:\WINDOWS\system32\wapisvsu32.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-23 to 2007-10-23 )))))))))))))))))))))))))))))))
.

2007-10-23 14:53 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-23 14:53 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-23 14:53 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-23 14:53 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-23 14:53 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-22 23:41 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-22 23:34 <DIR> d-------- C:\WINDOWS\LastGood
2007-10-22 19:56 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-22 19:56 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-22 19:56 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-22 19:56 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-22 19:56 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-22 19:56 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-22 19:56 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-22 19:56 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-20 17:07 2,148 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-20 05:22 <DIR> d-------- C:\WINDOWS\Sun
2007-10-19 19:57 <DIR> d-------- C:\Documents and Settings\Top Secret\Incomplete
2007-10-19 19:57 <DIR> d-------- C:\Documents and Settings\Top Secret\Application Data\LimeWire
2007-10-19 19:51 <DIR> d-------- C:\Program Files\LimeWire
2007-10-19 19:51 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-18 20:42 75,328 --a------ C:\WINDOWS\system32\ddrvkons.exe
2007-10-18 20:37 409,724 --ahs---- C:\WINDOWS\system32\aycdd.bak2
2007-10-18 20:37 340,032 --a------ C:\WINDOWS\system32\tkffhmfr.dll
2007-10-18 20:37 340,032 --a------ C:\WINDOWS\system32\mlwwfdid.dll
2007-10-18 15:04 <DIR> d-------- C:\Program Files\ISM
2007-10-18 07:31 <DIR> d-------- C:\Documents and Settings\Top Secret\Application Data\AVG7
2007-10-18 07:08 6,465 --ahs---- C:\WINDOWS\system32\aycdd.bak1
2007-10-17 22:18 75,328 --a------ C:\WINDOWS\system32\wklqhxak.exe
2007-10-17 09:59 75,328 --a------ C:\WINDOWS\system32\oqwvwgjl.exe
2007-10-16 21:53 644,502 --ahs---- C:\WINDOWS\system32\stvwa.bak1
2007-10-16 20:22 644,502 --ahs---- C:\WINDOWS\system32\oqtwa.bak1
2007-10-16 19:17 <DIR> d-------- C:\WINDOWS\àppPatch
2007-10-16 19:17 <DIR> d-------- C:\Program Files\Adsense Helper Object
2007-10-16 18:12 <DIR> d-------- C:\WINDOWS\system32\??pPatch
2007-10-16 06:46 75,328 --a------ C:\WINDOWS\system32\yknxrvat.exe
2007-10-15 18:41 652,594 --ahs---- C:\WINDOWS\system32\nmllm.bak1
2007-10-15 17:18 6,473 --ahs---- C:\WINDOWS\system32\lmllm.bak1
2007-10-15 09:16 7,305 --ahs---- C:\WINDOWS\system32\jjllm.ini2
2007-10-15 08:39 649,637 --ahs---- C:\WINDOWS\system32\jjllm.bak2
2007-10-15 08:39 75,328 --a------ C:\WINDOWS\system32\vamtninu.exe
2007-10-15 08:27 6,473 --ahs---- C:\WINDOWS\system32\jjllm.bak1
2007-10-15 08:21 <DIR> d-------- C:\Documents and Settings\amy behrens\Application Data\Lavasoft
2007-10-15 04:40 75,328 --a------ C:\WINDOWS\system32\fkndfpox.exe
2007-10-14 15:48 <DIR> d---s---- C:\Documents and Settings\Top Secret\UserData
2007-10-14 01:32 75,328 --a------ C:\WINDOWS\system32\exypauna.exe
2007-10-13 01:29 736,043 --ahs---- C:\WINDOWS\system32\ppqss.bak2
2007-10-13 01:29 75,328 --a------ C:\WINDOWS\system32\guckjydq.exe
2007-10-12 23:09 <DIR> d-------- C:\WINDOWS\system32\F?nts
