Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud Toolbar Removal


  • This topic is locked This topic is locked
7 replies to this topic

#1 micheleinvirginia

micheleinvirginia

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 19 May 2007 - 04:22 PM

I am now unable to d/l anythingrom the internet, so I was not able to install a firewall or McAfee AVERT Stinger.I even changed my settings to allow d/l but I still can't. I think my keyboard is affected somehow because my words nt all type out either. So happy to have found this forum.. thanto anyone that can help me!!

Logfile of HijackThis v1.99.1
Scan saved at 5:11:11 PM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\IDAILY~1\iDD.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user1\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\bywxvw.dll",realset
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [iDailyDiary] C:\PROGRA~1\IDAILY~1\iDD.exe /LOGMIN
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5B4BE4E-9B76-430F-9174-1481C37A2BC6}: NameServer = 207.69.188.187 207.69.188.186
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 19 May 2007 - 04:59 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.

Using My Computer/Windows Explorer, navigate to where you have HJT saved.
Right-click on the hijackthis.exe file.
Select "Rename", call it fluffybunny and press enter.
Use fluffybunny.exe from now on.

You are running MyWebSearch (or MyBar). Although not technically malware, it is thought to be bad by many experts and it will bring malware with it. There are safer alternatives available such as the Google toolbar. My Web Search also known as the My Way Speedbar is the Internet Explorer toolbar part of the Fun Web Products suite of utilities such as Smiley Central, Cursor Mania, My Mail Stationary, My Mail Signature, PopSwatter, Popular Screensavers, and the My Way website portal. The toolbar allows easy access to search engine results and a 404 Error Redirector called My Total Search among other things to your browser. This is not to be confused with the IBIS Web Search toolbar. MyWay is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking. It reports your surfing activity anonymously to MyWay affiliates, helping them to serve targeted advertising to you. As a BHO, MyWay shares the memory that your browser uses, detects events, creates additional windows while you are surfing, and monitors your activity. When a new browser window is opened, MyWay will send a configuration request about 5k in size.
Although none of these products claim to be spyware, they do slow your computer down. All of the products use cookies to track usage, although they claim not to use cookies or anything else to track personally identifiable information. That being said, I would still recommend uninstalling the toolbar and other Fun Web Products if you feel your computer runs better without them. They are found by most spyware removal tools such as Spybot Search and Destroy, Lavasoft Ad-Aware.
If you want to get rid of this program, removal instructions can be found here.

Please download VundoFix to your Desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove.
VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please include VundoFix.txt and a new HijackThis log in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 micheleinvirginia

micheleinvirginia
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 19 May 2007 - 07:06 PM

Thank you but how d I download? I get a popup that tells me I cant. "Your current security setting do not allow this file to be downloaded"

#4 micheleinvirginia

micheleinvirginia
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 19 May 2007 - 08:11 PM

I was able to change my settings so I could download VundoFix.

The VundoFix log:


VundoFix V6.3.23

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:28:59 PM 5/19/2007

Listing files found while scanning....

