Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Infection, Please Help! Going Crazy Trying To Figure Out


  • Please log in to reply
5 replies to this topic

#1 bmxman4130

bmxman4130

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 14 January 2008 - 05:04 PM

HI All,

I am new here but finding a huge wealth of knowledge. Well got infected with Vundo so Systymantec said. Seems there were NO network devices, so all internet connection updates etc, can't really do. This problem is on my laptop, which I have been trying scans, putting files, etc on a memory card and trying to use it that way. I was going to reformat the whole hard drive, tried to do it, and it just partioned it onto the other drive, so now two operating systems? Last a bunch of stuff, but have it backed up mostly. Ran combo fix and log is below, also hijackthis and log below although I could'nt put file on desktop. Any help is appreciated. Thanks in Advance

ComboFix 08-01-15.1 - Admin 2008-01-14 16:37:10.1 - NTFSx86 MINIMAL
Running from: F:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Admin\g2mdlhlpx.exe
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\WINDOWS\b122.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\Temp
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\fghkj.ini
C:\WINDOWS\system32\fghkj.ini2
C:\WINDOWS\system32\goohbqsk.ini
C:\WINDOWS\system32\jkhgf.dll
C:\WINDOWS\system32\jkhgf.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\suspend.exe
C:\winlogon.exe
C:\x.dat
C:\z.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.

