Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log...help! Tried Everything!


  • This topic is locked This topic is locked
8 replies to this topic

#1 Morpheus101

Morpheus101

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 13 February 2007 - 09:55 PM

Hey, I had a really bad weekend filled with Worms and Viruses and adware. Haha. I bought McAfee Virus Scan Plus 2007 and that took care of most things as did SpyHunter. Yet I still get these ads popping up and slowing me down a bit in Explorer. (DriveCleaner ads, WinAntiVirus2006 Ads, SearchFeed ads, Monster Market Place ads) Can anyone help me!? Thanks a lot. Here's the log.

Logfile of HijackThis v1.99.1
Scan saved at 9:52:30 PM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\mcafee\msc\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co....cab?10,0,910,0
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

BC AdBot (Login to Remove)

 


m

#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 14 February 2007 - 05:33 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 6). Please update and remove the older versions. Do the following:
Go to Start | Control Panel | Add/Remove Programs
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
Select it and click Remove.
Then download and install the newest version from here:
Java Runtime Environment (JRE) 6

Using My Computer/Windows Explorer, navigate to where you have HJT saved.
Right-click on the hijackthis.exe file.
Select "Rename", call it fluffybunny and press enter.
Use fluffybunny.exe from now on.

Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Now, please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.

Open the extracted SDFix folder and double click runThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any key and it will restart the PC.
When the PC restarts the fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post this in your next reply.

Please post me back the report.txt, along with a new HijackThis log (using fluffybunny).
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 Morpheus101

Morpheus101
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 14 February 2007 - 09:04 AM

Hey, Everything seemed to work out fine, but on the way back here to post the report, I got a an Ad pop up (Almost Fullscreen) for Bonus.com. :thumbsup: Here is the report from the SDFix thing. P.S. It seems like the pop ups are mostly related to the sites I go to or search for. Like if I'm at amazon, it will say "Amazon wants to offer you ten free ringtones!" Or if I search something on google, a pop up with its own search on what I typed in will come up. ALSO, some of my keystrokes are not happening when I am typing this, i hit a key but it doesnt type it.

