Anton.B 0 Report post Posted November 17, 2007 Hi guys, I have scanned my comp and just keep coming up with with Zlob trojandownloader....help pls Share this post Link to post Share on other sites
noahdfear 0 Report post Posted November 17, 2007 Welcome to the Lavasoft Support Forums Anton Please post the latest scan log so we can see what's being detected. Share this post Link to post Share on other sites
Anton.B 0 Report post Posted November 18, 2007 Welcome to the Lavasoft Support Forums Anton Please post the latest scan log so we can see what's being detected. Tx Noadfear, here is my latest hijackthis log, I've sent the adaware log as an attchment. Thanks Anton Ad-Aware SE Build 1.06r1 Logfile Created on:Sunday, 18 November 2007 12:32:47 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R202 12.11.2007 ??????????????????????????????????????????????????? References detected during the scan: ??????????????????????????????????????? MRU List(TAC index:0):11 total references Win32.Trojandownloader.Zlob(TAC index:10):7 total references ??????????????????????????????????????? Definition File: ========================= Definitions File Loaded: Reference Number : SE1R202 12.11.2007 Internal build : 245 File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 1871318 Bytes Total size : 6874979 Bytes Signature data size : 6829259 Bytes Reference data size : 45208 Bytes Signatures total : 174383 CSI Fingerprints total : 11211 CSI data size : 752065 Bytes Target categories : 15 Target families : 1333 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium III Memory available:55 % Total physical memory:1048048 kb Available physical memory:566636 kb Total page file size:2996928 kb Available on page file:2637660 kb Total virtual memory:2097024 kb Available virtual memory:2008004 kb OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 18-11-2007 12:32:47 AM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Dad\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\Dad\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : S-1-5-21-1085031214-688789844-725345543-1003\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-1085031214-688789844-725345543-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1085031214-688789844-725345543-1003\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1085031214-688789844-725345543-1003\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-1085031214-688789844-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1085031214-688789844-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-1085031214-688789844-725345543-1003\software\nvidia corporation\global\nview\windowmanagement Description : nvidia nview cached application window positions Listing running processes ?????????????????????????????????????? #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 480 ThreadCreationTime : 17-11-2007 12:54:21 PM BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 536 ThreadCreationTime : 17-11-2007 12:54:23 PM BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 560 ThreadCreationTime : 17-11-2007 12:54:24 PM BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 612 ThreadCreationTime : 17-11-2007 12:54:25 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 624 ThreadCreationTime : 17-11-2007 12:54:25 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch ProcessID : 804 ThreadCreationTime : 17-11-2007 12:54:33 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 908 ThreadCreationTime : 17-11-2007 12:54:36 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 944 ThreadCreationTime : 17-11-2007 12:54:37 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup ProcessID : 1032 ThreadCreationTime : 17-11-2007 12:54:39 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService ProcessID : 1088 ThreadCreationTime : 17-11-2007 12:54:41 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService ProcessID : 1120 ThreadCreationTime : 17-11-2007 12:54:42 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [aswupdsv.exe] ModuleName : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe Command Line : "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" ProcessID : 1160 ThreadCreationTime : 17-11-2007 12:54:46 PM BasePriority : Normal FileVersion : 4, 7, 1043, 0 ProductVersion : 4, 7, 0, 0 ProductName : avast! Antivirus CompanyName : ALWIL Software FileDescription : avast! Antivirus updating service InternalName : aswUpdSv.exe LegalCopyright : Copyright © 2007 ALWIL Software OriginalFilename : aswUpdSv.exe #:13 [ashserv.exe] ModuleName : C:\Program Files\Alwil Software\Avast4\ashServ.exe Command Line : "C:\Program Files\Alwil Software\Avast4\ashServ.exe" ProcessID : 1208 