2008-01-14 16:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 00:43 . 2008-01-14 00:43 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-14 00:19 . 2008-01-14 00:19 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-01-10 12:44 . 2008-01-14 00:20 455,168 --a--c--- C:\WINDOWS\system32\dllcache\tintsetp .exe
2008-01-10 12:23 . 2008-01-10 12:23 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-01-10 12:14 . 2006-02-28 07:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-01-10 12:13 . 2006-02-28 07:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-01-10 12:09 . 2008-01-10 12:09 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-10 12:09 . 2008-01-10 12:09 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-10 12:09 . 2008-01-10 12:09 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-10 12:09 . 2008-01-10 12:09 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-01-10 12:09 . 2008-01-10 12:09 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-10 12:09 . 2008-01-10 12:09 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-10 12:08 . 2006-02-28 07:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-01-10 12:05 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2008-01-10 12:05 . 2004-08-03 23:00 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2008-01-10 12:05 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2008-01-10 12:05 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-01-10 11:55 . 2001-08-17 13:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2008-01-09 20:40 . 2004-12-14 11:07 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-01-09 20:38 . 2004-12-14 11:07 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-01-09 20:35 . 2004-12-14 11:07 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-01-09 20:26 . 2004-12-14 11:07 708,608 -ra------ C:\WINDOWS\system32\hpotiop.dll
2008-01-09 20:26 . 2004-12-14 11:07 278,528 -ra------ C:\WINDOWS\system32\hpgwiamd.dll
2008-01-09 20:26 . 2004-12-14 11:07 274,432 -ra------ C:\WINDOWS\system32\HPZc3212.dll
2008-01-09 20:26 . 2004-12-14 11:07 229,376 -ra------ C:\WINDOWS\system32\hpovst08.dll
2008-01-07 16:00 . 2008-01-15 16:45 14,336 --a------ C:\WINDOWS\system32\svchost .exe
2008-01-07 13:11 . 2008-01-07 13:11 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-28 14:53 . 2007-12-29 00:57 <DIR> d--hs---- C:\WINDOWS\Li4uLi4u
2007-12-26 01:27 . 2008-01-14 01:39 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-25 23:30 . 2007-12-28 14:17 483,328 --a------ C:\WINDOWS\system32\hphmon05 .exe
2007-12-25 23:30 . 2007-12-27 11:13 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-25 23:12 . 2007-12-25 23:12 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-25 22:42 . 2007-12-25 22:42 <DIR> d-------- C:\WINDOWS\system32\ardCo18
2007-12-25 22:42 . 2007-12-25 22:42 <DIR> d-------- C:\Temp\cEeer12
2007-12-25 22:42 . 2007-12-28 14:23 39,936 --a------ C:\WINDOWS\mrofinu1188.exe.tmp
2007-12-25 22:42 . 2007-12-25 22:42 134 --a------ C:\n.bat
2007-12-25 22:40 . 2007-12-27 11:13 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 19:05 --------- d-----w C:\Program Files\PokerStars
2008-01-07 18:25 --------- d-----w C:\Program Files\Norton SystemWorks
2007-12-29 05:45 --------- d-----w C:\Program Files\iTunes
2007-12-29 05:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-28 19:17 --------- d-----w C:\Program Files\SkypeUSBPhoneDriver
2007-12-27 16:46 --------- d-----w C:\Program Files\QuickTime
2007-12-26 06:53 --------- d-----w C:\Program Files\LimeWire
2007-12-19 02:15 --------- d-----w C:\Program Files\Apple Software Update
2007-12-08 21:01 --------- d-----w C:\Program Files\iPod
2007-11-25 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-25 06:31 --------- d-----w C:\Documents and Settings\Admin\Application Data\Viewpoint
2005-07-29 21:24 472 --sha-r C:\WINDOWS\Li4uLi4u\M2bRM2bR.vbs
.
<pre>
----a-w		   816,640 2008-01-13 18:37:25  C:\hp\tmp\src\psptr\enu\HPHmon05 .exe
----a-w		   816,640 2008-01-15 21:37:21  C:\hp\tmp\src\psptr\enu\HPHMON~1 .EXE
----a-w		   483,328 2008-01-14 05:20:18  C:\hp\tmp\src\psptr\enu\HPHMON~2 .EXE
----a-w		   335,872 2007-12-27 16:12:43  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w			81,920 2007-12-28 19:17:35  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w		   221,184 2007-12-27 16:12:57  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w		   180,269 2007-12-28 19:17:43  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w			65,536 2007-12-27 16:12:59  C:\Program Files\Common Files\Roxio Shared\System\EngUtil .exe
----a-w		   110,592 2007-12-27 16:12:46  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w			50,880 2007-12-29 05:25:18  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w			34,504 2007-12-27 16:13:12  C:\Program Files\Common Files\Symantec Shared\ccRegVfy .exe
----a-w			68,856 2007-12-29 05:25:21  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w			49,152 2007-12-28 19:17:41  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
----a-w			49,152 2007-12-27 16:12:54  C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05 .exe
----a-w		   200,766 2007-12-27 16:12:46  C:\Program Files\HPQ\Default Settings\cpqset .exe
----a-w		   147,456 2007-12-28 19:17:47  C:\Program Files\Iomega\AutoDisk\ADUserMon .exe
----a-w		18,968,576 2008-01-10 16:05:15  C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem		.exe
----a-w		18,968,576 2008-01-10 21:08:41  C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem	   .exe
----a-w		18,968,576 2008-01-10 21:09:54  C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem	  .exe
----a-w		18,968,576 2008-01-10 21:11:18  C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem	 .exe
----a-w		18,968,576 2008-01-10 21:12:37  C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem	.exe
------w		18,968,576 2008-01-10 21:13:38  C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem  .exe
----a-w		18,968,576 2008-01-10 21:14:45  C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem .exe
----a-w			57,344 2007-12-28 19:17:45  C:\Program Files\Iomega\REV System Software\imiconxp .exe
----a-w		   267,048 2007-12-29 05:25:19  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			36,975 2007-12-28 19:17:33  C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
----a-w			11,776 2007-12-27 16:13:01  C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot .exe
----a-w		   286,720 2007-12-27 18:05:21  C:\Program Files\QuickTime\QTTask   .exe
----a-w		   286,720 2007-12-26 18:38:58  C:\Program Files\QuickTime\QTTask  .exe
----a-w		   286,720 2007-12-26 18:38:59  C:\Program Files\QuickTime\QTTask .exe
----a-w		   868,352 2007-12-28 19:17:40  C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc .exe
----a-w		   843,776 2007-12-28 19:17:48  C:\Program Files\SkypeUSBPhoneDriver\Skype@phone .exe
----a-w		   729,177 2007-12-28 19:17:25  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w			82,009 2007-12-28 19:17:22  C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w			15,360 2008-01-14 06:39:05  C:\WINDOWS\system32\ctfmon .exe
----a-w		   483,328 2007-12-28 19:17:36  C:\WINDOWS\system32\hphmon05 .exe
----a-w		   155,648 2007-12-27 16:13:02  C:\WINDOWS\system32\NeroCheck .exe
----a-w			14,336 2008-01-15 21:45:21  C:\WINDOWS\system32\svchost .exe
----a-w		   122,939 2007-12-28 19:17:31  C:\WINDOWS\system32\dla\tfswctrl .exe
-c--a-w		   455,168 2008-01-14 05:20:18  C:\WINDOWS\system32\dllcache\tintsetp .exe
----a-w		   455,168 2008-01-10 16:26:42  C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{231204d1-f21c-41bd-9983-9d5ac0442e42}]
C:\WINDOWS\system32\disjxcsj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-15 16:37 343552]
"Iomega Automatic Backup Pro"="C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem .exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\dllcache\tintsetp.exe" [2008-01-15 16:37 783872]
"PHIME2002A"="C:\WINDOWS\system32\dllcache\tintsetp.exe" [2008-01-15 16:37 783872]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-03 11:16 88267 C:\WINDOWS\AGRSMMSG.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-02 03:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"HPHmon05"="C:\hp\tmp\src\psptr\enu\HPHMON~2.EXE" [2008-01-15 16:37 816640]
"24e67d6e"="C:\WINDOWS\system32\ksqbhoog.dll" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjkjk]
ljjjkjk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau C:\\WINDOWS\\system32\\jkhgf