SDFix: Version 1.65

Run by: Administrator - Wed 02/14/2007 @ 8:11:23.92

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
COM+ Messages

Path:
"C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272

COM+ Messages Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\Temp\win17C.tmp.exe - Deleted
C:\WINDOWS\Temp\win184.tmp.exe - Deleted
C:\WINDOWS\Temp\win1AB.tmp.exe - Deleted
C:\WINDOWS\Temp\win1B7.tmp.exe - Deleted
C:\WINDOWS\Temp\win1EE.tmp.exe - Deleted
C:\WINDOWS\Temp\win1FD.tmp.exe - Deleted
C:\WINDOWS\system32\unsvchosts.lzma - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted
C:\WINDOWS\Temp\win*.tmp - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Disabled:America Online 9.0"
"C:\\Program Files\\Kazaa Lite Resurrection\\kazaalite.kpp"="C:\\Program Files\\Kazaa Lite Resurrection\\kazaalite.kpp:*:Enabled:kazaalite"
"C:\\Program Files\\HTTP-Tunnel NG\\HTTPTunnelNG.exe"="C:\\Program Files\\HTTP-Tunnel NG\\HTTPTunnelNG.exe:*:Enabled:HTTPTunnelNG"
"C:\\Program Files\\Warez P2P Client\\warez.exe"="C:\\Program Files\\Warez P2P Client\\warez.exe:*:Enabled:Warez P2P Client"
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\bin\\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\morpheus01010110\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\morpheus01010110\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\morpheus01010110\\team fortress classic\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\morpheus01010110\\team fortress classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\DOCUME~1\\MATT(G~1\\LOCALS~1\\Temp\\win37C.tmp.exe"="C:\\DOCUME~1\\MATT(G~1\\LOCALS~1\\Temp\\win37C.tmp.exe:*:Enabled:win37C.tmp"
"C:\\WINDOWS\\TEMP\\win120.tmp.exe"="C:\\WINDOWS\\TEMP\\win120.tmp.exe:*:Enabled:win120.tmp"
"C:\\WINDOWS\\TEMP\\win1A5.tmp.exe"="C:\\WINDOWS\\TEMP\\win1A5.tmp.exe:*:Enabled:win1A5.tmp"
"C:\\WINDOWS\\TEMP\\win1E7.tmp.exe"="C:\\WINDOWS\\TEMP\\win1E7.tmp.exe:*:Enabled:win1E7.tmp"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Documents and Settings\Matt\My Documents\Black Eyed Peas - Monkey Business (2005) - Hip Hop [www.torrentazos.com]\AlbumArtSmall.jpg
C:\Documents and Settings\Matt\My Documents\Black Eyed Peas - Monkey Business (2005) - Hip Hop [www.torrentazos.com]\Folder.jpg
C:\Documents and Settings\Matt\My Documents\Black Eyed Peas - Monkey Business (2005) - Hip Hop [www.torrentazos.com]\Thumbs.db
C:\Documents and Settings\Matt\My Documents\Bowling For Soup - The Great Burrito Extortion Case (2006) - Alternative [www.torrentazos.com]\The Great Burrito Extortion Case\AlbumArtSmall.jpg
C:\Documents and Settings\Matt\My Documents\Bowling For Soup - The Great Burrito Extortion Case (2006) - Alternative [www.torrentazos.com]\The Great Burrito Extortion Case\AlbumArt_{C61267C9-14FE-44CB-B45B-601BC8AF27EF}_Large.jpg
C:\Documents and Settings\Matt\My Documents\Bowling For Soup - The Great Burrito Extortion Case (2006) - Alternative [www.torrentazos.com]\The Great Burrito Extortion Case\AlbumArt_{C61267C9-14FE-44CB-B45B-601BC8AF27EF}_Small.jpg
C:\Documents and Settings\Matt\My Documents\Bowling For Soup - The Great Burrito Extortion Case (2006) - Alternative [www.torrentazos.com]\The Great Burrito Extortion Case\desktop.ini
C:\Documents and Settings\Matt\My Documents\Bowling For Soup - The Great Burrito Extortion Case (2006) - Alternative [www.torrentazos.com]\The Great Burrito Extortion Case\Folder.jpg
C:\Documents and Settings\Matt\My Documents\Fiona Aple - Extraordinary Machine (2005) - Pop_Rock [www.torrentazos.com]\AlbumArtSmall.jpg
C:\Documents and Settings\Matt\My Documents\Fiona Aple - Extraordinary Machine (2005) - Pop_Rock [www.torrentazos.com]\AlbumArt_{4F3618EA-2819-4AC3-90FB-A0CBC3507BA9}_Large.jpg
C:\Documents and Settings\Matt\My Documents\Fiona Aple - Extraordinary Machine (2005) - Pop_Rock [www.torrentazos.com]\AlbumArt_{4F3618EA-2819-4AC3-90FB-A0CBC3507BA9}_Small.jpg
C:\Documents and Settings\Matt\My Documents\Fiona Aple - Extraordinary Machine (2005) - Pop_Rock [www.torrentazos.com]\desktop.ini
