Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo


  • This topic is locked This topic is locked
4 replies to this topic

#1 tucsonguy

tucsonguy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 19 June 2008 - 12:12 AM

I've removed a few spyware and virus infections in my time, but this one has me beat. Tried a few vundo fix tools, hijack this, spybot, and avast - still have popups, avast reporting vundo infected .dll's in system32, and I can't do any windows updates (can't even turn on automatic updates).

Thanks in advance...

Deckard's System Scanner v20071014.68
Run by Amy on 2008-06-18 22:03:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
49: 2008-06-19 05:03:57 UTC - RP1964 - Deckard's System Scanner Restore Point
48: 2008-06-19 05:01:06 UTC - RP1963 - Installed Java™ 6 Update 6
47: 2008-06-19 04:04:07 UTC - RP1962 - Installed Windows Defender
46: 2008-06-18 17:58:58 UTC - RP1961 - Configured ELNKInst
45: 2008-06-18 06:00:54 UTC - RP1960 - Configured OpenMG Secure Module


-- First Restore Point --
1: 2008-05-06 14:11:21 UTC - RP1916 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as Amy.exe) -------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-18 22:07:03
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\hphmon06.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\cisvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\EZBackitup\EZBkuptray.exe
C:\WINDOWS\SYSTEM32\devldr32.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\ufdsvc.exe
C:\WINDOWS\SYSTEM32\UTSCSI.EXE
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
C:\WINDOWS\SYSTEM32\msiexec.exe
C:\Documents and Settings\Amy\Desktop\spyware tools\deckards system scanner\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
O2 - BHO: (no name) - {6A150FB0-DE64-4BEB-B740-A30EBD5D9470} - C:\WINDOWS\system32\ljJCuTjH.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {81D6B956-A4D8-4377-8637-8DEC565B37DD} - C:\WINDOWS\SYSTEM32\efcDUMgD.dll
O2 - BHO: (no name) - {C4501C0D-58A8-4A89-8679-5949CA11126C} - C:\WINDOWS\system32\khfEXpqo.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [a0eb7b13] rundll32.exe "C:\WINDOWS\system32\djbnvpup.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BMa3d8488f] Rundll32.exe "C:\WINDOWS\system32\cgejcnej.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EZBack-it-up Tray Scheduler] C:\Program Files\EZBackitup\EZBkuptray.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O15 - Trusted Zone: http://download.microsoft.com (HKCU)
O15 - Trusted Zone: http://update.microsoft.com (HKCU)
O15 - Trusted Zone: https://update.microsoft.com (HKCU)
O15 - Trusted Zone: http://windowsupdate.microsoft.com (HKCU)
O15 - Trusted Zone: http://update.microsoft.com (HKCU)
O15 - Trusted Zone: https://update.microsoft.com (HKCU)
O15 - Trusted Zone: http://windowsupdate.com (HKCU)
O15 - Trusted Zone: http://windowsupdate.microsoft.com (HKCU)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b...heckControl.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://share.adoramapix.com/components/aur...geUploader4.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/snailmail...gwebinstall.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.28.9/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfr...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/insaniqua...ploader_v10.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\ramaint.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\SYSTEM32\ufdsvc.exe
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\SYSTEM32\UTSCSI.EXE


--
End of file - 8703 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Amy\Desktop\SPYWAR~1\NEWFOL~1\backups\) --------------------------------------------------------------------------------