ThreadCreationTime : 17-11-2007 12:54:46 PM BasePriority : High FileVersion : 4, 7, 1043, 0 ProductVersion : 4, 7, 0, 0 ProductName : avast! Antivirus CompanyName : ALWIL Software FileDescription : avast! antivirus service InternalName : aswServ LegalCopyright : Copyright © 2007 ALWIL Software OriginalFilename : aswServ.exe #:14 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 1384 ThreadCreationTime : 17-11-2007 12:54:52 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:15 [applemobiledeviceservice.exe] ModuleName : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe Command Line : "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" ProcessID : 1480 ThreadCreationTime : 17-11-2007 12:54:55 PM BasePriority : Normal FileVersion : 1, 14, 0, 0 ProductVersion : 1, 14, 0, 0 ProductName : Apple Mobile Device Service CompanyName : Apple, Inc. FileDescription : Apple Mobile Device Service InternalName : usbaapld LegalCopyright : Copyright 2007 Apple, Inc. All Rights Reserved. OriginalFilename : usbmuxd.exe #:16 [btwdins.exe] ModuleName : C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe Command Line : "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ProcessID : 1508 ThreadCreationTime : 17-11-2007 12:54:55 PM BasePriority : Normal FileVersion : 1.4.2 Build 10 ProductVersion : 1.4.2 Build 10 ProductName : Bluetooth Software 1.4.2 Build 10 CompanyName : WIDCOMM, Inc. FileDescription : Bluetooth Support Server InternalName : BTWDIns LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003. OriginalFilename : BTWDIns.EXE #:17 [devsvc.exe] ModuleName : C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe Command Line : "C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe" ProcessID : 1520 ThreadCreationTime : 17-11-2007 12:54:55 PM BasePriority : Normal FileVersion : 1.0.0.1 ProductVersion : 1.0.0.1 ProductName : Capture Device Service CompanyName : InterVideo Inc. FileDescription : Capture Device Service InternalName : DevSvc.exe LegalCopyright : InterVideo© Inc. All rights reserved. OriginalFilename : DevSvc.exe #:18 [cisvc.exe] ModuleName : C:\WINDOWS\system32\cisvc.exe Command Line : C:\WINDOWS\system32\cisvc.exe ProcessID : 1540 ThreadCreationTime : 17-11-2007 12:54:58 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Content Index service InternalName : cisvc.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : cisvc.exe #:19 [ctsvccda.exe] ModuleName : C:\WINDOWS\system32\CTSvcCDA.EXE Command Line : C:\WINDOWS\system32\CTSvcCDA.EXE ProcessID : 1556 ThreadCreationTime : 17-11-2007 12:54:58 PM BasePriority : Normal FileVersion : 1.0.1.0 ProductVersion : 1.0.0.0 ProductName : Creative Service for CDROM Access CompanyName : Creative Technology Ltd FileDescription : Creative Service for CDROM Access InternalName : CTsvcCDAEXE LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved. OriginalFilename : CTsvcCDA.EXE #:20 [kodakccs.exe] ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe Command Line : C:\WINDOWS\system32\drivers\KodakCCS.exe ProcessID : 1708 ThreadCreationTime : 17-11-2007 12:55:04 PM BasePriority : Normal FileVersion : 1.1.4900.0 ProductVersion : 4.3.1.0 ProductName : Kodak DC File System Driver (Win32) CompanyName : Eastman Kodak Company FileDescription : Kodak DC Ring 3 Conduit (Win32) InternalName : DcFsSvc.exe LegalCopyright : Copyright © Eastman Kodak Co. 2000-2003 OriginalFilename : DcFsSvc.exe #:21 [lssrvc.exe] ModuleName : C:\Program Files\Common Files\LightScribe\LSSrvc.exe Command Line : "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" ProcessID : 1744 ThreadCreationTime : 17-11-2007 12:55:05 PM BasePriority : Normal FileVersion : 1.4.124.1 ProductName : LightScribe CompanyName : Hewlett-Packard Company LegalCopyright : ? Copyright 2003-2006 Hewlett-Packard Development Company, LP OriginalFilename : LSSrvc.exe #:22 [mdm.exe] ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" ProcessID : 1768 ThreadCreationTime : 17-11-2007 12:55:06 PM BasePriority : Normal FileVersion : 7.00.9466 ProductVersion : 7.00.9466 ProductName : Microsoft? Visual Studio .NET CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : mdm.exe #:23 [csfiremon.exe] ModuleName : C:\Program Files\CS Fire Monitor\CSFireMon.exe Command Line : "C:\Program Files\CS Fire Monitor\CSFireMon.exe" /service ProcessID : 1816 ThreadCreationTime : 17-11-2007 12:55:07 PM BasePriority : High FileVersion : 2.05.0005 ProductVersion : 2.05.0005 ProductName : CS Fire Monitor CompanyName : Crofts Software FileDescription : CS Fire Monitor InternalName : CSFireMon LegalCopyright : Copyright ?? 