Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Something, Slow Ie & Freezes


  • Please log in to reply
21 replies to this topic

#1 thisismak

thisismak

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 09 April 2007 - 05:18 AM

Hi everyone, thanks for this, any help would really be appreciated.

Panda AntiVirus tells me I am infected with Virtumonde, Vundo & WinAntivuris2006.
I ran VundoFix and used "remove vundo" on the files.
But its still persisting with no change.

Here are my VundoFix logs and Hijackthis log (Hijack log done after vundofix)
I have since updated my Java to the latest.

Thanks again...
Mak.

_______________________


VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 1:42:55 PM 4/10/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\nqtwa.bak1
C:\WINDOWS\system32\nqtwa.bak2
C:\WINDOWS\system32\nqtwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\awtqn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqtwa.bak1
C:\WINDOWS\system32\nqtwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqtwa.bak2
C:\WINDOWS\system32\nqtwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\nqtwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 2:13:08 PM 4/10/2007

Listing files found while scanning....

C:\WINDOWS\system32\ccbeg.bak1
C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\gebcc.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ccbeg.bak1
C:\WINDOWS\system32\ccbeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\ccbeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\gebcc.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 2:47:28 PM 4/10/2007

Listing files found while scanning....

______________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 3:42:44 PM, on 4/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\iRiver\PMPSeries\PMPDetect.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [PMP-100] C:\Program Files\iRiver\PMPSeries\PMPDetect.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

Edited by thisismak, 10 April 2007 - 12:52 AM.


BC AdBot (Login to Remove)

 


m

#2 tink536

tink536

    **pixie in training**


  • Members
  • 1,853 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Honolulu, Hawaii
  • Local time:04:36 PM

Posted 11 April 2007 - 06:44 AM

Hi thisismak,
Welcome to the forums & sorry for the delay.

I am looking over your log at the moment and will post back soon.

:thumbsup: Tink

Posted Image
Posted Image
I search for Sjogrens Syndrome Foundation...Who will you search for?


#3 tink536

tink536

    **pixie in training**


  • Members
  • 1,853 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Honolulu, Hawaii
  • Local time:04:36 PM

Posted 11 April 2007 - 09:40 AM

Hi again thisismak,
The Vundo infection is preventing some entries in HijackThis from being present.

Go to the folder where Hijackthis is kept and rename the hijackthis application to "showme".
This can be done by right clicking on the program and clicking "rename".
Press enter, then open "showme.exe" by double clicking.
Post a new Hijackthis log from the newly named application.

With your HijackThis log, can you please include an Uninstall Log.
To get an Uninstall log, open HijackThis > Config... > Misc Tools > Open Uninstall Manager > Save list.
A notepad will pop-up after it's saved, please copy everything in that Notepad and paste it here.

Thanks,
:thumbsup: Tink

Posted Image
Posted Image
I search for Sjogrens Syndrome Foundation...Who will you search for?


#4 thisismak

thisismak
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 11 April 2007 - 07:37 PM

Hi Tink :thumbsup: Thanks so much for your help, you're the best!

Changed name to showme & here are the logs as requested (had to temporarily disable panda as it blocked hijackthis)

Also had a helpctr.exe buffer overflow, with the program running about 15 times in my task manager and
taking 100% of the CPU. Had to force shutdown. Don't know what that program is or if its of any significance.

Thanks again for your help. Mak.
__________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 10:15:28 AM, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\iRiver\PMPSeries\PMPDetect.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HijackThis\showme.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {220E0425-9C07-4EAC-8693-55AD3ABBBF2D} - C:\WINDOWS\system32\geeda.dll (file missing)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {395E146F-3E1D-4E36-A588-AFBFDD405052} - (no file)
O2 - BHO: (no name) - {4ED24BF5-63E1-4C04-BED5-38F9D359FE2B} - C:\WINDOWS\system32\mljgg.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\bqyufrep.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7F5FFCB8-4838-43CD-80EA-A7EC9C744281} - C:\WINDOWS\system32\ljjijjj.dll
O2 - BHO: (no name) - {84281525-E788-4DEC-86A4-1FEB677DB396} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [PMP-100] C:\Program Files\iRiver\PMPSeries\PMPDetect.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: ljjijjj - C:\WINDOWS\SYSTEM32\ljjijjj.dll
O20 - Winlogon Notify: mljgg - C:\WINDOWS\system32\mljgg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
____________________________________________

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
Allok QuickTime to AVI MPEG DVD Converter 1.3.0
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bluetooth by hp
Broadcom 802.11 Driver
CCleaner (remove only)
Conexant AC-97 Audio
Conexant Data Fax Modem with SmartCP
Core FTP LE 1.3c
Creative Live! Cam Vista IM Driver (1.01.03.1104)
Creative Live! Cam Vista IM User's Guide (English)
Creative Software AutoUpdate
Creative System Information
Creative WebCam Center
dBpowerAMP Mp4 Codec
dBpowerAMP Music Converter
dBPowerAMP Real Audio Encoder R3
dBpowerAMP Winamp Codec
Dexster V3.0
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
GetRight
Google Earth
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB929120)
HP Help and Support
HP Wireless Assistant
InterVideo WinDVD
iriver Music Manager
iRiver PMP Series Manager VER 1.00
iRiver Updater
Java™ SE Runtime Environment 6 Update 1
JetShell for JNC M3
LiveUpdate BVRP Software
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
mobile PhoneTools
MSXML 4.0 SP2 (KB927978)
muvee autoProducer 3.5 - SE
Nero 7
neroxml
Panda Internet Security 2007
Quick Launch Buttons 5.10 A2
QuickTime
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Skype 3.0
Skype Plugin Manager
Sonic Foundry ACID 4.0
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy 1.4
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
TMPGEnc 3.0 XPress
TMPGEnc DVD Author 1.6
TMPGEnc MPEG Editor
TMPGEnc Sound Player
Turbo Lister 2
Ultra QuickTime Converter 1.4.0
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Messenger

Edited by thisismak, 12 April 2007 - 05:37 AM.


