Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • Please log in to reply
24 replies to this topic

#1 akajonny

akajonny

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 07 September 2006 - 05:55 PM

hello all,

I'm looking for a hand to get rid of the worm or worms on the very slow machine.
Any help on how to kill winlogon.exe and others that are not needed would be a big help.


Thanks, Jonny


Logfile of HijackThis v1.99.1
Scan saved at 1:09:23 PM, on 9/7/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RawExecAction Object - {18898424-E3AB-4BA9-8E8D-5434B1CECA75} - C:\WINNT\System32\mllmm.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {ADCD30FF-0119-4906-8A8B-D52D1EED044B} - C:\WINNT\system32\jkkji.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Onlune Sarvice] C:\WINNT\sachost.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130452269\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinFX_cwr] C:\Program Files\Common Files\Win Fixer 2006\wfcookwr.exe
O4 - HKLM\..\Run: [CompanionWizard] "C:\Program Files\Common Files\Companion Wizard\compwiz.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Win_Fixer_2006] C:\Program Files\Win Fixer 2006\WinFX6.exe /min
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.microsoft.com/activex/contr...media/Swdir.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143239904375
O20 - Winlogon Notify: jkkji - C:\WINNT\SYSTEM32\jkkji.dll
O20 - Winlogon Notify: mllmm - C:\WINNT\System32\mllmm.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\WINNT\.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 YounGun

YounGun

    The malware-fighting kid


  • Members
  • 244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania, Bucharest
  • Local time:12:46 PM

Posted 07 September 2006 - 06:15 PM

Heya and welcome :thumbsup:

Please download
VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files,
    click YES
  • Once you click yes, your desktop will go blank as it starts removing
    Vundo.
  • When completed, it will prompt that it will shutdown your computer,
    click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new
    HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not
remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

#3 akajonny

akajonny
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 08 September 2006 - 11:48 AM

Thanks for taking the time to give me a hand. I had already run vundofix and the 1st time it ran it said it had found and removed something. I just ran it again and it does not find anything. I also have run spybot, NAV and VirtumundoBeGone v1.5.
ps. This was all prior to this log

#4 YounGun

YounGun

    The malware-fighting kid


  • Members
  • 244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania, Bucharest
  • Local time:12:46 PM

Posted 08 September 2006 - 12:15 PM

Please download Process Explorer by Systernals from HERE

Download the Hoster from: http://www.funkytoad.com/download/hoster.zip

Also download KillBox by Option^Explicit from HERE


Then boot up in SAFE MODE

the rest of this fix must be done in safe mode.


Unzip Process Explorer and double click on procexp.exe

In the top section of the Process Explorer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.

Once you see this screen click on each instance of jkkji.dll once and then click the kill button.

After you have killed all of the jkkji.dll's under winlogon click OK.

also look for any .ini or bak files or other dll's with either the same name or the file name in reverse & kill them as well

Next double click on explorer.exe and again click once on each instance of jkkji.dll then click the kill button.

also look for any .ini or bak files or reverse named dll's with either the same name or the file name in reverse & kill them as well. See above for examples

Repeat the above process also for the file: mllmm.dll

Click on the Threads tab at the top.

Once you have done that click OK again.

Next run HijackThis and place a check beside each of the following.



O2 - BHO: RawExecAction Object - {18898424-E3AB-4BA9-8E8D-5434B1CECA75} - C:\WINNT\System32\mllmm.dll
O2 - BHO: (no name) - {ADCD30FF-0119-4906-8A8B-D52D1EED044B} - C:\WINNT\system32\jkkji.dll
O4 - HKLM\..\Run: [Onlune Sarvice] C:\WINNT\sachost.exe
O4 - HKLM\..\Run: [WinFX_cwr] C:\Program Files\Common Files\Win Fixer 2006\wfcookwr.exe
O4 - HKCU\..\Run: [Win_Fixer_2006] C:\Program Files\Win Fixer 2006\WinFX6.exe /min
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O20 - Winlogon Notify: jkkji - C:\WINNT\SYSTEM32\jkkji.dll
O20 - Winlogon Notify: mllmm - C:\WINNT\System32\mllmm.dll


Now click fix checked and close HijackThis.

Please copy the text in BOLD below, and paste it into a blank notepad window.
Save it as vundo.reg and in the save as type box choose all files.