.
Contents of the 'Scheduled Tasks' folder
"2007-12-19 15:02:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-27 16:17:03 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
"2007-10-30 01:55:03 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 16:47:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Iomega Automatic Backup Pro = "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem .exe" -s??????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-15 16:50:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-15 21:50:10
.
2008-01-10 23:52:27 --- E O F ---






hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:53, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
F:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {24e2440c-a5d9-3899-db14-c12f1d402132} - {231204d1-f21c-41bd-9983-9d5ac0442e42} - C:\WINDOWS\system32\disjxcsj.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\dllcache\tintsetp.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\dllcache\tintsetp.exe /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HPHmon05] C:\hp\tmp\src\psptr\enu\HPHMON~2.EXE
O4 - HKLM\..\Run: [24e67d6e] rundll32.exe "C:\WINDOWS\system32\ksqbhoog.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem .exe" -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1659004503-842925246-854245398-1003\..\Run: [RecordNow!] (User '?')
O4 - HKUS\S-1-5-21-1659004503-842925246-854245398-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1659004503-842925246-854245398-1003\..\Run: [Iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem .exe" -s (User '?')
O4 - HKUS\S-1-5-21-1659004503-842925246-854245398-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://optionsxpressevents.webex.com/clien...bex/ieatgpc.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: ljjjkjk - ljjjkjk.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: RevUDFService - Iomega Corp - C:\Program Files\Iomega\REV System Software\RevUDF.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 9088 bytes

BC AdBot (Login to Remove)

 


#2 bmxman4130

bmxman4130
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 15 January 2008 - 11:58 AM

Hi Again,

I do realize Hijackthis file is in wrong location (on SD card) and not in its own folder. I cannot copy/paste, click drag and no internet connection. Any other way to get this off the SD card and into its own folder? I have been running in safe mode, but same applies up top when regular. thanks again

#3 bmxman4130

bmxman4130
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 17 January 2008 - 01:00 PM

HI Again,

Its taken my Norton Antivirus Down Too, and when I try to reinstall, windows installer is gone. I am willing to donate if someone can help me with this. Thanks again

#4 bmxman4130

bmxman4130
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 19 January 2008 - 05:12 PM

Anyone????????

#5 bmxman4130

bmxman4130
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 21 January 2008 - 12:07 PM

hello?

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,536 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:54 AM

Posted 29 January 2008 - 04:43 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Also make sure you have already followed the steps outlined below:

Preparation Guide For Use Before Posting A Hijackthis Log

Thank you for your patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users