C:\Documents and Settings\Matt\My Documents\Fiona Aple - Extraordinary Machine (2005) - Pop_Rock [www.torrentazos.com]\Folder.jpg
C:\Documents and Settings\Matt\My Documents\Fiona Aple - Extraordinary Machine (2005) - Pop_Rock [www.torrentazos.com]\Thumbs.db
C:\Documents and Settings\Matt\My Documents\The Bloodhound Gang - Hefty Fine (2005) - Rock - www.torrentazos.com By FEFE2003\AlbumArtSmall.jpg
C:\Documents and Settings\Matt\My Documents\The Bloodhound Gang - Hefty Fine (2005) - Rock - www.torrentazos.com By FEFE2003\AlbumArt_{D3CDFCAA-0BB2-494B-B4F4-58AB862C8C43}_Large.jpg
C:\Documents and Settings\Matt\My Documents\The Bloodhound Gang - Hefty Fine (2005) - Rock - www.torrentazos.com By FEFE2003\AlbumArt_{D3CDFCAA-0BB2-494B-B4F4-58AB862C8C43}_Small.jpg
C:\Documents and Settings\Matt\My Documents\The Bloodhound Gang - Hefty Fine (2005) - Rock - www.torrentazos.com By FEFE2003\desktop.ini
C:\Documents and Settings\Matt\My Documents\The Bloodhound Gang - Hefty Fine (2005) - Rock - www.torrentazos.com By FEFE2003\Folder.jpg
C:\Documents and Settings\Matt\My Documents\The Bloodhound Gang - Hefty Fine (2005) - Rock - www.torrentazos.com By FEFE2003\Thumbs.db
C:\Documents and Settings\Matt\My Documents\The Game - Ghost Unit (2005) - Hip Hop - www.torrentazos.com By FEFE2003\The Game - Ghost Unit (2005) - Hip Hop - www.torrentazos.com By FEFE2003\AlbumArtSmall.jpg
C:\Documents and Settings\Matt\My Documents\The Game - Ghost Unit (2005) - Hip Hop - www.torrentazos.com By FEFE2003\The Game - Ghost Unit (2005) - Hip Hop - www.torrentazos.com By FEFE2003\AlbumArt_{00E4CEC8-B5CA-43D1-80FF-A88FC907D7A0}_Large.jpg
C:\Documents and Settings\Matt\My Documents\The Game - Ghost Unit (2005) - Hip Hop - www.torrentazos.com By FEFE2003\The Game - Ghost Unit (2005) - Hip Hop - www.torrentazos.com By FEFE2003\AlbumArt_{00E4CEC8-B5CA-43D1-80FF-A88FC907D7A0}_Small.jpg
C:\Documents and Settings\Matt\My Documents\The Game - Ghost Unit (2005) - Hip Hop - www.torrentazos.com By FEFE2003\The Game - Ghost Unit (2005) - Hip Hop - www.torrentazos.com By FEFE2003\desktop.ini
C:\Documents and Settings\Matt\My Documents\The Game - Ghost Unit (2005) - Hip Hop - www.torrentazos.com By FEFE2003\The Game - Ghost Unit (2005) - Hip Hop - www.torrentazos.com By FEFE2003\Folder.jpg
C:\Documents and Settings\Matt\My Documents\The Offspring - Greatest Hits (Advance 2005) - Punk [www.torrentazos.com]\AlbumArtSmall.jpg
C:\Documents and Settings\Matt\My Documents\The Offspring - Greatest Hits (Advance 2005) - Punk [www.torrentazos.com]\AlbumArt_{E5895E79-09DE-46A7-ADAD-FA8D401502F3}_Large.jpg
C:\Documents and Settings\Matt\My Documents\The Offspring - Greatest Hits (Advance 2005) - Punk [www.torrentazos.com]\AlbumArt_{E5895E79-09DE-46A7-ADAD-FA8D401502F3}_Small.jpg
C:\Documents and Settings\Matt\My Documents\The Offspring - Greatest Hits (Advance 2005) - Punk [www.torrentazos.com]\desktop.ini
C:\Documents and Settings\Matt\My Documents\The Offspring - Greatest Hits (Advance 2005) - Punk [www.torrentazos.com]\Folder.jpg
C:\Documents and Settings\Matt\My Documents\The Offspring - Greatest Hits (Advance 2005) - Punk [www.torrentazos.com]\Thumbs.db
C:\Documents and Settings\Matt\My Documents\TSOTRMERTSO\Obie Trice - Second Round's On Me - (ShadyBlock.Com)\Register_At_ShadyBlock.Com\AlbumArtSmall.jpg
C:\Documents and Settings\Matt\My Documents\TSOTRMERTSO\Obie Trice - Second Round's On Me - (ShadyBlock.Com)\Register_At_ShadyBlock.Com\AlbumArt_{8940A39F-03E9-4467-A213-9EAAA3529F6D}_Large.jpg
C:\Documents and Settings\Matt\My Documents\TSOTRMERTSO\Obie Trice - Second Round's On Me - (ShadyBlock.Com)\Register_At_ShadyBlock.Com\AlbumArt_{8940A39F-03E9-4467-A213-9EAAA3529F6D}_Small.jpg
C:\Documents and Settings\Matt\My Documents\TSOTRMERTSO\Obie Trice - Second Round's On Me - (ShadyBlock.Com)\Register_At_ShadyBlock.Com\desktop.ini
C:\Documents and Settings\Matt\My Documents\TSOTRMERTSO\Obie Trice - Second Round's On Me - (ShadyBlock.Com)\Register_At_ShadyBlock.Com\Folder.jpg
C:\Documents and Settings\Matt\Local Settings\Temp\gglduoja.dll
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\iSetup.dll