C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\csxovhlv.ini
C:\WINDOWS\system32\dxxusnpp.dll
C:\WINDOWS\system32\dyhoekcx.dll
C:\WINDOWS\system32\erqgptmc.dll
C:\WINDOWS\system32\fccayaa.dll
C:\WINDOWS\system32\gfgvdxfq.dll
C:\WINDOWS\system32\hfqhrjtj.dll
C:\WINDOWS\system32\huwyawxy.dll
C:\WINDOWS\system32\ixfsnfdw.dll
C:\WINDOWS\system32\jdvgqern.dll
C:\WINDOWS\system32\kwxbcyqx.dll
C:\WINDOWS\system32\kxpcsxnd.dll
C:\WINDOWS\system32\kyfyaaxm.dll
C:\WINDOWS\system32\lkwnlyeo.dll
C:\WINDOWS\system32\lscmarph.dll
C:\WINDOWS\system32\mcial32.dll
C:\WINDOWS\system32\mipdarht.dll
C:\WINDOWS\system32\mxaayfyk.ini
C:\WINDOWS\system32\ogciicve.dll
C:\WINDOWS\system32\pmnlihi.dll
C:\WINDOWS\system32\ppnsuxxd.ini
C:\WINDOWS\system32\reminttw.dll
C:\WINDOWS\system32\rtvwa.bak1
C:\WINDOWS\system32\rtvwa.bak2
C:\WINDOWS\system32\rtvwa.ini
C:\WINDOWS\system32\rtvwa.ini2
C:\WINDOWS\system32\rtvwa.tmp
C:\WINDOWS\system32\ryqefrih.dll
C:\WINDOWS\system32\synemgor.dll
C:\WINDOWS\system32\tmp122.tmp.dll
C:\WINDOWS\system32\tmp227.tmp.dll
C:\WINDOWS\system32\tmp94.tmp.dll
C:\WINDOWS\system32\tmpE5.tmp.dll
C:\WINDOWS\system32\vlhvoxsc.dll
C:\WINDOWS\system32\wqfhwiam.dll
C:\WINDOWS\system32\ximbfwxm.dll
C:\WINDOWS\system32\ygddfysy.ini
C:\WINDOWS\system32\ysyfddgy.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\awvtr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\csxovhlv.ini
C:\WINDOWS\system32\csxovhlv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\dxxusnpp.dll
C:\WINDOWS\system32\dxxusnpp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dyhoekcx.dll
C:\WINDOWS\system32\dyhoekcx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\erqgptmc.dll
C:\WINDOWS\system32\erqgptmc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccayaa.dll
C:\WINDOWS\system32\fccayaa.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\gfgvdxfq.dll
C:\WINDOWS\system32\gfgvdxfq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hfqhrjtj.dll
C:\WINDOWS\system32\hfqhrjtj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\huwyawxy.dll
C:\WINDOWS\system32\huwyawxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ixfsnfdw.dll
C:\WINDOWS\system32\ixfsnfdw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jdvgqern.dll
C:\WINDOWS\system32\jdvgqern.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kwxbcyqx.dll
C:\WINDOWS\system32\kwxbcyqx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kxpcsxnd.dll
C:\WINDOWS\system32\kxpcsxnd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kyfyaaxm.dll
C:\WINDOWS\system32\kyfyaaxm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lkwnlyeo.dll
C:\WINDOWS\system32\lkwnlyeo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lscmarph.dll
C:\WINDOWS\system32\lscmarph.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mcial32.dll
C:\WINDOWS\system32\mcial32.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mipdarht.dll
C:\WINDOWS\system32\mipdarht.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mxaayfyk.ini
C:\WINDOWS\system32\mxaayfyk.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ogciicve.dll
C:\WINDOWS\system32\ogciicve.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnlihi.dll
C:\WINDOWS\system32\pmnlihi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ppnsuxxd.ini
C:\WINDOWS\system32\ppnsuxxd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\reminttw.dll
C:\WINDOWS\system32\reminttw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtvwa.bak1
C:\WINDOWS\system32\rtvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtvwa.bak2
C:\WINDOWS\system32\rtvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtvwa.ini
C:\WINDOWS\system32\rtvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtvwa.ini2
C:\WINDOWS\system32\rtvwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtvwa.tmp
C:\WINDOWS\system32\rtvwa.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\ryqefrih.dll
C:\WINDOWS\system32\ryqefrih.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\synemgor.dll
C:\WINDOWS\system32\synemgor.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tmp122.tmp.dll
C:\WINDOWS\system32\tmp122.tmp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tmp227.tmp.dll
C:\WINDOWS\system32\tmp227.tmp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tmp94.tmp.dll
C:\WINDOWS\system32\tmp94.tmp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tmpE5.tmp.dll
C:\WINDOWS\system32\tmpE5.tmp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vlhvoxsc.dll
C:\WINDOWS\system32\vlhvoxsc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wqfhwiam.dll
C:\WINDOWS\system32\wqfhwiam.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ximbfwxm.dll
C:\WINDOWS\system32\ximbfwxm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ygddfysy.ini
C:\WINDOWS\system32\ygddfysy.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ysyfddgy.dll
C:\WINDOWS\system32\ysyfddgy.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.23

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:40:56 PM 5/19/2007

Listing files found while scanning....

C:\WINDOWS\system32\fccayaa.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fccayaa.dll
C:\WINDOWS\system32\fccayaa.dll Has been deleted!