#5 tink536

tink536

    **pixie in training**


  • Members
  • 1,853 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Honolulu, Hawaii
  • Local time:04:36 PM

Posted 12 April 2007 - 08:08 AM

Hi again mak,

:flowers: Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • If it says "No infected files were found", right-click the list box (white box) in the main VundoFix window.
  • Select "Add More Files?" from the menu that comes up.
  • This will open a new VundoFix window that says "Paste files into the boxes below:"
  • In that window, copy and paste the following file path in the first (top) field:
    C:\WINDOWS\system32\mljgg.dll
  • Now copy and paste the following file path in the second field:
    C:\WINDOWS\system32\ljjijjj.dll
  • Click the 'Add Files' button.
  • Click the 'Close Window' button.
  • Click the 'Remove Vundo' button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

:thumbsup: Download and install AVG Anti-Spyware v7.5.
  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them unaccessible for doing a scan. If this is the case, then you may have to run your scan in normal mode and advise your helper afterwards.)

Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
  • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can can continue to use as an on-demand scanner or you may purchase a license to use the full version.

Please post back with
  • vundofix.txt
  • AVG report
  • HijackThis log
Thanks,
:huh: Tink

Posted Image
Posted Image
I search for Sjogrens Syndrome Foundation...Who will you search for?


#6 thisismak

thisismak
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 12 April 2007 - 10:30 AM

Hi Tink,
As requested:

VundoFix V6.3.19

Checking Java version...

Scan started at 11:40:03 PM 4/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\unkepwat.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\mljgg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\unkepwat.dll
C:\WINDOWS\system32\unkepwat.dll Has been deleted!

Performing Repairs to the registry.
Done!

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:13:44 AM 4/13/2007

+ Scan result:



C:\System Volume Information\_restore{8C045BC1-E6DC-44E2-9073-6764A5265AA0}\RP162\A0026188.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).


::Report end

____________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 1:23:39 AM, on 4/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\iRiver\PMPSeries\PMPDetect.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\Upgrader.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\avciman.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HijackThis\showme.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {220E0425-9C07-4EAC-8693-55AD3ABBBF2D} - C:\WINDOWS\system32\geeda.dll (file missing)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {395E146F-3E1D-4E36-A588-AFBFDD405052} - (no file)
O2 - BHO: (no name) - {48FC111B-C202-48DD-8113-CB24DFB45F60} - C:\WINDOWS\system32\mljgg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\bqyufrep.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7F5FFCB8-4838-43CD-80EA-A7EC9C744281} - C:\WINDOWS\system32\ljjijjj.dll (file missing)
O2 - BHO: (no name) - {84281525-E788-4DEC-86A4-1FEB677DB396} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [PMP-100] C:\Program Files\iRiver\PMPSeries\PMPDetect.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: ljjijjj - ljjijjj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
__________________________________

Thanks heaps :thumbsup: mak.

#7 tink536

tink536

    **pixie in training**


  • Members
  • 1,853 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Honolulu, Hawaii
  • Local time:04:36 PM

Posted 13 April 2007 - 04:52 AM

Hi mak,
Just a few more steps to complete. :thumbsup:

Run HijackThis and check the boxes next to the following entries:
O2 - BHO: (no name) - {220E0425-9C07-4EAC-8693-55AD3ABBBF2D} - C:\WINDOWS\system32\geeda.dll (file missing)
O2 - BHO: (no name) - {395E146F-3E1D-4E36-A588-AFBFDD405052} - (no file)
O2 - BHO: (no name) - {48FC111B-C202-48DD-8113-CB24DFB45F60} - C:\WINDOWS\system32\mljgg.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\bqyufrep.dll (file missing)
O2 - BHO: (no name) - {7F5FFCB8-4838-43CD-80EA-A7EC9C744281} - C:\WINDOWS\system32\ljjijjj.dll (file missing)
O2 - BHO: (no name) - {84281525-E788-4DEC-86A4-1FEB677DB396} - (no file)

O20 - Winlogon Notify: ljjijjj - ljjijjj.dll (file missing)


Close all other browsers and windows and hit "Fix Checked"

Restart your computer.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with:
  • HijackThis log
  • Kaspersky log
Also, please let us know how your system is running.

Thanks,
:flowers: Tink

Posted Image
Posted Image
I search for Sjogrens Syndrome Foundation...Who will you search for?


#8 thisismak

thisismak
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 18 May 2007 - 10:01 AM

Hi Tink,

Sorry for taking so long. Didn't have access to the net so wasn't using computer.
It appeared to be running fine but since getting online again the popups are all back.
The computer has also crashed on startup a few times and rebooted itself without me
toching a thing.

Have included my new HJT , Vundo Fix & AVG Logs
Followed all steps we did before, including the AVG scan in safe mode, but it still seems to be there.


Thanks again Tink, I really appreciate your help.

Mak.

________________________
VundoFix V6.3.19

Checking Java version...

Scan started at 10:53:30 PM 5/18/2007

Listing files found while scanning....

C:\WINDOWS\system32\cccdd.bak1
C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\opnooll.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cccdd.bak1
C:\WINDOWS\system32\cccdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\cccdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\ddccc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnooll.dll
C:\WINDOWS\system32\opnooll.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Beginning removal...

VundoFix V6.3.19

Checking Java version...

VundoFix V6.3.19

Checking Java version...

Scan started at 11:40:03 PM 4/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\unkepwat.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\mljgg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\unkepwat.dll
C:\WINDOWS\system32\unkepwat.dll Has been deleted!

Performing Repairs to the registry.
Done!