2007-10-12 21:36 6,473 --ahs---- C:\WINDOWS\system32\gjjlm.bak1
2007-10-12 21:29 75,328 --a------ C:\WINDOWS\system32\pevhxlnw.exe
2007-10-12 21:28 719,445 --ahs---- C:\WINDOWS\system32\kmllm.bak2
2007-10-12 17:01 <DIR> d-------- C:\Program Files\Riverdeep
2007-10-12 17:00 <DIR> d-------- C:\Program Files\Web Publish
2007-10-12 17:00 970,752 --a------ C:\WINDOWS\system32\cdintf210.dll
2007-10-12 16:57 <DIR> d-------- C:\Program Files\The Print Shop 20
2007-10-12 16:57 <DIR> d-------- C:\Program Files\Common Files\Broderbund
2007-10-12 12:48 6,473 --ahs---- C:\WINDOWS\system32\lnnmp.bak1
2007-10-12 08:40 <DIR> d-------- C:\Documents and Settings\Top Secret\Application Data\Lavasoft
2007-10-11 23:34 <DIR> d-------- C:\Program Files\Adobe
2007-10-11 20:46 75,328 --a------ C:\WINDOWS\system32\lbsrhmkd.exe
2007-10-11 18:47 <DIR> d-------- C:\Program Files\Outerinfo
2007-10-11 18:47 <DIR> d-------- C:\Program Files\?icrosoft
2007-10-11 10:36 75,328 --a------ C:\WINDOWS\system32\njfnapiw.exe
2007-10-10 22:33 726,801 --ahs---- C:\WINDOWS\system32\ppqss.bak1
2007-10-10 17:15 715,515 --ahs---- C:\WINDOWS\system32\kmllm.bak1
2007-10-10 12:20 <DIR> d-------- C:\Program Files\WinAble
2007-10-10 12:20 <DIR> d-------- C:\Program Files\Temporary
2007-10-10 12:05 <DIR> d---s---- C:\Documents and Settings\amy behrens\Application Data\Microsoft
2007-10-10 12:04 <DIR> d-------- C:\WINDOWS\system32\vMW10a
2007-10-10 12:04 <DIR> d-------- C:\WINDOWS\system32\q21
2007-10-10 12:04 <DIR> d-------- C:\WINDOWS\system32\ipd2
2007-10-10 12:04 <DIR> d-------- C:\WINDOWS\system32\f1
2007-10-10 12:04 <DIR> d-------- C:\WINDOWS\system32\cv7
2007-10-10 12:04 <DIR> d-------- C:\WINDOWS\system32\ap1
2007-10-10 12:04 <DIR> d-------- C:\temp\xOe
2007-10-10 12:04 <DIR> d-------- C:\temp\1cb
2007-10-10 12:04 <DIR> d-------- C:\Program Files\ISM2
2007-10-09 21:31 584,192 --a------ C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-07 18:51 <DIR> dr-h----- C:\Documents and Settings\Top Secret\Application Data\SecuROM
2007-10-07 18:32 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-10-07 18:32 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-10-07 18:32 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-10-07 18:32 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-10-07 18:31 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-10-07 18:29 <DIR> d-------- C:\Program Files\Sierra Entertainment
2007-10-07 16:44 <DIR> d-------- C:\Documents and Settings\Top Secret\Application Data\InstallShield
2007-10-07 12:42 <DIR> d-------- C:\Documents and Settings\Top Secret\Application Data\Ventrilo
2007-10-02 16:49 <DIR> d-------- C:\Documents and Settings\Top Secret\Application Data\Apple Computer
2007-10-01 11:17 <DIR> d-------- C:\Documents and Settings\Top Secret\.jpi_cache
2007-10-01 11:17 <DIR> d-------- C:\Documents and Settings\Top Secret\.java
2007-10-01 01:00 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-09-30 22:56 <DIR> d-------- C:\Documents and Settings\Top Secret\Application Data\OpenOffice.org2
2007-09-29 16:33 <DIR> d-------- C:\Documents and Settings\Top Secret\Application Data\Turbine
2007-09-28 21:15 <DIR> d-------- C:\Documents and Settings\Top Secret\Application Data\GetRightToGo
2007-09-25 20:05 <DIR> d-------- C:\Documents and Settings\Top Secret\Application Data\ATI
2007-09-24 19:29 <DIR> d-------- C:\Documents and Settings\Top Secret\Application Data\Talkback