Once you have saved it double click it and allow it to merge with the registry.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADCD30FF-0119-4906-8A8B-D52D1EED044B}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18898424-E3AB-4BA9-8E8D-5434B1CECA75}]

[-HKEY_CLASSES_ROOT\CLSID\{18898424-E3AB-4BA9-8E8D-5434B1CECA75}]

[-HKEY_CLASSES_ROOT\CLSID\{ADCD30FF-0119-4906-8A8B-D52D1EED044B}]

[-HKEY_CLASSES_ROOT\CLSID\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}]

[-HKEY_CLASSES_ROOT\MSEvents.MSEvents]

[-HKEY_CLASSES_ROOT\MSEvents.MSEvents.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEvents]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEvents.1]


now run killbox and paste The FIRST ONE of the below file paths into the box, select delete on reboot then press the red X button,say yes to the prompt but no to reboot now

then continue to paste the lines in in turn and follow the above procedure every time, If it says file is missing, or if it says unable to delete then make a note of the file name and let us know when you reply

C:\WINNT\System32\mllmm.dll
C:\WINNT\system32\jkkji.dll
C:\WINNT\sachost.exe
C:\Program Files\Common Files\Win Fixer 2006\wfcookwr.exe
C:\Program Files\Win Fixer 2006\WinFX6.exe


then repeat by typing in the full name of of any of the reverse named .bak or .ini or other files that you discovered in step 1 if there were any.

Now go to your downloaded Hoster
1. Extract the zip file to your desktop or a permanent folder on your hard drive.
2. Open the folder and double-click on the Hoster.exe
3. Press "Restore Original Hosts"
4. Press "OK" and exit the program

REBOOT

After your computer has rebooted please run Hijackthis again and post a new HijackThis log.

Edited by YounGun, 08 September 2006 - 12:17 PM.


#5 akajonny

akajonny
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 08 September 2006 - 01:25 PM

Thanks Again Youngun,

Did everything as you explained and no problems doing any of it.

Here is the log

Thanks, Akajonny

Logfile of HijackThis v1.99.1
Scan saved at 12:24:29 PM, on 9/8/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1130452269\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
C:\program files\common files\aol\1130452269\ee\services\antiSpywareApp\ver2_0_27_1\AOLSP Scheduler.exe
C:\WINNT\system32\mrtMngr.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Common Files\Companion Wizard\compwiz.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
c:\program files\common files\aol\1130452269\ee\aolsoftware.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\HPOSTS07.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Documents and Settings\Wendy VanDenBosch\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: RawExecAction Object - {18898424-E3AB-4BA9-8E8D-5434B1CECA75} - C:\WINNT\System32\mllmm.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130452269\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CompanionWizard] "C:\Program Files\Common Files\Companion Wizard\compwiz.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.microsoft.com/activex/contr...media/Swdir.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143239904375
O20 - AppInit_DLLs: interceptor.dll,nvdesk32.dll
O20 - Winlogon Notify: mllmm - C:\WINNT\System32\mllmm.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\WINNT\.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

#6 YounGun

YounGun

    The malware-fighting kid


  • Members
  • 244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania, Bucharest
  • Local time:12:46 PM

Posted 08 September 2006 - 01:47 PM

Please disable this service: "Firewall service"
1. Click on Start > Run and type: "Services.msc" [without the quotes]
2. Press Ok.
3. Scroll down the list and find the service called "Firewall service"
4. When you find the service, double-click on it.
5. In the next window that opens, click the Stop button
6. Click on properties and under the General Tab, change the Startup Type to Disabled.
7. Now hit Apply, then Ok and close any open windows.

Step 1: Download and install Ewido Anti-Spyware v4.0
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\ewido anti-spyware 4.0, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on ewdio in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find ewido anti-spyware 4.0 guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
9. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here. Exit Ewido when done - DO NOT perform a scan yet.

Step 2: Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Step 3: Scan with Ewido as follows:
1. Launch Ewido, click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?" check all (default).
  • Under "Possibly unwanted software" check all (default).
  • Under "What to Scan?" make sure "Scan every file" is selected (default).
  • Under "Reports" select "Automatically generate report after every scan and UNcheck "Only if threats were found".
2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\ewido anti-spyware 4.0\Reports\
6. Exit Ewido when done and submit the log report in your next response.

[color=green]Note: Close all open windows, programs, and DO NOT USE the computer while Ewido is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper Ewido's ability to clean properly and may result in reinfection.

Note: If Ewido "crashes" or "hangs" during the scan, try scanning again by doing this:
1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.

2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.

Edited by YounGun, 08 September 2006 - 01:53 PM.