1999-2005 Crofts Software OriginalFilename : CSFireMon.exe #:24 [nvsvc32.exe] ModuleName : C:\WINDOWS\system32\nvsvc32.exe Command Line : C:\WINDOWS\system32\nvsvc32.exe ProcessID : 1836 ThreadCreationTime : 17-11-2007 12:55:07 PM BasePriority : Normal FileVersion : 6.14.10.6631 ProductVersion : 6.14.10.6631 ProductName : NVIDIA Driver Helper Service, Version 66.31 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 66.31 InternalName : NVSVC LegalCopyright : © NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:25 [scsiaccess.exe] ModuleName : C:\WINDOWS\system32\ScsiAccess.EXE Command Line : C:\WINDOWS\system32\ScsiAccess.EXE ProcessID : 1888 ThreadCreationTime : 17-11-2007 12:55:10 PM BasePriority : Normal #:26 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost.exe -k imgsvc ProcessID : 1916 ThreadCreationTime : 17-11-2007 12:55:10 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:27 [ulcdrsvr.exe] ModuleName : C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe Command Line : "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ProcessID : 1980 ThreadCreationTime : 17-11-2007 12:55:14 PM BasePriority : Normal FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 5 ProductName : Ulead Systems ULCDRSvr CompanyName : Ulead Systems, Inc. FileDescription : ULCDRSvr InternalName : ULCDRSvr LegalCopyright : Copyright c 2002 Ulead Systems, Inc. OriginalFilename : ULCDRSvr.exe #:28 [ustorsrv.exe] ModuleName : C:\WINDOWS\system32\UStorSrv.exe Command Line : C:\WINDOWS\system32\UStorSrv.exe /Service ProcessID : 2032 ThreadCreationTime : 17-11-2007 12:55:16 PM BasePriority : Normal FileVersion : 1, 1, 1, 4 ProductVersion : 1, 1, 1, 4 ProductName : OTi Content Service CompanyName : OTi FileDescription : OTi Content Service InternalName : UniCntSrvSvc LegalCopyright : Copyright © 2004 OriginalFilename : UniCntSrvSvc.EXE Comments : Build on 6/10/2003 #:29 [fxssvc.exe] ModuleName : C:\WINDOWS\system32\fxssvc.exe Command Line : C:\WINDOWS\system32\fxssvc.exe ProcessID : 264 ThreadCreationTime : 17-11-2007 12:55:18 PM BasePriority : Normal FileVersion : 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.2.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Fax Service InternalName : FXSSVC.EXE LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : FXSSVC.EXE #:30 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.EXE Command Line : C:\WINDOWS\Explorer.EXE ProcessID : 1716 ThreadCreationTime : 17-11-2007 12:55:26 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:31 [type32.exe] ModuleName : C:\Program Files\Microsoft Hardware\Keyboard\type32.exe Command Line : "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" ProcessID : 2200 ThreadCreationTime : 17-11-2007 12:55:33 PM BasePriority : Normal #:32 [atwtusb.exe] ModuleName : C:\WINDOWS\system32\atwtusb.exe Command Line : "C:\WINDOWS\system32\atwtusb.exe" beta ProcessID : 2208 ThreadCreationTime : 17-11-2007 12:55:33 PM BasePriority : Realtime FileVersion : 2, 15, 0, 0 ProductVersion : 1, 1, 0, 0 ProductName : Tablet HID CompanyName : Aiptek FileDescription : Tablet HID InternalName : Tablet LegalCopyright : Copyright © 1999 OriginalFilename : usbtablet.exe Comments : USB #:33 [ashdisp.exe] ModuleName : C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe Command Line : "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ProcessID : 2216 ThreadCreationTime : 17-11-2007 12:55:34 PM BasePriority : Normal FileVersion : 4, 7, 1043, 0 ProductVersion : 4, 7, 0, 0 ProductName : avast! Antivirus CompanyName : ALWIL Software FileDescription : avast! service GUI component InternalName : aswDisp LegalCopyright : Copyright © 2007 ALWIL Software OriginalFilename : aswDisp.exe #:34 [logmeinsystray.exe] ModuleName : C:\Program Files\LogMeIn\x86\LogMeInSystray.exe Command Line : "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" ProcessID : 2248 ThreadCreationTime : 17-11-2007 12:55:35 PM BasePriority : Normal FileVersion : 3.0.596 ProductVersion : 3.0.596 ProductName : LogMeIn CompanyName : LogMeIn, Inc. FileDescription : LogMeIn Desktop Application InternalName : LogMeInSystray LegalCopyright : Copyright ? 