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-23 19:02 --------- d-----w C:\Program Files\Trend Micro
2007-10-23 02:40 --------- d-----w C:\Program Files\Motherboard Monitor 5
2007-10-22 23:36 --------- d-----w C:\Program Files\DivX
2007-10-19 23:53 --------- d-----w C:\Program Files\Java
2007-10-18 11:03 --------- d-----w C:\Program Files\DirectX
2007-10-12 12:45 --------- d-----w C:\Program Files\?icrosoft
2007-10-12 03:34 --------- d-----w C:\Program Files\?dobe
2007-10-11 15:09 --------- d-----w C:\Documents and Settings\amy behrens\Application Data\??crosoft
2007-10-07 22:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-29 17:44 --------- d-----w C:\Program Files\Turbine
2007-09-23 03:42 --------- d-----w C:\Program Files\Common Files\Screaming Bee
2007-09-23 03:41 --------- d-----w C:\Program Files\Screaming Bee
2007-09-23 03:04 --------- d-----w C:\Program Files\Logitech
2007-09-23 03:04 --------- d-----w C:\Program Files\Common Files\Logitech
2007-09-17 20:45 --------- d-----w C:\Program Files\OpenOffice.org1.1.3
2007-09-15 14:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-09-14 19:00 --------- d-----w C:\Program Files\Norton Security Scan
2007-09-11 03:18 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-08-30 21:00 --------- d-----w C:\Documents and Settings\amy behrens\Application Data\Common Files
2007-08-30 20:55 --------- d-----w C:\Documents and Settings\amy behrens\Application Data\HP
2007-08-29 21:06 --------- d-----w C:\Program Files\Picasa2
2007-08-23 03:24 --------- d-----w C:\Program Files\Google
2007-08-23 03:03 --------- d-----w C:\Program Files\Common Files\Adobe
2004-08-29 14:41 77,308 ----a-w C:\Program Files\Rizzle Dizzle.bgn
2003-07-29 04:16 791,552 ----a-w C:\Documents and Settings\SetiSpy\setiathome_win_3_08.exe
2003-06-09 02:55 19,302,690 ----a-w C:\Program Files\44.03_win2kxp_international.exe
2003-06-07 21:23 472,576 ----a-w C:\Documents and Settings\SetiSpy\SetiSpy.exe
2003-06-07 18:33 266 --sh--w C:\Program Files\desktop.ini
2003-06-07 18:33 11,079 -c-ha-w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18FA53D3-B7A8-4309-8045-D43D6AA2DCE9}]
2007-10-18 18:10 23040 --a------ C:\Program Files\Adsense Helper Object\aho.v4.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{215DF2C6-EE91-429B-89C0-BECCC3243E07}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{288FA1C4-44FD-43EF-8CF7-1C88E3C4BF5F}]
C:\WINDOWS\system32\vtsqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BC5247B-430B-44FE-BBD7-EEA7A151FF9C}]
C:\WINDOWS\system32\awvts.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31F5E9BB-4496-46E5-B804-5AC19D851F42}]
C:\WINDOWS\system32\mlljj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38476826-EA15-488F-8212-7F5D1F4051FF}]
C:\WINDOWS\system32\ddaya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43AD6BA9-3EB1-4FBC-8499-DE35CDCD5EC8}]
C:\WINDOWS\system32\mllmn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68C42AC5-1BCD-4B68-9A5C-3D55E1ED88E0}]
C:\WINDOWS\system32\mlljj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{781EBD76-1DAD-4A1C-26BA-02C9E405FC1B}]
C:\Program Files\CyberLink\lavuha.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79533ED5-E896-4DA8-8341-F1465F5C4BDB}]
C:\WINDOWS\system32\ddcya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E9F747F-1FD3-4E6B-9B63-CF533C97DD59}]
C:\WINDOWS\system32\mllml.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FC422E7-3202-4654-AB51-EA3719CB42A7}]
C:\WINDOWS\system32\awtqo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A498C649-47A8-4915-8A78-18CF13DBC62B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-18 20:37 340032 --a------ C:\WINDOWS\system32\tkffhmfr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC18FC8B-B562-4886-AC25-D0FFD8C28838}]
C:\WINDOWS\system32\kplvvhpl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED8EB41F-171D-45AB-B787-0B83B420D070}]
C:\WINDOWS\system32\mllmk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F037C830-C6CD-4B38-87B4-66A8A2FB5F30}]
C:\WINDOWS\system32\ddaby.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F49F65EC-F96D-412E-B7FC-1D180AC92E13}]
C:\WINDOWS\system32\jkhfe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\tkffhmfr.dll [2007-10-18 20:37 340032]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LiveMonitor"="C:\Program Files\MSI\Live Update 2\LMonitor.exe" []
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 17:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-20 18:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-13 03:20]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 03:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjhfge]
ljjhfge.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrsqol]
rqrsqol.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tkffhmfr]
tkffhmfr.dll 2007-10-18 20:37 340032 C:\WINDOWS\system32\tkffhmfr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqr]
C:\WINDOWS\system32\vtsqr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^E-Color.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\E-Color.lnk
backup=C:\WINDOWS\pss\E-Color.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gameutil.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gameutil.exe.lnk
backup=C:\WINDOWS\pss\gameutil.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Media Card Companion Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Media Card Companion Monitor.lnk
backup=C:\WINDOWS\pss\Media Card Companion Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^anthony ackels^Start Menu^Programs^Startup^bach - air for g string.mp3]
path=C:\Documents and Settings\anthony ackels\Start Menu\Programs\Startup\bach - air for g string.mp3
backup=C:\WINDOWS\pss\bach - air for g string.mp3Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^anthony ackels^Start Menu^Programs^Startup^OpenOffice.org 1.1.3.lnk]
path=C:\Documents and Settings\anthony ackels\Start Menu\Programs\Startup\OpenOffice.org 1.1.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 1.1.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^anthony ackels^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk]
path=C:\Documents and Settings\anthony ackels\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^anthony ackels^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\anthony ackels\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^anthony ackels^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\anthony ackels\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Top Secret^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk]
path=C:\Documents and Settings\Top Secret\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\deupdchk]
C:\WINDOWS\Dialer\_x-Finder.exe !