#7 akajonny

akajonny
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 08 September 2006 - 01:57 PM

The log is changed O20 - Winlogon Notify: jkkji - C:\WINNT\SYSTEM32\jkkji.dll is gone and all these are gone O4 - HKLM\..\Run: [Onlune Sarvice] C:\WINNT\sachost.exe
O4 - HKLM\..\Run: [WinFX_cwr] C:\Program Files\Common Files\Win Fixer 2006\wfcookwr.exe
O4 - HKCU\..\Run: [Win_Fixer_2006] C:\Program Files\Win Fixer 2006\WinFX6.exe /minO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -


and yes to being able to delete all the files you lised

thanks, akajonny

#8 akajonny

akajonny
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 08 September 2006 - 04:51 PM

Ok that was painful, almost a 3hr scan :thumbsup:



here are the results:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:50:34 PM 9/8/2006

+ Scan result:



HKLM\SOFTWARE\Microsoft\Mserv -> Adware.Daemonize : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\jkkji.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\WinAntiVirus Pro 2006\Quarantine\wendy vandenbosch@2o7[2].txtiqrssxct -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\WinAntiVirus Pro 2006\Quarantine\wendy vandenbosch@z1.adserver[1].txteavxwjrr -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\WinAntiVirus Pro 2006\Quarantine\wendy vandenbosch@advertising[1].txtgnxarjyr -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@atdmt[4].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@atdmt[5].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@www.bluemountain[2].txt -> TrackingCookie.Bluemountain : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@www.brilliantdigital[1].txt -> TrackingCookie.Brilliantdigital : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@www.brilliantdigital[2].txt -> TrackingCookie.Brilliantdigital : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\WinAntiVirus Pro 2006\Quarantine\wendy vandenbosch@burstnet[2].txtovoildso -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\WinAntiVirus Pro 2006\Quarantine\wendy vandenbosch@casalemedia[2].txtinofpswz -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\WinAntiVirus Pro 2006\Quarantine\wendy vandenbosch@com[1].txtfrahiohu -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@www.commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@www.commission-junction[3].txt -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@soundtrack.com.16871.fb.dbbsrv[2].txt -> TrackingCookie.Dbbsrv : Cleaned with backup (quarantined).
C:\WinAntiVirus Pro 2006\Quarantine\wendy vandenbosch@doubleclick[1].txtpjozbwdg -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4socpebpwudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@fastclick[4].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\WinAntiVirus Pro 2006\Quarantine\wendy vandenbosch@fastclick[2].txtinofpswz -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-attenza.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-bestbuy.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-celebrate.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-celebrate.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-dig.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-dig.hitbox[4].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-dig.hitbox[5].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-dig.hitbox[7].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-directv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-directv.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-info.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-learningco.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-linksys.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-philipsvheusen.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-reunion.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-sonyelec.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-sonyny.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-space.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-sportsline.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-sportsline.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-theviptour.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg-timeinc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@hg1.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@phg.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\WinAntiVirus Pro 2006\Quarantine\wendy vandenbosch@hitbox[2].txtiucsjtee -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@counter.hitslink[3].txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@adserv.internetfuel[1].txt -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@adserv.internetfuel[2].txt -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@nitrous.internetfuel[1].txt -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@linksynergy[3].txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@linksynergy[4].txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@server.iad.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@server.iad.liveperson[4].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@server.iad.liveperson[5].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@server.iad.liveperson[6].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@sterling.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\WinAntiVirus Pro 2006\Quarantine\wendy vandenbosch@mediaplex[1].txtngmhiqyw -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@stat.onestat[3].txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@overture[3].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ads.pointroll[3].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ads.pointroll[4].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@pro-market[3].txt -> TrackingCookie.Pro-market : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@qksrv[3].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@www.qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@www.qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\WinAntiVirus Pro 2006\Quarantine\wendy vandenbosch@questionmarket[2].txtvsvcypzv -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@cruises.res99[2].txt -> TrackingCookie.Res99 : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@edge.ru4[3].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@edge.ru4[4].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@edge.ru4[5].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\WinAntiVirus Pro 2006\Quarantine\wendy vandenbosch@bs.serving-sys[1].txtczjcsejn -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\WinAntiVirus Pro 2006\Quarantine\wendy vandenbosch@serving-sys[2].txtqfesszcv -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@adopt.specificclick[3].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ads.specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ads.specificpop[2].txt -> TrackingCookie.Specificpop : Cleaned with backup (quarantined).
C:\WinAntiVirus Pro 2006\Quarantine\wendy vandenbosch@trafficmp[1].txtlhipqgaj -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\WinAntiVirus Pro 2006\Quarantine\wendy vandenbosch@tribalfusion[2].txtgvpqxwwb -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@valueclick[3].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@statse.webtrendslive[3].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Wendy VanDenBosch\Cookies\wendy vandenbosch@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\WinAntiVirus Pro 2006\Quarantine\wendy vandenbosch@zedo[2].txtjbdsmoxx -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\VundoFix Backups\DP.sys -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\dbxymiff.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\dwlxdemn.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\mxpapmmq.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\ompmrfxv.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\rfdpfdsa.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\wvlwcorl.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\yjoocogx.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.1\UWFX6_0001_N69M1503NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
[156] C:\WINNT\System32\mllmm.dll -> Trojan.Virtumod : Cleaned with backup (quarantined).
[612] C:\WINNT\System32\mllmm.dll -> Trojan.Virtumod : Cleaned with backup (quarantined).