backup-20070609-124603-122 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
backup-20070609-124603-164 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
backup-20070609-124603-321 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
backup-20070609-124603-365 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
backup-20070609-124603-372 O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
backup-20070609-124603-440 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
backup-20070609-124603-543 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
backup-20070609-124603-618 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20070609-124603-625 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
backup-20070609-124603-632 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
backup-20070609-124603-707 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
backup-20070609-124603-792 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
backup-20070609-124603-831 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
backup-20070609-124603-885 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
backup-20070609-124603-927 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
backup-20070609-124604-103 O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
backup-20070609-124604-149 O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
backup-20070609-124604-175 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
backup-20070609-124604-221 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
backup-20070609-124604-270 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
backup-20070609-124604-364 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
backup-20070609-124604-480 O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
backup-20070609-124604-498 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20070609-124604-580 O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
backup-20070609-124604-587 O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
backup-20070609-124604-635 O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
backup-20070609-124604-781 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
backup-20070609-124605-403 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
backup-20070609-124605-749 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
backup-20070609-124606-831 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070609-124607-118 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070609-124608-161 O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe
backup-20070609-124608-508 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
backup-20070609-124608-551 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20070609-124608-638 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20070609-124608-698 O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
backup-20070609-124608-728 O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
backup-20080617-222316-274 O4 - HKLM\..\Run: [a0eb7b13] rundll32.exe "C:\WINDOWS\system32\nggpyfjc.dll",b
backup-20080617-222316-377 O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
backup-20080617-222316-598 O4 - HKLM\..\Run: [BMa3d8488f] Rundll32.exe "C:\WINDOWS\system32\cgejcnej.dll",s
backup-20080617-222317-875 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
backup-20080617-222318-362 O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
backup-20080617-222318-688 O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe
backup-20080617-222318-887 O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
backup-20080618-074750-265 O2 - BHO: {4cd78e0e-ab0b-908a-a314-b3ec2f687edd} - {dde786f2-ce3b-413a-a809-b0bae0e87dc4} - C:\WINDOWS\system32\troakgou.dll
backup-20080618-074750-284 O4 - HKLM\..\Run: [BMa3d8488f] Rundll32.exe "C:\WINDOWS\system32\cgejcnej.dll",s
backup-20080618-074750-485 O2 - BHO: (no name) - {6A150FB0-DE64-4BEB-B740-A30EBD5D9470} - C:\WINDOWS\system32\ljJCuTjH.dll (file missing)
backup-20080618-074750-565 O2 - BHO: (no name) - {45D06DD4-7B73-4CE0-BF56-B3B2142E93FA} - C:\WINDOWS\system32\byXqOIay.dll
backup-20080618-074750-973 O20 - Winlogon Notify: byXqOIay - C:\WINDOWS\SYSTEM32\byXqOIay.dll
backup-20080618-074754-322 O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems; SoftK56>
R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys <Not Verified; Conexant Systems; SoftK56>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems; SoftK56>

S3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
S3 bkn50USB (Belkin 54Mbps Wireless USB Network Adapter) - c:\windows\system32\drivers\rt2500usb.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 catchme - c:\docume~1\amy\locals~1\temp\catchme.sys (file missing)
S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 mr7910 (Photo Viewer) - c:\windows\system32\drivers\mr7910.sys <Not Verified; Mars Semiconductor Corp.; USB Dual-Mode Camera>
S3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 ZD1211U(Hawking Technologies) (Hawking Technologies HWU54D Hi-Gain Wireless-G USB Adapter(Hawking Technologies)) - c:\windows\system32\drivers\zd1211u.sys <Not Verified; ZyDAS Technology Corporation; ZD1211 802.11b+g USB LAN Adapter>
S3 ZDPNDIS5 (ZDPNDIS5 NDIS Protocol Driver) - c:\windows\system32\zdpndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 UFDSVC (UFD Command Service) - c:\windows\system32\ufdsvc.exe <Not Verified; Generic; Generic UFDSVC>
R2 UTSCSI (USBest Service Zero) - c:\windows\system32\utscsi.exe <Not Verified; USBest; UTSCSI Application>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-18 21:29:33 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-18 07:22:01 312 --a------ C:\WINDOWS\Tasks\HP Usg Daily FY04.job
2008-06-17 23:09:01 254 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job