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\WinDVD\iSetup.dll
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\WinDVD\Viasetup.dll
C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\_Setupx.dll
C:\WINDOWS\SYSTEM32\AVSredirect.dll
C:\WINDOWS\SYSTEM32\cygwin1.dll
C:\WINDOWS\SYSTEM32\cygz.dll
C:\WINDOWS\SYSTEM32\i420vfw.dll
C:\WINDOWS\SYSTEM32\khfghff.dll
C:\WINDOWS\SYSTEM32\opnolih.dll
C:\WINDOWS\SYSTEM32\Smab.dll
C:\WINDOWS\SYSTEM32\urqrssr.dll
C:\WINDOWS\SYSTEM32\yv12vfw.dll
C:\Documents and Settings\All Users\Application Data\svchost.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\IviAspi.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\Setup.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\HHUPD.EXE
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\InformationService.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\VCREDIST.EXE
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\WMFDist9.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\GoogleDesktopSearch\GoogleDesktopSearchSetup_de.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\GoogleDesktopSearch\GoogleDesktopSearchSetup_en.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\GoogleDesktopSearch\GoogleDesktopSearchSetup_es.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\GoogleDesktopSearch\GoogleDesktopSearchSetup_fr.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\GoogleDesktopSearch\GoogleDesktopSearchSetup_it.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\GoogleDesktopSearch\GoogleDesktopSearchSetup_ja.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\GoogleDesktopSearch\GoogleDesktopSearchSetup_zh-cn.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\GoogleDesktopSearch\GoogleDesktopSearchSetup_zh-tw.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\GoogleToolBar\GoogleToolbarInstaller_de.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\GoogleToolBar\GoogleToolbarInstaller_en.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\GoogleToolBar\GoogleToolbarInstaller_es.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\GoogleToolBar\GoogleToolbarInstaller_fr.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\GoogleToolBar\GoogleToolbarInstaller_it.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\GoogleToolBar\GoogleToolbarInstaller_ja.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\GoogleToolBar\GoogleToolbarInstaller_ko.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\GoogleToolBar\GoogleToolbarInstaller_nl.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\GoogleToolBar\GoogleToolbarInstaller_zh-CN.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\DVDCopy\3rdPartyApp\GoogleToolBar\GoogleToolbarInstaller_zh-TW.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\WinDVD\selfDel.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\WinDVD\Setup.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\WinDVD\3rdPartyApp\aspiinst.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\WinDVD\3rdPartyApp\atl.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\WinDVD\3rdPartyApp\HHUPD.EXE
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\WinDVD\3rdPartyApp\InformationService.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\WinDVD\3rdPartyApp\InterActual\install.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\WinDVD\3rdPartyApp\InterActual\win\setup\iauninst.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\WinDVD\3rdPartyApp\InterActual\win\setup\INUNINST.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\WinDVD\3rdPartyApp\Msi\InstMsiA.exe
C:\Documents and Settings\Matt\My Documents\Ulead_DVD_Movie_Factory_5_Plus\Utilities\WinDVD\3rdPartyApp\Msi\InstMsiW.exe
C:\Program Files\Common Files\svchost.exe
C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\Setup.exe
C:\WINDOWS\meta4.exe
C:\WINDOWS\MOTA113.exe
C:\WINDOWS\x2.64.exe
C:\WINDOWS\SYSTEM32\x.264.exe
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\Matt\Local Settings\Temp\qpgishs23dl5.tmp
C:\Documents and Settings\Matt\My Documents\Word 2003 2e\UnitD\~WRL0005.tmp