________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 12:49:06 AM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\iRiver\PMPSeries\PMPDetect.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\showme.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\avciman.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} - C:\WINDOWS\system32\wvursqp.dll
O2 - BHO: (no name) - {47D07045-26C4-4096-BF28-51CE5665F050} - C:\WINDOWS\system32\mljgf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\lkhoxowh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [PMP-100] C:\Program Files\iRiver\PMPSeries\PMPDetect.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\ruwwgsnt.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: mljgf - C:\WINDOWS\system32\mljgf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wvursqp - C:\WINDOWS\SYSTEM32\wvursqp.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe


_________________________________________

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:13:50 PM 5/18/2007

+ Scan result:



Nothing found.


::Report end

________________________

-- P.S - Not sure why AVG is saying nothing found, as it said it did find virtumonde - specifically the "opnooll.dll file" in the quarantine section of Adaware and it deleted it from there.

Edited by thisismak, 18 May 2007 - 08:30 PM.


#9 thisismak

thisismak
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 18 May 2007 - 09:05 PM

Also ran ComboFix and forgot to include log from that:

"User" - 2007-05-19 11:36:49 Service Pack 2
ComboFix 07-05.19.5.V - Running from: "C:\Documents and Settings\User\Desktop\"


/wow section - STAGE #5C

Unable to gain System Privileges

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bbxftmvk.dll
C:\WINDOWS\system32\lkhoxowh.dll
C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\ruwwgsnt.dll
C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\gjllm.ini
C:\WINDOWS\system32\tnsgwwur.ini
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\wvursqp.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\bund1


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-19 ))))))))))))))))))))))))))))))))))


2007-05-19 11:49 92,544 --a------ C:\WINDOWS\system32\drivers\av5flt.sys
2007-05-18 22:53 <DIR> d-------- C:\VundoFix Backups
2007-05-18 22:22 31,828 ---hs---- C:\WINDOWS\system32\vtsts.exe
2007-05-18 20:26 33,280 --a------ C:\WINDOWS\system32\HUFFYUV.DLL
2007-05-18 20:22 <DIR> d-------- C:\Program Files\Total Video Converter
2007-05-18 20:04 <DIR> d-------- C:\DOCUME~1\User\.drdivx2
2007-05-14 17:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-05-14 16:12 <DIR> d-------- C:\Program Files\avijoin
2007-05-14 16:09 <DIR> d-------- C:\Program Files\Allok AVI MPEG Converter
2007-05-14 16:01 <DIR> d-------- C:\Program Files\AVI DivX MPEG to DVD Converter & Burner Pro
2007-05-11 15:00 <DIR> d-------- C:\Program Files\Riva
2007-05-11 14:51 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2007-05-11 14:51 332,288 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-05-11 14:51 17,408 --a------ C:\WINDOWS\system32\shctxex.dll
2007-05-11 14:39 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-05-09 12:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-05 12:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-05-05 00:31 <DIR> d-------- C:\Program Files\IncrediMail
2007-05-04 10:08 50,934 --------- C:\WINDOWS\system32\drivers\vvpciusb.sys
2007-05-04 10:08 50,911 --------- C:\WINDOWS\system32\drivers\vvbususb.sys
2007-05-04 10:08 28,857 --------- C:\WINDOWS\system32\drivers\enethusb.sys
2007-05-04 10:08 15,332 --------- C:\WINDOWS\system32\drivers\vvbeth.sys
2007-05-04 10:08 15,309 --------- C:\WINDOWS\system32\drivers\vvbetht.sys
2007-05-04 10:08 <DIR> d-------- C:\Program Files\Siemens Subscriber Networks
2007-05-04 10:08 <DIR> d-------- C:\Program Files\OptusNet DSL Internet
2007-05-04 10:06 49,152 --a------ C:\WINDOWS\system32\enclss32.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-18 11:31:40 -------- d-----w C:\Program Files\FlashGet
2007-05-18 10:04:21 -------- d-----w C:\Program Files\DivX
2007-05-15 09:54:02 -------- d-----w C:\DOCUME~1\User\APPLIC~1\Skype
2007-05-14 07:38:35 -------- d-----w C:\DOCUME~1\User\APPLIC~1\Ahead
2007-05-09 07:48:30 -------- d-----w C:\Program Files\Yahoo!
2007-05-07 11:57:52 -------- d-----w C:\Program Files\GetRight
2007-04-18 04:46:55 -------- d-----w C:\Program Files\Acoustica Mixcraft 3
2007-04-15 06:16:42 -------- d-----w C:\DOCUME~1\User\APPLIC~1\Acoustica
2007-04-15 06:16:36 -------- d-----w C:\Program Files\VST
2007-04-15 06:16:28 -------- d-----w C:\Program Files\Acoustica Shared Effects
2007-04-14 06:20:03 -------- d-----w C:\Program Files\Sonic
2007-04-12 02:24:43 -------- d-----w C:\Program Files\mp3 tools
2007-04-12 02:22:33 114,688 ----a-w C:\WINDOWS\system32\msvos.dll
2007-04-12 02:13:55 -------- d-----w C:\Program Files\Mini-stream
2007-04-10 02:55:53 -------- d-----w C:\Program Files\CCleaner
2007-04-09 08:22:04 -------- d-----w C:\Program Files\WebcamF
2007-04-09 07:53:18 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-09 07:51:14 -------- d-----w C:\Program Files\Panda Software
2007-04-09 07:38:38 -------- d-----w C:\Program Files\Common Files\Panda Software
2007-04-09 06:38:20 -------- d-----w C:\DOCUME~1\User\APPLIC~1\Lavasoft
2007-04-09 06:35:02 -------- d-----w C:\Program Files\Lavasoft
2007-04-09 06:34:16 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-04-08 10:02:26 -------- d-----w C:\DOCUME~1\User\APPLIC~1\Paltalk
2007-04-07 13:05:40 -------- d-----w C:\Program Files\Allok QuickTime to AVI MPEG DVD Converter
2007-04-07 12:51:36 -------- d-----w C:\Program Files\Common Files\Download Manager
2007-04-07 12:47:58 -------- d-----w C:\Program Files\virtual dub
2007-04-07 12:47:35 -------- d-----w C:\Program Files\plugins
2007-04-07 12:47:35 -------- d-----w C:\Program Files\aviproxy
2007-04-02 09:51:38 -------- d-----w C:\Program Files\MSXML 4.0
2007-04-01 12:53:00 -------- d-----w C:\DOCUME~1\User\APPLIC~1\Creative
2007-04-01 12:51:54 -------- d-----w C:\Program Files\Creative
2007-04-01 11:24:06 -------- d-----w C:\Program Files\Common Files\Ahead
2007-04-01 11:21:42 -------- d-----w C:\Program Files\Nero
2007-03-22 04:20:36 -------- d-----w C:\DOCUME~1\User\APPLIC~1\Sonic
2007-03-22 04:20:07 -------- d-----w C:\DOCUME~1\User\APPLIC~1\Leadertech
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 10:31:11 -------- d-----w C:\Program Files\newp2k
2007-03-15 09:54:37 -------- d-----w C:\Program Files\P2K Drivers 2.9
2007-03-15 09:31:17 -------- d-----w C:\Program Files\mobile PhoneTools
2007-03-14 09:27:58 972,336 ----a-w C:\WINDOWS\UNRecode.exe
2007-03-14 09:20:38 133,168 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-03-14 09:20:36 11,568 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-03-14 09:19:56 95,864 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-03-14 09:19:26 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
2007-03-13 02:51:06 -------- d-----w C:\Program Files\LiveUpdate
2007-03-12 03:51:08 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-03-10 02:05:09 -------- d-----w C:\DOCUME~1\User\APPLIC~1\Real
2007-03-09 06:43:01 -------- d-----w C:\DOCUME~1\User\APPLIC~1\CoreFTP
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-05 03:34:28 676,224 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
2007-02-28 10:53:50 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
2007-02-28 05:41:02 972,336 ----a-w C:\WINDOWS\UNNeroShowTime.exe
2007-02-23 04:29:58 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-02-23 04:29:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-02-23 04:29:49 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-02-23 04:29:49 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-02-23 04:25:24 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-02-23 04:25:24 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-02-23 04:25:23 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-02-23 04:25:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-02-23 04:25:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-02-23 04:25:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-02-23 04:25:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-02-23 04:25:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-02-23 04:25:19 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-02-23 04:25:19 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-02-23 04:25:19 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-02-23 04:25:19 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2007-02-16 01:40:35 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 13:17]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-01-29 19:46]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-01-15 13:40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 22:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 22:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 22:00]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 04:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 04:38]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-21 20:05]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-10-22 11:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 16:23]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-15 17:23]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-11-13 14:43]
"PMP-100"="C:\Program Files\iRiver\PMPSeries\PMPDetect.exe" [2004-07-05 13:51]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2006-10-11 12:09]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe" [2006-02-01 18:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]