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
C:\Program Files\Micro Innovations\Wireless Laser Mouse\moffice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
"C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBM 5]
"C:\Program Files\Motherboard Monitor 5\MBM5.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft IntelliType Pro]
C:\Program Files\Microsoft Hardware\Keyboard\SpeedKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
"C:\Program Files\Microsoft Location Finder\LocationFinder.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
C:\Program Files\NetZero\exec.exe regrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProtoWall]
C:\Program Files\Dudez\ProtoWall\ProtoWall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RedLine Taskbar]
C:\Program Files\RedLine\Taskbar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
rundll32.exe "C:\WINDOWS\system32\kmstbxav.dll",sitypnow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Si Meter]
C:\PROGRA~1\SIMETE~1\SiMeter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
mgrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniUploader]
C:\Program Files\UniUploader\UniUploader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA]
C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Documents and Settings\anthony ackels\Desktop\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
C:\Program Files\Web Buying\v1.6.8\webbuying.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
C:\Program Files\winupdates\winupdates.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WWNExporter]
C:\Program Files\WWNExporter\WWNExporter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}]
C:\Documents and Settings\anthony ackels\Local Settings\Temp\TICHD003.exe CHD003

R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS
R3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys
S2 DomainService;DomainService;C:\WINDOWS\system32\ddrvkons.exe /service
S2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys
S2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys
S2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys
S2 RVIEG01;VSC Engine;\??\C:\Program Files\Cakewalk\Shared Dxi\Roland\RVIEg01.sys
S3 3c1807pd;U.S. Robotics V.92 Fax Win Int;C:\WINDOWS\system32\DRIVERS\3c1807pd.sys
S3 cdiskdun;cdiskdun;\??\C:\DOCUME~1\ANTHON~1\LOCALS~1\Temp\cdiskdun.sys
S3 Ndisusb;GeneLink Network Driver;C:\WINDOWS\system32\DRIVERS\genelan.sys
S3 Probe;Probe;C:\WINDOWS\system32\DRIVERS\probe.sys
S3 ProtoWall;ProtoWall Network Service;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys
S3 WEBNTACCESS;WEBNTACCESS;\??\C:\WINDOWS\System32\NTACCESS.SYS