Finished

And here is the new Hijack This...


Logfile of HijackThis v1.99.1
Scan saved at 9:02:07 AM, on 2/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\FluffyBunny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4090CCBD-7E49-B399-7D43-0936073563EB} - C:\WINDOWS\system32\tsjsru.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\xfxkoyys.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {A22BEDA9-E441-44DD-8007-8FC47C451237} - C:\WINDOWS\system32\iifefda.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {EADB9E6F-B646-4E79-9F88-916A1625509D} - C:\WINDOWS\system32\ddcyv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co....cab?10,0,910,0
O20 - Winlogon Notify: ddcyv - C:\WINDOWS\system32\ddcyv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: iifefda - C:\WINDOWS\SYSTEM32\iifefda.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Thanks again by the way, I'll be sure to make a donation. (This keystroke thing is really annoying.)

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 14 February 2007 - 11:50 AM

Hey Morpheus101,
Just to let you know that you have quite a lot of malware installed on your computer, so we'll need to download a few programs, and perfrom a few scans until everything is removed..

You are using peer-to-peer programs.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. From your SDFix I can see that you are using a wide variety of peer-to-peer programs, and that you are downloading albums via torrents. The thing with downloading torrents is that most of the time they come with infections, and it is impossible to tell if they are clean or not until it is too late.
The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.
For more information about infections as a result of p2p programs, take a look here: http://p2p.malwareremoval.com/

Please download VundoFix to your Desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove.
VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please post me back vundofix.txt and a new HijackThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 Morpheus101

Morpheus101
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 14 February 2007 - 11:03 PM

Hey, I tried that but It was still happening. I realized there was a bunch of random DLL's running under the "Add-ons" section in IE. When I disabled them, The problems with pop-ups stopped. When I restart the computer however, one comes back everytime. Some DLL's are...

iifefda.dll
pmkhg.dll
xfxkoyys.dll
tsjsru.dll
ddcyv.dll
tfswshx.dll


Don't know which was causing the problem but it is gone when these are disabled...

Any suggestions?

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 15 February 2007 - 04:00 AM

Hi again,

Hey, I tried that but It was still happening. I realized there was a bunch of random DLL's running under the "Add-ons" section in IE. When I disabled them, The problems with pop-ups stopped. When I restart the computer however, one comes back everytime. Some DLL's are...

iifefda.dll
pmkhg.dll
xfxkoyys.dll
tsjsru.dll
ddcyv.dll
tfswshx.dll

These files are related to Vundo, so please run VundoFix again for me, as this should remove them. I really need the log from this as it will tell me if the removal has been successful or not, so can you post it for me in your next reply? If there are some files it can't remove, there are other ways we can get rid of them...
So, please post me back the VundoFix log, and a new HijackThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 Morpheus101

Morpheus101
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 15 February 2007 - 09:46 AM

Hey, It seems everything is running much better now. Thanks a lot. Here is the newest Hijack. (After Vundo)

P.S. Is it weird to have like... 8 SVCHOST.EXE running in proccesses?

Logfile of HijackThis v1.99.1
Scan saved at 9:42:43 AM, on 2/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Hijackthis\FluffyBunny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2AD9CFDA-F1D0-45DE-8724-324C2C77A9C5} - C:\WINDOWS\system32\pmkhg.dll (file missing)
O2 - BHO: (no name) - {4090CCBD-7E49-B399-7D43-0936073563EB} - C:\WINDOWS\system32\tsjsru.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\xfxkoyys.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {A22BEDA9-E441-44DD-8007-8FC47C451237} - C:\WINDOWS\system32\iifefda.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {EADB9E6F-B646-4E79-9F88-916A1625509D} - C:\WINDOWS\system32\ddcyv.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co....cab?10,0,910,0
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 15 February 2007 - 01:21 PM

Can I have the contents of C:\Vundofix.txt as well, please?
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 24 February 2007 - 06:15 PM

Due to lack of feedback, this topic is now closed.

If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter.

Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users