Heres a new HJT Log (currently program name is ShowMe):

Logfile of HijackThis v1.99.1
Scan saved at 12:02, on 2007-05-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\ComboFix\944.cfexe
C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis\showme.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [PMP-100] C:\Program Files\iRiver\PMPSeries\PMPDetect.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

Thanks again!!

Edited by thisismak, 18 May 2007 - 09:07 PM.


#10 tink536

tink536

    **pixie in training**


  • Members
  • 1,853 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Honolulu, Hawaii
  • Local time:04:36 PM

Posted 18 May 2007 - 09:07 PM

Hi thisismak,
Welcome back. :flowers:

Did you run Combofix before or after HijackThis?
EDIT: NVM, I see your new HJT log at the end. :thumbsup:

Edited by tink536, 18 May 2007 - 09:08 PM.

Posted Image
Posted Image
I search for Sjogrens Syndrome Foundation...Who will you search for?


#11 tink536

tink536

    **pixie in training**


  • Members
  • 1,853 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Honolulu, Hawaii
  • Local time:04:36 PM

Posted 19 May 2007 - 05:59 AM

Hi Mak,
It looks like Combofix & Vundofix took care of the Vundo, but I need you to run this online scan just to be sure.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image
Posted Image
I search for Sjogrens Syndrome Foundation...Who will you search for?


#12 thisismak

thisismak
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 22 May 2007 - 01:19 AM

Hey Tink,
Heres the log from the online scan. Thanks.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2007-05-22 16:12
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/05/2007
Kaspersky Anti-Virus database records: 325757
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 49019
Number of viruses found: 5
Number of infected objects: 9 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:33:17

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Identities\{75AD4F1F-46CB-47DC-BDC9-A4D7DAF68721}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Identities\{75AD4F1F-46CB-47DC-BDC9-A4D7DAF68721}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\MSHist012007052220070523\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\ntuser.dat Object is locked skipped
C:\Documents and Settings\User\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\User\UserData\index.dat Object is locked skipped
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\MshConf\scoffset.bin.incr Object is locked skipped
C:\Program Files\Panda Software\Panda Internet Security 2007\PSK_NAMES2_3 Object is locked skipped
C:\Program Files\Panda Software\Panda Internet Security 2007\PSK_NAMES_3 Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bbxftmvk.dll.vir Infected: Trojan.Win32.BHO.g skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lkhoxowh.dll.vir Infected: Trojan.Win32.BHO.g skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mljgf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mlljg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ruwwgsnt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wvursqp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.it skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\VundoFix Backups\ddccc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\VundoFix Backups\pmnlm.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{5FCEFEB7-04ED-4F34-B175-E547821AB2E0}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\vtsts.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.id skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#13 tink536

tink536

    **pixie in training**


  • Members
  • 1,853 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Honolulu, Hawaii
  • Local time:04:36 PM

Posted 22 May 2007 - 08:38 PM

Hi Mak,

:flowers: Please run VundoFix again.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • If it says "No infected files were found", right-click the list box (white box) in the main VundoFix window.
  • Select "Add More Files?" from the menu that comes up.
  • This will open a new VundoFix window that says "Paste files into the boxes below:"
  • In that window, copy and paste the following file path in the first (top) field:
    C:\WINDOWS\system32\vtsts.exe
  • Click the 'Add Files' button.
  • Click the 'Close Window' button.
  • Click the 'Remove Vundo' button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.