.
Contents of the 'Scheduled Tasks' folder
"2006-08-01 05:10:00 C:\WINDOWS\Tasks\defrag.job"
- C:\WINDOWS\system32\defrag.exe
"2004-07-27 02:29:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
"2007-10-23 20:31:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
"2007-10-19 19:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-23 16:31:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-23 16:34:35 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-26 18:52
C:\ComboFix2.txt ... 2007-05-26 18:52
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:30 PM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ddrvkons.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adsense Helper Object - {18FA53D3-B7A8-4309-8045-D43D6AA2DCE9} - C:\Program Files\Adsense Helper Object\aho.v4.dll
O2 - BHO: (no name) - {215DF2C6-EE91-429B-89C0-BECCC3243E07} - (no file)
O2 - BHO: (no name) - {288FA1C4-44FD-43EF-8CF7-1C88E3C4BF5F} - C:\WINDOWS\system32\vtsqr.dll (file missing)
O2 - BHO: (no name) - {2BC5247B-430B-44FE-BBD7-EEA7A151FF9C} - C:\WINDOWS\system32\awvts.dll (file missing)
O2 - BHO: (no name) - {31F5E9BB-4496-46E5-B804-5AC19D851F42} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: (no name) - {38476826-EA15-488F-8212-7F5D1F4051FF} - C:\WINDOWS\system32\ddaya.dll (file missing)
O2 - BHO: (no name) - {43AD6BA9-3EB1-4FBC-8499-DE35CDCD5EC8} - C:\WINDOWS\system32\mllmn.dll (file missing)
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {68C42AC5-1BCD-4B68-9A5C-3D55E1ED88E0} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: 0 - {781EBD76-1DAD-4A1C-26BA-02C9E405FC1B} - C:\Program Files\CyberLink\lavuha.dll (file missing)
O2 - BHO: (no name) - {79533ED5-E896-4DA8-8341-F1465F5C4BDB} - C:\WINDOWS\system32\ddcya.dll (file missing)
O2 - BHO: (no name) - {7E9F747F-1FD3-4E6B-9B63-CF533C97DD59} - C:\WINDOWS\system32\mllml.dll (file missing)
O2 - BHO: (no name) - {9FC422E7-3202-4654-AB51-EA3719CB42A7} - C:\WINDOWS\system32\awtqo.dll (file missing)
O2 - BHO: (no name) - {A498C649-47A8-4915-8A78-18CF13DBC62B} - \
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\tkffhmfr.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {CC18FC8B-B562-4886-AC25-D0FFD8C28838} - C:\WINDOWS\system32\kplvvhpl.dll (file missing)
O2 - BHO: (no name) - {ED8EB41F-171D-45AB-B787-0B83B420D070} - C:\WINDOWS\system32\mllmk.dll (file missing)
O2 - BHO: (no name) - {F037C830-C6CD-4B38-87B4-66A8A2FB5F30} - C:\WINDOWS\system32\ddaby.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {F49F65EC-F96D-412E-B7FC-1D180AC92E13} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\tkffhmfr.dll
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 2\LMonitor.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: cpcScanner -
O16 - DPF: WebControlDeploy -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147486293015
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} -
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: ljjhfge - ljjhfge.dll (file missing)
O20 - Winlogon Notify: rqrsqol - rqrsqol.dll (file missing)
O20 - Winlogon Notify: tkffhmfr - C:\WINDOWS\SYSTEM32\tkffhmfr.dll
O20 - Winlogon Notify: vtsqr - C:\WINDOWS\system32\vtsqr.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\ddrvkons.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)

--
End of file - 9573 bytes

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 23 October 2007 - 04:40 PM

You have quite a heavily infected computer, it is likely that we will need to perform a few scans before you will be completely clean from malware, so please bear with me.
Before we start with the fix, I would like one more log from you, then we will begin to tackle it all.