-- Files created between 2008-05-18 and 2008-06-18 -----------------------------

2008-06-18 22:01:15 0 d-------- C:\Program Files\Common Files\Java
2008-06-18 21:08:00 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-18 21:04:14 0 d-------- C:\Program Files\Windows Defender
2008-06-18 16:18:09 0 d-------- C:\VundoFix Backups
2008-06-18 10:58:29 93568 --a------ C:\WINDOWS\system32\djbnvpup.dll
2008-06-18 10:57:40 238125 --ahs---- C:\WINDOWS\system32\DgMUDcfe.ini2
2008-06-18 10:57:34 322432 --a------ C:\WINDOWS\system32\efcDUMgD.dll
2008-06-18 10:41:49 93568 --a------ C:\WINDOWS\system32\ummodwxk.dll
2008-06-18 08:32:40 235936 --ahs---- C:\WINDOWS\system32\oqpXEfhk.ini2
2008-06-18 07:34:10 0 dr-h----- C:\Documents and Settings\Amy\Recent
2008-06-17 22:27:58 0 d-------- C:\WINDOWS\ERUNT
2008-06-17 22:04:59 0 d-------- C:\Program Files\CCleaner
2008-06-17 21:51:16 2484 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-17 21:46:38 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-17 21:46:38 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-17 21:46:38 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-17 21:46:38 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-17 21:46:38 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-17 21:46:38 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-17 21:46:38 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-17 21:46:37 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-17 21:46:02 110336 --a------ C:\WINDOWS\system32\troakgou.dll
2008-06-17 21:45:56 95360 --a------ C:\WINDOWS\system32\cgejcnej.dll
2008-06-17 07:59:10 684414 --ahs---- C:\WINDOWS\system32\HjTuCJjl.ini2
2008-06-16 14:38:22 81920 --a------ C:\WINDOWS\neltabxw.exe
2008-06-16 14:38:22 94208 --a------ C:\WINDOWS\evsm.exe


-- Find3M Report ---------------------------------------------------------------

2008-06-18 22:02:36 0 d-------- C:\Program Files\Java
2008-06-18 22:01:15 0 d-a------ C:\Program Files\Common Files
2008-06-17 23:06:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-17 23:03:33 0 d-------- C:\Program Files\Button Builder
2008-06-17 23:00:04 0 d-------- C:\Program Files\Google
2008-05-17 14:45:03 0 d-------- C:\Documents and Settings\Amy\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A150FB0-DE64-4BEB-B740-A30EBD5D9470}]
C:\WINDOWS\system32\ljJCuTjH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81D6B956-A4D8-4377-8637-8DEC565B37DD}]
06/18/2008 10:57 322432 --a------ C:\WINDOWS\system32\efcDUMgD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4501C0D-58A8-4A89-8679-5949CA11126C}]
C:\WINDOWS\system32\khfEXpqo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/19/2005 08:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/19/2005 08:59]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 16:19]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [04/06/2004 03:28]
"HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/06/2004 21:53]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/12/2004 13:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 15:18]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [06/06/2004 21:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/26/2004 19:40]
"a0eb7b13"="C:\WINDOWS\system32\djbnvpup.dll" [06/18/2008 10:58]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 19:20]
"BMa3d8488f"="C:\WINDOWS\system32\cgejcnej.dll" [06/17/2008 21:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 00:56]
"EZBack-it-up Tray Scheduler"="C:\Program Files\EZBackitup\EZBkuptray.exe" [06/03/2004 17:30]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [09/05/2006 05:18]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/30/2006 21:49]

C:\Documents and Settings\Amy\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 12:36:04 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cloudmark Desktop for Outlook Express.lnk - C:\WINDOWS\Installer\{8DDB8BDA-B063-4856-A6B3-6B561CC58B61}\SC_1.ico [10/28/2007 2:00:25 PM]
DESKTOP.INI [9/3/2002 12:36:04 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\efcDUMgD

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"C:\Program Files\LogMeIn\LogMeInSystray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\PROGRA~1\DELLMO~1\moh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe




-- End of Deckard's System Scanner: finished at 2008-06-18 22:08:18 ------------

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:12 AM

Posted 19 June 2008 - 09:17 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 tucsonguy

tucsonguy
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 19 June 2008 - 10:13 AM

Sam, I think I may be cured. I'll post more along with a log later today.

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:12 AM

Posted 19 June 2008 - 12:47 PM

Sounds good. I'll be here. :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:12 AM

Posted 03 July 2008 - 05:42 PM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users