:thumbsup: Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

In your next reply, please include:
  • vundofix.txt
  • WinPFind3U log
:huh: Tink

Posted Image
Posted Image
I search for Sjogrens Syndrome Foundation...Who will you search for?


#14 thisismak

thisismak
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 23 May 2007 - 12:10 AM

Hey Tink, Hope you are well. Thanks for your help :thumbsup:
Not sure if this is of concern, but when I go to start menu -> turn off computer
My desktop goes blank and I get a pop up that windows preventer or something like that has blocked an operation and
then I get another message that windows has recovered from a serious error. When I go to turn it off again its fine.
Besides that, things seem to be back to normal...

VundoFix V6.3.19

Checking Java version...

Scan started at 14:13:42 2007-05-23

Listing files found while scanning....

No infected files were found.

Beginning removal...

Attempting to delete C:\WINDOWS\system32\vtsts.exe
C:\WINDOWS\system32\vtsts.exe Has been deleted!

Performing Repairs to the registry.
Done!


WinPFind3 logfile created on: 2007-05-23 14:49:09
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\User\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

510.48 Mb Total Physical Memory | 158.46 Mb Available Physical Memory | 31.04% Memory free
1.22 Gb Paging File | 0.85 Gb Available in Paging File | 69.75% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 14.08 Gb Free Space | 18.90% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: OWNER-2284DBFD8
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
apvxdwin.exe -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\apvxdwin.exe -> Panda Software International [Ver = 7.10.06.02 | Size = 364544 bytes | Modified Date = 2006-10-11 12:09:16 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4111 | Size = 425984 bytes | Modified Date = 2004-12-22 07:30:44 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4111 | Size = 425984 bytes | Modified Date = 2004-12-22 07:30:44 | Attr = ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5137 | Size = 344064 bytes | Modified Date = 2004-12-21 20:05:00 | Attr = ]
avengine.exe -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\AVENGINE.EXE -> Panda Software International [Ver = 2, 0, 1840, 33 | Size = 106496 bytes | Modified Date = 2006-08-08 18:25:32 | Attr = ]
btstac~1.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTStackServer.exe -> WIDCOMM, Inc. [Ver = 3.0.1.905 | Size = 1249364 bytes | Modified Date = 2004-06-02 16:46:52 | Attr = ]
bttray.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> WIDCOMM, Inc. [Ver = 3.0.1.905 | Size = 565309 bytes | Modified Date = 2004-06-02 16:48:22 | Attr = ]
btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> WIDCOMM, Inc. [Ver = 3.0.1.905 | Size = 163840 bytes | Modified Date = 2004-06-03 12:14:16 | Attr = ]
eabservr.exe -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard [Ver = 5, 1, 1, 2 | Size = 290816 bytes | Modified Date = 2004-12-03 12:24:20 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 2006-09-29 00:13:20 | Attr = ]
hp wireless assistant.exe -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Company [Ver = 1, 0, 0, 30 | Size = 790528 bytes | Modified Date = 2004-12-08 16:23:22 | Attr = ]
hpqwmi.exe -> %ProgramFiles%\HPQ\shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 2 | Size = 98304 bytes | Modified Date = 2004-11-17 23:32:56 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 2007-03-14 03:43:44 | Attr = ]
lvcoms.exe -> %CommonProgramFiles%\Logitech\QCDriver\LVComS.exe -> Labtec [Ver = 5.6.2.1058 | Size = 98304 bytes | Modified Date = 2001-11-13 14:43:40 | Attr = ]
nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 2,0,5,0 | Size = 153136 bytes | Modified Date = 2007-03-12 13:49:26 | Attr = ]
nmindexingservice.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 2,0,5,0 | Size = 271920 bytes | Modified Date = 2007-03-12 13:49:46 | Attr = ]
nmindexstoresvr.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 2,0,5,0 | Size = 1209904 bytes | Modified Date = 2007-03-12 13:49:46 | Attr = ]
pavfnsvr.exe -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\PAVFNSVR.EXE -> Panda Software International [Ver = 7.06.03.00 | Size = 159744 bytes | Modified Date = 2006-07-21 12:22:32 | Attr = ]
pavprsrv.exe -> %CommonProgramFiles%\Panda Software\PavShld\PavPrSrv.exe -> Panda Software [Ver = 1.3.0.0 | Size = 32768 bytes | Modified Date = 2005-07-25 18:02:22 | Attr = ]
pavsrv51.exe -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\PAVSRV51.EXE -> Panda Software International [Ver = 2, 0, 1840, 32 | Size = 151552 bytes | Modified Date = 2006-08-08 18:26:18 | Attr = ]
pmpdetect.exe -> %ProgramFiles%\iRiver\PMPSeries\PMPDetect.exe -> Reigncom, Jonadan Jeon [Ver = 1, 0, 0, 0 | Size = 24576 bytes | Modified Date = 2004-07-05 13:51:02 | Attr = ]
pnmsrv.exe -> %ProgramFiles%\panda software\panda internet security 2007\FIREWALL\PNmSrv.exe -> Panda Software International [Ver = 3, 0, 0,21 | Size = 811008 bytes | Modified Date = 2006-08-02 14:05:54 | Attr = ]
psimsvc.exe -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\PsImSvc.exe -> Panda Software [Ver = 2, 6, 36, 0 | Size = 102400 bytes | Modified Date = 2006-07-04 14:25:34 | Attr = ]
pskmssvc.exe -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe -> Panda Software International [Ver = 1, 3, 1, 0 | Size = 411096 bytes | Modified Date = 2006-03-31 14:50:52 | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 2006-11-15 17:23:56 | Attr = ]
srvload.exe -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\SrvLoad.exe -> Panda Software International [Ver = 6.01.01.00 | Size = 73728 bytes | Modified Date = 2006-01-31 16:42:04 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.12.7 04Nov04 | Size = 688218 bytes | Modified Date = 2004-11-05 04:38:54 | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.12.7 04Nov04 | Size = 98394 bytes | Modified Date = 2004-11-05 04:40:08 | Attr = ]
tpsrv.exe -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\TPSrv.exe -> Panda Software [Ver = 7, 0, 2, 0 | Size = 348160 bytes | Modified Date = 2006-10-09 16:15:38 | Attr = ]
webproxy.exe -> %ProgramFiles%\panda software\panda internet security 2007\WebProxy.exe -> Panda Software International [Ver = 6, 2, 22, 533 | Size = 69632 bytes | Modified Date = 2006-06-29 11:04:42 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 2007-05-22 18:27:40 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4111 | Size = 425984 bytes | Modified Date = 2004-12-22 07:30:44 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 2006-09-29 00:13:20 | Attr = ]
(btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> WIDCOMM, Inc. [Ver = 3.0.1.905 | Size = 163840 bytes | Modified Date = 2004-06-03 12:14:16 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 22:00:00 | Attr = ]
(hpqwmi) HP WMI Interface [Win32_Own | On_Demand | Running] -> %ProgramFiles%\HPQ\shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 2 | Size = 98304 bytes | Modified Date = 2004-11-17 23:32:56 | Attr = ]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 3, 2 | Size = 779824 bytes | Modified Date = 2007-03-14 19:19:10 | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 2,0,5,0 | Size = 271920 bytes | Modified Date = 2007-03-12 13:49:46 | Attr = ]
(PAVFNSVR) Panda Function Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\PAVFNSVR.EXE -> Panda Software International [Ver = 7.06.03.00 | Size = 159744 bytes | Modified Date = 2006-07-21 12:22:32 | Attr = ]