::Report end

#9 akajonny

akajonny
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 08 September 2006 - 05:53 PM

And here is the hijackthis report after doing the scan

Logfile of HijackThis v1.99.1
Scan saved at 4:54:32 PM, on 9/8/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\explorer.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Documents and Settings\Wendy VanDenBosch\Desktop\New Folder\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\ctfmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: RawExecAction Object - {18898424-E3AB-4BA9-8E8D-5434B1CECA75} - C:\WINNT\System32\mllmm.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130452269\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CompanionWizard] "C:\Program Files\Common Files\Companion Wizard\compwiz.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.microsoft.com/activex/contr...media/Swdir.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143239904375
O20 - AppInit_DLLs: interceptor.dll,nvdesk32.dll
O20 - Winlogon Notify: mllmm - C:\WINNT\System32\mllmm.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

.90
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.microsoft.com/activex/contr...media/Swdir.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143239904375
O20 - AppInit_DLLs: interceptor.dll,nvdesk32.dll
O20 - Winlogon Notify: mllmm - C:\WINNT\System32\mllmm.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\WINNT\.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

#10 YounGun

YounGun

    The malware-fighting kid


  • Members
  • 244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania, Bucharest
  • Local time:12:46 PM

Posted 08 September 2006 - 06:18 PM

Did you disable the Firewall Service I told you about? Do the following :

Start > run > type in cmd > in the prompt that opens type sc stop FWSvc > Enter > then sc delete FWSvc

Let's run vundofix again please, post the scan log also.

Download DelDomains.inf from: http://www.mvps.org/winhelp2002/DelDomains.inf
1. Save it to your desktop.
2. Right-click DelDomains.inf and select: Install (no need to restart)
3. You may not see any noticeable changes or prompts; this is normal.

Note: this will remove all entries in the Trusted Zone and Restricted Zone, and entries you had will need to be entered again. You will have to reimmunize with SpywareBlaster, and/or Spybot after doing this, and reinstall IESpyads (if you use any of these programs).

Open hijackthis and check these lines if still present:


O2 - BHO: RawExecAction Object - {18898424-E3AB-4BA9-8E8D-5434B1CECA75} - C:\WINNT\System32\mllmm.dll
O20 - Winlogon Notify: mllmm - C:\WINNT\System32\mllmm.dll


Press Fix checked

Reboot

Post a new hijackthis log and the log from vundofix.

#11 akajonny

akajonny
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 11 September 2006 - 09:36 AM

Ok I did try to stop the firewall the first time but, it was already stopped. I then tried doing as you just said and it could not find the program. I ran vundofix again and it said nothing was found. I also installed the DEl program and ran another hijack this log. I did not remove anything from the log..

Thanks, Aka jonnyPlatform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Wendy VanDenBosch\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: RawExecAction Object - {18898424-E3AB-4BA9-8E8D-5434B1CECA75} - C:\WINNT\System32\mllmm.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130452269\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CompanionWizard] "C:\Program Files\Common Files\Companion Wizard\compwiz.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.microsoft.com/activex/contr...media/Swdir.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143239904375
O20 - AppInit_DLLs: interceptor.dll,nvdesk32.dll
O20 - Winlogon Notify: mllmm - C:\WINNT\System32\mllmm.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

#12 akajonny

akajonny
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 11 September 2006 - 09:51 AM

I did try to remove 02 and 20 as you said but, they come back on the next scan. Don't know if this is related but it takes close to 10 min for a complete boot and when it is done a error pops up ( The App or DLL C:\WINNT\system32\MSVCP70.dll is not a valid windows image) Winantivirus pro 06 also is tring to get to the internet, but its not on the internet now.