Performing Repairs to the registry.
Done!



and the HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 8:55:11 PM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\IDAILY~1\iDD.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Documents and Settings\user1\Desktop\hijackthis\fluffybunny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\nnljouwq.dll
O2 - BHO: (no name) - {9167597D-F650-4F1B-A6B4-6B94636F50DE} - C:\WINDOWS\system32\awvtr.dll (file missing)
O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp15.tmp.dll
O2 - BHO: (no name) - {A65DC44B-DAA8-417F-96D3-719E0CA0FABd} - C:\WINDOWS\system32\otmuripw.dll
O2 - BHO: (no name) - {A84A28D3-FBF7-458F-ACAE-7F838404CA7D} - C:\WINDOWS\system32\mcial32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\bywxvw.dll",realset
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [iDailyDiary] C:\PROGRA~1\IDAILY~1\iDD.exe /LOGMIN
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


I havent removed the Mywebsearch yet but I plan to next. Thanks so much for your time :thumbsup: I dont know what I would do without this forum!

#5 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 20 May 2007 - 08:15 AM

Hello again, it looks like there's still a few bits of malware that need dealing with. Make sure you don't forget to remove MyWebSearch and delete the folder associated with it: C:\Program Files\MyWaySA

Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Please download ATF Cleaner to your Desktop.
Don't run it yet.

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\nnljouwq.dll
O2 - BHO: (no name) - {9167597D-F650-4F1B-A6B4-6B94636F50DE} - C:\WINDOWS\system32\awvtr.dll (file missing)
O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp15.tmp.dll
O2 - BHO: (no name) - {A65DC44B-DAA8-417F-96D3-719E0CA0FABd} - C:\WINDOWS\system32\otmuripw.dll
O2 - BHO: (no name) - {A84A28D3-FBF7-458F-ACAE-7F838404CA7D} - C:\WINDOWS\system32\mcial32.dll (file missing)
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\bywxvw.dll",realset
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix checked button.

Please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Set your system to show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Next, please find and delete the following files/folders (if present):

C:\WINDOWS\system32\nnljouwq.dll
C:\WINDOWS\system32\tmp15.tmp.dll
C:\WINDOWS\system32\otmuripw.dll
C:\WINDOWS\bywxvw.dll

Double click ATF-Cleaner.exe to run the program.
Under Main choose Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose Select All
Click the Empty Selected button.
Note: If you would like to keep your saved passwords, please click "No" at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
Note: If you would like to keep your saved passwords, please click "No" at the prompt.

Click Exit on the main menu to close the program.

Reboot into Normal Mode again.

Please run Panda's ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open, click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan has finished - if anything malicious is found - click the See Report button.
Click Save Report and save the file to your Desktop, so you can post this log in your next reply.

Scan again with HijackThis and post back with the log it creates, along with the Panda scan report.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#6 micheleinvirginia

micheleinvirginia
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 20 May 2007 - 10:14 AM

I still cannot figure out how to do the Myway removal.
I dont want to skip any steps that are important, but this link is not working:

If you decide to do this, back up your registry first:
Deleting a registry key and backing up registry (withscreen shots):
http://vil.nai.com/vil/systemhelpdocs/RegDel.htm


Is it ok to run the regsrch without doing this or is there another place that explains how??

Results of the Panda scan:


Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\user1\Desktop\hijackthis\backups\backup-20070520-094015-249.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\user1\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\user1\Desktop\SmitfraudFix\restart.exe
Virus:Trj/Downloader.NZR Disinfected C:\Documents and Settings\user1\Local Settings\Temp\tmp14.tmp.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\dxxusnpp.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\dyhoekcx.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\erqgptmc.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\fccayaa.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\gfgvdxfq.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\hfqhrjtj.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\huwyawxy.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ixfsnfdw.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\jdvgqern.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\kwxbcyqx.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\kxpcsxnd.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\kyfyaaxm.dll.bad
Virus:Trj/Agent.EAZ Disinfected C:\VundoFix Backups\lkwnlyeo.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\lscmarph.dll.bad
Virus:Trj/ConHook.BK Disinfected C:\VundoFix Backups\mcial32.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\mipdarht.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ogciicve.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\pmnlihi.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\reminttw.dll.bad
Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\ryqefrih.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\synemgor.dll.bad
Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\tmp122.tmp.dll.bad
Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\tmp227.tmp.dll.bad
Virus:Trj/Metanu.A Disinfected C:\VundoFix Backups\tmpE5.tmp.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\vlhvoxsc.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\wqfhwiam.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ximbfwxm.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ysyfddgy.dll.bad
Virus:W32/Lovgate.CH.worm Disinfected C:\WINDOWS\awutqo.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\iifgee.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\khggfg.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\qonllj.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\qopqqq.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\aaemobpl.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\adglprtn.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\aycndfqg.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\biarfhse.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\enqfntww.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\fhxpjrmn.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\gpkgndwl.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hdvtxytv.dll
Virus:Trj/Agent.EAZ Disinfected C:\WINDOWS\system32\hyjkdubb.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\kcmocnjm.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ofmkxkem.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\pgtrqgss.dll
Adware:Adware/WebSearch Not disinfected C:\WINDOWS\system32\tmp10.tmp.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\system32\tmp106.tmp.dll
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\tmp10F.tmp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tmp12.tmp.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\system32\tmp12C.tmp.dll
Adware:Adware/WebSearch Not disinfected C:\WINDOWS\system32\tmp13.tmp.dll
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\tmp130.tmp.dll
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\tmp132.tmp.dll
Virus:Trj/Metanu.A Disinfected C:\WINDOWS\system32\tmp14.tmp.dll
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\tmp141.tmp.dll
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\tmp15C.tmp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tmp16.tmp.dll
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\tmp185.tmp.dll
Virus:Trj/Metanu.A Disinfected C:\WINDOWS\system32\tmp19.tmp.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\system32\tmp1B.tmp.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\system32\tmp1BC.tmp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tmp1D9.tmp.dll
Adware:Adware/WebSearch Not disinfected C:\WINDOWS\system32\tmp1E.tmp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tmp223.tmp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tmp25.tmp.dll
Virus:Trj/Metanu.A Disinfected C:\WINDOWS\system32\tmp254.tmp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tmp2A.tmp.dll
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\tmp2C5.tmp.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\system32\tmp3B4.tmp.dll
Adware:Adware/WebSearch Not disinfected C:\WINDOWS\system32\tmp45.tmp.dll
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\tmp4A.tmp.dll
Adware:Adware/WebSearch Not disinfected C:\WINDOWS\system32\tmp588.tmp.dll
Virus:Trj/Metanu.A Disinfected C:\WINDOWS\system32\tmp74.tmp.dll
Adware:Adware/WebSearch Not disinfected C:\WINDOWS\system32\tmp7F.tmp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tmp7F2.tmp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tmp83.tmp.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\system32\tmpA8.tmp.dll
Adware:Adware/WebSearch Not disinfected C:\WINDOWS\system32\tmpAA.tmp.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\system32\tmpAF.tmp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tmpC.tmp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tmpC3.tmp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tmpCF.tmp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tmpD.tmp.dll
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\tmpDEF.tmp.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\system32\tmpEA.tmp.dll
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\tmpFF.tmp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wdablahl.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wlhfnsgp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xehwkpfh.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xlygjlpn.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xnqbpjev.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\wvwuuv.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\xxyywt.dll


Results of HJT:

Logfile of HijackThis v1.99.1
Scan saved at 11:06:36 AM, on 5/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\IDAILY~1\iDD.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user1\Desktop\hijackthis\fluffybunny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [iDailyDiary] C:\PROGRA~1\IDAILY~1\iDD.exe /LOGMIN
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5B4BE4E-9B76-430F-9174-1481C37A2BC6}: NameServer = 66.174.95.44 66.174.92.14
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

#7 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 20 May 2007 - 01:56 PM

Another way of backing up your registry it to do this:
Navigate to Start | Run and paste the following:
regedit /e c:\registrybackup.reg
Now click OK
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

It looks like there are lots more Vundo files present on your computer, so please scan again with Vundofix and post back the log it creates.
Please download VirtumundoBeGone.exe and save the file to your Desktop.
  • Close ALL running programs including your Internet Browser.
  • Double-click VirtumundoBeGone.exe to launch.
  • Read the introductory information, and then click "Continue".
  • Click "Start".
  • When asked if you want to continue, click "Yes" to run the fix.
  • Do not worry if you see a BLUE SCREEN "Fatal Error" Message, it is normal and expected.
  • When finished it will create a log named VBG.TXT on your desktop.
  • Reboot your PC and post the VBG.TXT along with a fresh HijackThis log and the Vundofix.txt in your next reply.
Thanks,
Charles

Edited by rookie147, 20 May 2007 - 01:57 PM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 29 May 2007 - 06:01 AM

Due to lack of feedback, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users