(PavPrSrv) Panda Process Protection Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Panda Software\PavShld\PavPrSrv.exe -> Panda Software [Ver = 1.3.0.0 | Size = 32768 bytes | Modified Date = 2005-07-25 18:02:22 | Attr = ]
(PAVSRV) Panda anti-virus service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\PAVSRV51.EXE -> Panda Software International [Ver = 2, 0, 1840, 32 | Size = 151552 bytes | Modified Date = 2006-08-08 18:26:18 | Attr = ]
(pmshellsrv) Panda Antispam Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe -> Panda Software International [Ver = 1, 3, 1, 0 | Size = 411096 bytes | Modified Date = 2006-03-31 14:50:52 | Attr = ]
(PNMSRV) Panda Network Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\panda software\panda internet security 2007\FIREWALL\PNmSrv.exe -> Panda Software International [Ver = 3, 0, 0,21 | Size = 811008 bytes | Modified Date = 2006-08-02 14:05:54 | Attr = ]
(PSIMSVC) Panda IManager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\PsImSvc.exe -> Panda Software [Ver = 2, 6, 36, 0 | Size = 102400 bytes | Modified Date = 2006-07-04 14:25:34 | Attr = ]
(TPSrv) Panda TPSrv [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\TPSrv.exe -> Panda Software [Ver = 7, 0, 2, 0 | Size = 348160 bytes | Modified Date = 2006-10-09 16:15:38 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
APVXDWIN -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\apvxdwin.exe -> Panda Software International [Ver = 7.10.06.02 | Size = 364544 bytes | Modified Date = 2006-10-11 12:09:16 | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5137 | Size = 344064 bytes | Modified Date = 2004-12-21 20:05:00 | Attr = ]
Cpqset -> %ProgramFiles%\HPQ\Default Settings\Cpqset.exe -> [Ver = | Size = 229438 bytes | Modified Date = 2004-10-22 11:18:34 | Attr = ]
eabconfg.cpl -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard [Ver = 5, 1, 1, 2 | Size = 290816 bytes | Modified Date = 2004-12-03 12:24:20 | Attr = ]
hpWirelessAssistant -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Company [Ver = 1, 0, 0, 30 | Size = 790528 bytes | Modified Date = 2004-12-08 16:23:22 | Attr = ]
LVCOMS -> %CommonProgramFiles%\Logitech\QCDriver\LVComS.exe -> Labtec [Ver = 5.6.2.1058 | Size = 98304 bytes | Modified Date = 2001-11-13 14:43:40 | Attr = ]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 6 | Size = 153136 bytes | Modified Date = 2007-03-09 18:53:56 | Attr = ]
PMP-100 -> %ProgramFiles%\iRiver\PMPSeries\PMPDetect.exe -> Reigncom, Jonadan Jeon [Ver = 1, 0, 0, 0 | Size = 24576 bytes | Modified Date = 2004-07-05 13:51:02 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 2006-09-01 14:57:48 | Attr = ]
SCANINICIO -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\Inicio.exe -> Panda Software International [Ver = 6.1.1.1 | Size = 22528 bytes | Modified Date = 2006-02-01 18:13:08 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 2007-03-14 03:43:44 | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.12.7 04Nov04 | Size = 688218 bytes | Modified Date = 2004-11-05 04:38:54 | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.12.7 04Nov04 | Size = 98394 bytes | Modified Date = 2004-11-05 04:40:08 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 2006-11-15 17:23:56 | Attr = ]
UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 2003-08-19 00:01:00 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 2,0,5,0 | Size = 153136 bytes | Modified Date = 2007-03-12 13:49:26 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\BTTray.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> WIDCOMM, Inc. [Ver = 3.0.1.905 | Size = 565309 bytes | Modified Date = 2004-06-02 16:48:22 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 2006-09-29 00:13:28 | Attr = ]
{9652C062-F273-414C-B3DF-23FF4FADED88} [HKLM] -> Reg Data - Key not found [] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4111 | Size = 94208 bytes | Modified Date = 2004-12-22 07:30:50 | Attr = ]
avldr -> %System32%\avldr.dll -> Panda Software [Ver = 2, 0, 1840, 1 | Size = 45056 bytes | Modified Date = 2005-09-27 12:13:48 | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 2003-11-03 13:17:44 | Attr = ]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [HKLM] -> %ProgramFiles%\FlashGet\jccatch.dll [FGCatchUrl] -> www.flashget.com [Ver = 1, 8, 1, 1006 | Size = 75528 bytes | Modified Date = 2007-01-29 19:46:54 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 2005-05-31 01:04:00 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 2007-03-14 03:43:40 | Attr = ]
{F156768E-81EF-470C-9057-481BA8380DBA} [HKLM] -> %ProgramFiles%\FlashGet\getflash.dll [FlashGet GetFlash Class] -> www.flashget.com [Ver = 1, 8, 1, 1002 | Size = 136968 bytes | Modified Date = 2007-01-15 13:40:58 | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 2007-03-14 03:43:42 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 2007-03-14 03:43:40 | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -> %ProgramFiles%\FlashGet\flashget.exe [ButtonText: FlashGet] -> FlashGet.com [Ver = 1, 8, 2, 1002 | Size = 1716224 bytes | Modified Date = 2007-04-04 18:30:00 | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Download All with FlashGet -> %ProgramFiles%\FlashGet\JC_ALL.HTM -> [Ver = | Size = 575 bytes | Modified Date = 2000-02-06 13:06:06 | Attr = ]
&Download with FlashGet -> %ProgramFiles%\FlashGet\JC_LINK.HTM -> [Ver = | Size = 1898 bytes | Modified Date = 2006-10-27 13:43:20 | Attr = ]
E&xport to Microsoft Excel -> -> File not found
Send To &Bluetooth -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 1320 bytes | Modified Date = 2003-05-29 12:53:12 | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{2560F207-E176-4081-A284-4F014A82E0A4} -> () ->
{2EDEC8A8-CC09-4258-8173-00CC862B9629} -> (1394 Net Adapter) ->
{91204654-1078-4067-8E70-BFE60093F4DF} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{CB96AD34-28E5-448C-82A2-EEA94C792992} -> (Broadcom 802.11b/g WLAN) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
Protocol_Catalog9\Catalog_Entries\000000000001 -> %ProgramFiles%\panda software\panda internet security 2007\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 2006-09-08 10:24:44 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %ProgramFiles%\panda software\panda internet security 2007\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 2006-09-08 10:24:44 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %ProgramFiles%\panda software\panda internet security 2007\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 2006-09-08 10:24:44 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %ProgramFiles%\panda software\panda internet security 2007\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 2006-09-08 10:24:44 | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 26, 0 | Size = 1783384 bytes | Modified Date = 2006-11-01 14:21:20 | Attr = R ]
widimg -> %System32%\btxppanel.dll -> WIDCOMM, Inc. [Ver = 3.0.1.905 | Size = 110592 bytes | Modified Date = 2004-06-02 16:16:20 | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> Office Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/e/7.../OGAControl.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab ->
{14C1B87C-3342-445F-9B5E-365FF330A3AC} -> Hewlett-Packard Online Support Services - CodeBase = http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/8/3...heckControl.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{DE22A7AB-A739-4C58-AD52-21F9CD6306B7} -> CTAdjust Class - CodeBase = http://download.microsoft.com/download/7/E...04/clearadj.cab ->