Make a list of all the programs installed on your computer:
Open HijackThis
Click the Config... button, then go to the Misc Tools section.
Press Open Uninstall Manager. You'll see a list of programs.
Select Save List... - save it to your Desktop.
The file "uninstall_list.txt" will be created.
Copy and paste the contents of this file to your next reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 deezz

deezz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 23 October 2007 - 04:47 PM

1st Light
3Deep
Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 8.1.0
Adobe Shockwave Player
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL You've Got Pictures Screensaver
ArcSoft Media Card Companion
ArcSoft PhotoImpression
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATI HydraVision
ATI Parental Control & Encoder
ATI Parental Control & Encoder
AVG 7.5
AvPropPlugin 1.0.0.1
Azureus
Battlefield 2™ Demo
Belkin Wireless Utility
CCleaner (remove only)
CCScore
ClearType Tuning Control Panel Applet
Company of Heroes
DAEMON Tools
Desktop Sidebar
Diner Dash
DivX Player 2.1
DivX Pro Codec
DreamStation DXi
DVD Shrink 3.2
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
ESSvpaht
ESSvpot
FileSpecs plug-in for Ad-Aware SE
FinePixViewer Resource
FinePixViewer Ver.5.1
FUJIFILM USB Driver
Full Tilt Poker.Net
Google Desktop
Google Earth
Google Photos Screensaver
Google Updater
Guild Wars
HexDump plug-in for Ad-Aware SE
HijackThis 2.0.2
HLPIndex
HLPSFO
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
ImageMixer VCD2 LE for FinePix
InfoView
Internet Speed Monitor
iPod Updater 2004-08-06
iTunes
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.1_03
Java Web Start
Java™ 6 Update 2
Kodak EasyShare software
KSU
LGE MF-PE550 Explorer
LimeWire 4.14.10
LiveUpdate BVRP Software
Logitech G15 Keyboard Software 1.04
LSP Explorer plug-in for Ad-Aware SE
Luxor
MaxBlast 3
Memorex exPressit Label Design Studio
Memories Disc Creator 2.0
Messenger-Control plug-in for Ad-Aware SE
Micro Innovations Wireless Laser Mouse
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliType Pro
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Streets & Trips 2006
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
mobile PhoneTools
MorphVOX Junior
Motherboard Monitor 5
Mozilla Firefox (2.0.0.8)
Mozilla Thunderbird (1.5)
MSN Messenger 7.5
MSXML 4.0
MSXML 4.0
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML4 Parser
My Wal-Mart Digital Photo Center
Nero OEM
NeroVision Express 2 SE
Netscape (7.2)
NetZero
Norton Security Scan
Notifier
NVIDIA Display Driver
OE/W Messengerctrl plug-in for Ad-Aware SE
OfotoXMI
OpenOffice.org 2.1
OTtBP
OTtBPSDK
Picasa 2
PiraMod_20200.00
Poppit To Go
PowerDVD
Pure Networks Port Magic
QuickTime
RAW FILE CONVERTER LE
RealPlayer
Realtek AC'97 Audio
RedLine
RingCentral Fax
Risk 2
RTLSetup 2.50.503
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
SFR
SHASTA
Shockwave
Sid Meier's Civilization 4
SKIN0001
SKINXSDK
Special Internet Offers
Spybot - Search & Destroy 1.4
The Lord of the Rings Online™: Shadows of Angmar™ v01.04.00.806
The Print Shop 20
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Tweak-SE plug-in for Ad-Aware SE
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
USB Modem Driver
VeloMaster Lite CW
Ventrilo Client
Verizon Online
Verizon Yahoo! Applications
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player
Virtual Sound Canvas DXi
VPRINTOL
VX2 Cleaner plug-in for Ad-Aware SE
WexTech AnswerWorks
WinAce Archiver 2.0
Windows Defender
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WIRELESS
World in Conflict - DEMO
World of Warcraft
Zuma Deluxe 1.0

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 24 October 2007 - 03:32 PM

Hello again,
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Step #1
You are using peer-to-peer programs.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.
For more information about infections as a result of p2p programs, take a look here: http://p2p.malwareremoval.com/

I see you have Viewpoint installed:
Viewpoint Manager is considered to be foistware rather than malware, since it is installed without your approval but doesn't actually spy or do anything "bad". This will soon change, according to this article, which you may want to read: http://www.clickz.com/news/article.php/3561546
I recommend that you remove the Viewpoint products. If you do decide to get rid of it, please remove all references to Viewpoint from Add/Remove Programs.