Thanks, Akajonny

Edited by akajonny, 11 September 2006 - 12:15 PM.


#13 YounGun

YounGun

    The malware-fighting kid


  • Members
  • 244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania, Bucharest
  • Local time:12:46 PM

Posted 11 September 2006 - 12:45 PM

Download VirtumundoBeGone.exe from: http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
1. Save it to your Desktop.
2. Locate and double-click VirtumundoBeGone.exe to run it.
3. Follow the instructions.
4. When the tool has finished running, exit and post the log that is produced.
5. Reboot your PC and post a fresh HJT log AND a description of how your PC is running.

#14 akajonny

akajonny
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 11 September 2006 - 02:09 PM

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:02:54 PM, on 9/11/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Documents and Settings\Wendy VanDenBosch\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: RawExecAction Object - {18898424-E3AB-4BA9-8E8D-5434B1CECA75} - C:\WINNT\System32\mllmm.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130452269\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CompanionWizard] "C:\Program Files\Common Files\Companion Wizard\compwiz.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.microsoft.com/activex/contr...media/Swdir.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143239904375
O20 - AppInit_DLLs: interceptor.dll,nvdesk32.dll
O20 - Winlogon Notify: mllmm - C:\WINNT\System32\mllmm.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

VBG log:

[09/11/2006, 12:55:42] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Wendy VanDenBosch\Desktop\New Folder\VirtumundoBeGone.exe" )
[09/11/2006, 12:55:45] - Detected System Information:
[09/11/2006, 12:55:45] - Windows Version: 5.0.2195, Service Pack 4
[09/11/2006, 12:55:45] - Current Username: Wendy VanDenBosch (Admin)
[09/11/2006, 12:55:45] - Windows is in SAFE mode with Networking.
[09/11/2006, 12:55:45] - Searching for Browser Helper Objects:
[09/11/2006, 12:55:45] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/11/2006, 12:55:45] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[09/11/2006, 12:55:45] - BHO 3: {18898424-E3AB-4BA9-8E8D-5434B1CECA75} (RawExecAction Object)
[09/11/2006, 12:55:45] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/11/2006, 12:55:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/11/2006, 12:55:45] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/11/2006, 12:55:45] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/11/2006, 12:55:45] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/11/2006, 12:55:45] - BHO 6: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[09/11/2006, 12:55:45] - BHO 7: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[09/11/2006, 12:55:45] - Finished Searching Browser Helper Objects
[09/11/2006, 12:55:45] - Finishing up...
[09/11/2006, 12:55:45] - Nothing found! Exiting...

[09/11/2006, 13:11:06] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Wendy VanDenBosch\Desktop\New Folder\VirtumundoBeGone.exe" )
[09/11/2006, 13:11:09] - Detected System Information:
[09/11/2006, 13:11:09] - Windows Version: 5.0.2195, Service Pack 4
[09/11/2006, 13:11:09] - Current Username: Wendy VanDenBosch (Admin)
[09/11/2006, 13:11:09] - Windows is in SAFE mode with Networking.
[09/11/2006, 13:11:09] - Searching for Browser Helper Objects:
[09/11/2006, 13:11:09] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/11/2006, 13:11:09] - BHO 2: {0A87E45F-537A-40B4-B812-E2544C21A09F} (SpywareBlock Class)
[09/11/2006, 13:11:09] - BHO 3: {18898424-E3AB-4BA9-8E8D-5434B1CECA75} (RawExecAction Object)
[09/11/2006, 13:11:09] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/11/2006, 13:11:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/11/2006, 13:11:09] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/11/2006, 13:11:09] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/11/2006, 13:11:09] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/11/2006, 13:11:09] - BHO 6: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[09/11/2006, 13:11:09] - BHO 7: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[09/11/2006, 13:11:09] - Finished Searching Browser Helper Objects
[09/11/2006, 13:11:09] - Finishing up...
[09/11/2006, 13:11:09] - Nothing found! Exiting...


still very slow on boot and locks up


thanks, Akajonny

#15 YounGun

YounGun

    The malware-fighting kid


  • Members
  • 244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania, Bucharest
  • Local time:12:46 PM

Posted 11 September 2006 - 04:25 PM

Hmm You have another virus that is reinfecting you, let's get rid of it..

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users