[Files/Folders - Created Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2007-05-19 11:34:54 | Attr = ]
ComboFix.txt.bat -> %SystemDrive%\ComboFix.txt.bat -> [Ver = | Size = 64 bytes | Created Date = 2007-05-19 11:35:25 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535351296 bytes | Created Date = 1601-01-02 14:00:00 | Attr = HS]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2007-05-19 11:41:21 | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 2007-05-18 22:53:30 | Attr = ]
~GLHTTP1.TMP -> %SystemDrive%\~GLHTTP1.TMP -> [Ver = | Size = 0 bytes | Created Date = 2007-05-09 17:48:59 | Attr = ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 2007-05-09 12:16:14 | Attr = H ]
SSINST.INF -> %SystemRoot%\SSINST.INF -> [Ver = | Size = 41966 bytes | Created Date = 2007-05-04 10:08:24 | Attr = ]
enclss32.dll -> %System32%\enclss32.dll -> Siemens Subscriber Networks, Inc. [Ver = 1.0.0.1 | Size = 49152 bytes | Created Date = 2007-05-04 10:06:05 | Attr = ]
HUFFYUV.DLL -> %System32%\HUFFYUV.DLL -> Disappearing Inc. [Ver = 2.1.1 | Size = 33280 bytes | Created Date = 2007-05-18 20:26:18 | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 2007-05-09 12:33:14 | Attr = ]
shctxex.dll -> %System32%\shctxex.dll -> [Ver = 1, 0, 0, 0 | Size = 17408 bytes | Created Date = 2007-05-11 14:51:16 | Attr = ]
enethusb.sys -> %System32%\drivers\enethusb.sys -> Siemens Subscriber Networks, Inc. [Ver = 2.4.0.65 | Size = 28857 bytes | Created Date = 2007-05-04 10:08:44 | Attr = ]
vvbeth.sys -> %System32%\drivers\vvbeth.sys -> Efficient Networks [Ver = 1.0.0.10 | Size = 15332 bytes | Created Date = 2007-05-04 10:08:27 | Attr = ]
vvbetht.sys -> %System32%\drivers\vvbetht.sys -> Virata [Ver = 8.00.0.25 | Size = 15309 bytes | Created Date = 2007-05-04 10:08:27 | Attr = ]
vvbususb.sys -> %System32%\drivers\vvbususb.sys -> Virata [Ver = 8.00.0.25 | Size = 50911 bytes | Created Date = 2007-05-04 10:08:27 | Attr = ]
vvpciusb.sys -> %System32%\drivers\vvpciusb.sys -> Efficient Networks [Ver = 1.0.0.10 | Size = 50934 bytes | Created Date = 2007-05-04 10:08:27 | Attr = ]