You also have Weatherbug installed.
This is very much an ad-enabled application, which in addition to providing current outdoor temperature information in the System Tray together with real-time weather alerts, can also draw unwanted ads and popups to your computer.
My recommendation is that you uninstall it from your computer.
If you want a program which provides weather information, there is an ad-free alternative to Weatherbug called WeatherWatcher which is available free from here: http://www.snapfiles.com/get/weatherwatcher.html.

Step #2
Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

O2 - BHO: Adsense Helper Object - {18FA53D3-B7A8-4309-8045-D43D6AA2DCE9} - C:\Program Files\Adsense Helper Object\aho.v4.dll
O2 - BHO: (no name) - {215DF2C6-EE91-429B-89C0-BECCC3243E07} - (no file)
O2 - BHO: (no name) - {288FA1C4-44FD-43EF-8CF7-1C88E3C4BF5F} - C:\WINDOWS\system32\vtsqr.dll (file missing)
O2 - BHO: (no name) - {2BC5247B-430B-44FE-BBD7-EEA7A151FF9C} - C:\WINDOWS\system32\awvts.dll (file missing)
O2 - BHO: (no name) - {31F5E9BB-4496-46E5-B804-5AC19D851F42} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: (no name) - {38476826-EA15-488F-8212-7F5D1F4051FF} - C:\WINDOWS\system32\ddaya.dll (file missing)
O2 - BHO: (no name) - {43AD6BA9-3EB1-4FBC-8499-DE35CDCD5EC8} - C:\WINDOWS\system32\mllmn.dll (file missing)
O2 - BHO: (no name) - {68C42AC5-1BCD-4B68-9A5C-3D55E1ED88E0} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: 0 - {781EBD76-1DAD-4A1C-26BA-02C9E405FC1B} - C:\Program Files\CyberLink\lavuha.dll (file missing)
O2 - BHO: (no name) - {79533ED5-E896-4DA8-8341-F1465F5C4BDB} - C:\WINDOWS\system32\ddcya.dll (file missing)
O2 - BHO: (no name) - {7E9F747F-1FD3-4E6B-9B63-CF533C97DD59} - C:\WINDOWS\system32\mllml.dll (file missing)
O2 - BHO: (no name) - {9FC422E7-3202-4654-AB51-EA3719CB42A7} - C:\WINDOWS\system32\awtqo.dll (file missing)
O2 - BHO: (no name) - {A498C649-47A8-4915-8A78-18CF13DBC62B} - \
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\tkffhmfr.dll
O2 - BHO: (no name) - {CC18FC8B-B562-4886-AC25-D0FFD8C28838} - C:\WINDOWS\system32\kplvvhpl.dll (file missing)
O2 - BHO: (no name) - {ED8EB41F-171D-45AB-B787-0B83B420D070} - C:\WINDOWS\system32\mllmk.dll (file missing)
O2 - BHO: (no name) - {F037C830-C6CD-4B38-87B4-66A8A2FB5F30} - C:\WINDOWS\system32\ddaby.dll (file missing)
O2 - BHO: (no name) - {F49F65EC-F96D-412E-B7FC-1D180AC92E13} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\tkffhmfr.dll
O16 - DPF: cpcScanner -
O16 - DPF: WebControlDeploy -
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} -
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} -
O20 - Winlogon Notify: ljjhfge - ljjhfge.dll (file missing)
O20 - Winlogon Notify: rqrsqol - rqrsqol.dll (file missing)
O20 - Winlogon Notify: tkffhmfr - C:\WINDOWS\SYSTEM32\tkffhmfr.dll
O20 - Winlogon Notify: vtsqr - C:\WINDOWS\system32\vtsqr.dll (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\ddrvkons.exe


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix checked button.

Step #3
Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\system32\ddrvkons.exe
C:\WINDOWS\system32\aycdd.bak2
C:\WINDOWS\system32\tkffhmfr.dll
C:\WINDOWS\system32\mlwwfdid.dll
C:\WINDOWS\system32\aycdd.bak1
C:\WINDOWS\system32\wklqhxak.exe
C:\WINDOWS\system32\oqwvwgjl.exe
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\oqtwa.bak1
C:\WINDOWS\system32\yknxrvat.exe
C:\WINDOWS\system32\nmllm.bak1
C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\jjllm.ini2
C:\WINDOWS\system32\jjllm.bak2
C:\WINDOWS\system32\vamtninu.exe
C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\fkndfpox.exe
C:\WINDOWS\system32\exypauna.exe
C:\WINDOWS\system32\ppqss.bak2
C:\WINDOWS\system32\guckjydq.exe
C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\pevhxlnw.exe
C:\WINDOWS\system32\kmllm.bak2
C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\lbsrhmkd.exe
C:\WINDOWS\system32\njfnapiw.exe
C:\WINDOWS\system32\ppqss.bak1
C:\WINDOWS\system32\kmllm.bak1
C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\system32\kmstbxav.dll
C:\Documents and Settings\anthony ackels\Local Settings\Temp\TICHD003.exe


Open 'file' in the killbox menu on top and choose Paste from clipboard
You must use the file menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to reboot now, click "yes".
Click OK at any Pending File Rename Operations prompts, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now. Please reboot your computer into Safe Mode, by pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Step #4
Set your system to show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Next, please find and delete the following folders (if present):

C:\WINDOWS\Dialer
C:\Program Files\Adsense Helper Object
C:\WINDOWS\system32\??pPatch
C:\WINDOWS\system32\F?nts
C:\Program Files\Outerinfo
C:\Program Files\?icrosoft
C:\Program Files\WinAble
C:\WINDOWS\system32\vMW10a
C:\WINDOWS\system32\q21
C:\WINDOWS\system32\ipd2
C:\WINDOWS\system32\f1
C:\WINDOWS\system32\cv7
C:\WINDOWS\system32\ap1
C:\Program Files\?dobe
C:\Documents and Settings\amy behrens\Application Data\??crosoft
C:\Program Files\Web Buying
C:\Program Files\winupdates

Step #5
Navigate to Start | Search | All files and folders.
Expand More advanced options, check 'Search system folders', 'Search hidden files and folders' and 'Search subfolders'.
Paste this into the All or part of the file name box:mgrs.exe
Then click Search.
If you find any examples of this, please remove them.

Step #6
Let's clean out your temporary internet files:
Close all open windows before we start.
Go to Start | Control Panel | Internet Options | General.
Click the Delete Cookies button.
Next to it, click the Delete Files button.
When prompted, place a check in: 'Delete all offline content', click OK

If you have Firefox installed, we need to clean out these temporary files as well:
Go to Tools | Options.
Click Privacy.
Press the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to finish, before closing it.
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

Now we'll clean other temporary files and your Recycle Bin:
Go to Start | Run | type: cleanmgr | OK.
Let it scan your system for files to remove.
Make sure 'Temporary Files', 'Temporary Internet Files', and 'Recycle Bin' are the only things checked.
Press OK to remove them.

Step #7
Copy and paste the following text into Notepad:
sc stop DomainService
sc delete DomainService
Save this as "services.bat". Choose to save as *all files and place it on your Desktop.
Double-click services.bat.

Step #8
The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.

Backup the Registry:
Navigate to Start | Run and paste the following:
regedit /e c:\registrybackup.reg
Now click OK
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Open Notepad and copy and paste the following quotebox into a new text document. (Don't forget to copy and paste REGEDIT4!)

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\deupdchk]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}]

Save this as fix.reg Choose to save as *all files and place it on your Desktop.
It should look like this: Posted Image
Double-click on it and when it asks you if you want to merge the contents to the registry, click Yes/OK.

Step #9
Reboot into Normal Mode again.

Download VundoFix to your Desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove.
VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please include VundoFix.txt and both a new HijackThis and Combofix log in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users