[Files/Folders - Modified Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2007-05-19 11:50:40 | Attr = ]
ComboFix.txt.bat -> %SystemDrive%\ComboFix.txt.bat -> [Ver = | Size = 64 bytes | Modified Date = 2007-05-19 11:35:26 | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 2007-05-07 08:59:28 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535351296 bytes | Modified Date = 2007-05-23 14:40:26 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2007-05-19 15:49:46 | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2007-05-19 11:41:22 | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2007-05-18 22:52:48 | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 2007-05-18 23:28:06 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2007-05-23 10:10:16 | Attr = ]
~GLHTTP1.TMP -> %SystemDrive%\~GLHTTP1.TMP -> [Ver = | Size = 0 bytes | Modified Date = 2007-05-09 18:03:26 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2007-05-09 12:16:34 | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 2007-05-09 12:16:18 | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2007-05-23 14:40:40 | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2007-05-18 21:49:16 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2007-05-09 12:33:18 | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2007-05-18 20:22:58 | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2007-05-05 12:49:42 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-05-18 20:29:04 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2007-05-22 18:11:30 | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2007-05-20 17:27:08 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 2007-05-20 17:59:06 | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 2007-05-04 20:41:42 | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 478 bytes | Modified Date = 2007-05-05 13:14:30 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2007-05-23 14:13:48 | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2007-05-09 18:06:32 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 2007-05-23 14:45:54 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2007-05-19 11:44:02 | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2007-05-23 10:32:04 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2007-05-23 14:41:00 | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2007-05-23 14:47:28 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 2007-05-09 18:07:00 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2007-05-09 12:16:58 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 2007-05-23 14:44:18 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 186608 bytes | Modified Date = 2007-05-18 22:15:12 | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 2007-05-09 12:33:16 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 53166 bytes | Modified Date = 2007-05-05 12:52:50 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 380918 bytes | Modified Date = 2007-05-05 12:52:50 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 439528 bytes | Modified Date = 2007-05-05 12:52:50 | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 2007-05-18 22:53:22 | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 2007-05-09 18:06:32 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2007-05-23 14:43:50 | Attr = ]
APPFCONT.DAT -> %System32%\drivers\APPFCONT.DAT -> [Ver = | Size = 170244 bytes | Modified Date = 2007-05-23 14:06:26 | Attr = ]
APPFLTR.CFG -> %System32%\drivers\APPFLTR.CFG -> [Ver = | Size = 1132 bytes | Modified Date = 2007-05-23 14:43:04 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 2007-05-19 11:49:26 | Attr = ]
wnmsav.dat -> %System32%\drivers\wnmsav.dat -> [Ver = | Size = 0 bytes | Modified Date = 2007-05-09 17:50:24 | Attr = ]
DsaFlt.cfg -> %System32%\drivers\etc\DsaFlt.cfg -> [Ver = | Size = 4 bytes | Modified Date = 2007-05-23 14:43:56 | Attr = ]
DsaFlt.rls -> %System32%\drivers\etc\DsaFlt.rls -> [Ver = | Size = 272784 bytes | Modified Date = 2007-05-23 14:43:56 | Attr = ]
IdsFlt.cfg -> %System32%\drivers\etc\IdsFlt.cfg -> [Ver = | Size = 200 bytes | Modified Date = 2007-05-23 14:43:44 | Attr = ]
NetAR.wlt -> %System32%\drivers\etc\NetAR.wlt -> [Ver = | Size = 20 bytes | Modified Date = 2007-05-23 14:42:42 | Attr = ]
NetAV.alt -> %System32%\drivers\etc\NetAV.alt -> [Ver = | Size = 1504 bytes | Modified Date = 2007-05-23 14:42:26 | Attr = ]
NetFlt.cfg -> %System32%\drivers\etc\NetFlt.cfg -> [Ver = | Size = 12 bytes | Modified Date = 2007-05-23 14:43:18 | Attr = ]
NetPcap.cfg -> %System32%\drivers\etc\NetPcap.cfg -> [Ver = | Size = 3464 bytes | Modified Date = 2007-05-23 14:40:08 | Attr = ]
SmsFlt.cfg -> %System32%\drivers\etc\SmsFlt.cfg -> [Ver = | Size = 4 bytes | Modified Date = 2007-05-23 14:43:18 | Attr = ]
WnmFlt.cfg -> %System32%\drivers\etc\WnmFlt.cfg -> [Ver = | Size = 4 bytes | Modified Date = 2007-05-23 14:43:18 | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 2004-08-04 22:00:00 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 2007-02-23 14:25:20 | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 2006-11-15 17:24:06 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2004-08-04 22:00:00 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 2004-08-04 22:00:00 | Attr = ]

< End of report >

Edited by thisismak, 23 May 2007 - 12:13 AM.


#15 tink536

tink536

    **pixie in training**


  • Members
  • 1,853 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Honolulu, Hawaii
  • Local time:04:36 PM

Posted 24 May 2007 - 03:05 AM

Hi Mak,

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
YN -> {9652C062-F273-414C-B3DF-23FF4FADED88} [HKLM] -> Reg Data - Key not found [] -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
YN -> {2560F207-E176-4081-A284-4F014A82E0A4} -> () ->
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

Posted Image
Posted Image
I search for Sjogrens Syndrome Foundation...Who will you search for?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users