2003-2007 LogMeIn, Inc. US patents pending. OriginalFilename : LogMeInSystray.exe #:35 [svchost.exe] ModuleName : C:\WINDOWS\Fonts\svchost.exe Command Line : "C:\WINDOWS\Fonts\svchost.exe" ProcessID : 2308 ThreadCreationTime : 17-11-2007 12:55:38 PM BasePriority : Normal #:36 [jusched.exe] ModuleName : C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe Command Line : "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" ProcessID : 2348 ThreadCreationTime : 17-11-2007 12:55:38 PM BasePriority : Normal #:37 [rundll32.exe] ModuleName : C:\WINDOWS\system32\rundll32.exe Command Line : rundll32.exe nview.dll,nViewInitialize ProcessID : 2364 ThreadCreationTime : 17-11-2007 12:55:40 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Run a DLL as an App InternalName : rundll LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : RUNDLL.EXE #:38 [bttray.exe] ModuleName : C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe Command Line : "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ProcessID : 2460 ThreadCreationTime : 17-11-2007 12:55:46 PM BasePriority : Normal FileVersion : 1.4.2 Build 10 ProductVersion : 1.4.2 Build 10 ProductName : Bluetooth Software 1.4.2 Build 10 CompanyName : WIDCOMM, Inc. FileDescription : Bluetooth Tray Application InternalName : BTTray LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003. OriginalFilename : BTTray.exe #:39 [hpobnz08.exe] ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe" ProcessID : 2480 ThreadCreationTime : 17-11-2007 12:55:47 PM BasePriority : Normal FileVersion : 4.2.0.021 ProductVersion : 2.4.1.021 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet COM Device Objects InternalName : HPOBNZ08 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001 OriginalFilename : HPOBNZ08.EXE Comments : HP OfficeJet <Banzai> Series COM Device Objects #:40 [hpotdd01.exe] ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ProcessID : 2492 ThreadCreationTime : 17-11-2007 12:55:48 PM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Hewlett-Packard hpotdd01 CompanyName : Hewlett-Packard FileDescription : hpotdd01 InternalName : hpotdd01 LegalCopyright : Copyright ? 2002 OriginalFilename : hpotdd01.exe #:41 [ashmaisv.exe] ModuleName : C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe Command Line : "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service ProcessID : 2628 ThreadCreationTime : 17-11-2007 12:56:13 PM BasePriority : Normal #:42 [ashwebsv.exe] ModuleName : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe Command Line : "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service ProcessID : 2644 ThreadCreationTime : 17-11-2007 12:56:15 PM BasePriority : Normal #:43 [alg.exe] ModuleName : C:\WINDOWS\System32\alg.exe Command Line : C:\WINDOWS\System32\alg.exe ProcessID : 3100 ThreadCreationTime : 17-11-2007 12:56:41 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:44 [hpoevm08.exe] ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe" -Embedding ProcessID : 3108 ThreadCreationTime : 17-11-2007 12:56:42 PM BasePriority : Normal FileVersion : 4.2.0.021 ProductVersion : 2.4.1.021 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet COM Event Manager InternalName : HPOEVM08 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001 OriginalFilename : HPOEVM08.EXE Comments : HP OfficeJet COM Event Manager #:45 [hposts08.exe] ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe" /CtxID "#Hewlett-Packard#hp psc 2200 series#1125623360" /Startup ProcessID : 3292 ThreadCreationTime : 17-11-2007 12:57:00 PM BasePriority : Normal FileVersion : 4.2.0.021 ProductVersion : 2.4.1.021 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet Status InternalName : HPOSTS08 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001 OriginalFilename : HPOSTS08.EXE Comments : HP OfficeJet Status #:46 [cidaemon.exe] ModuleName : C:\WINDOWS\system32\cidaemon.exe Command Line : "cidaemon.exe" DownLevelDaemon "c:\system volume information\catalog.wci" 196672l 1540l ProcessID : 3748 ThreadCreationTime : 17-11-2007 1:02:06 PM BasePriority : Idle FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Indexing Service filter daemon InternalName : cidaemon.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : cidaemon.exe #:47 [wuauclt.exe] ModuleName : C:\WINDOWS\system32\wuauclt.exe Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[3b0]SUSDS9f92068832231944a4320cbf6fb745df ProcessID : 2836 ThreadCreationTime : 17-11-2007 1:28:00 PM BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:48 [ad-aware.exe] ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 2304 ThreadCreationTime : 17-11-2007 1:30:10 PM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright ? Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: ?????????????????????????????????????? New critical objects: 0 Objects found so far: 11 Started registry scan ?????????????????????????????????????? Win32.Trojandownloader.Zlob Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{11a69ae4-fbed-4832-a2bf-45af82825583} Win32.Trojandownloader.Zlob Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{a95b2816-1d7e-4561-a202-68c0de02353a} Win32.Trojandownloader.Zlob Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1085031214-688789844-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{11a69ae4-fbed-4832-a2bf-45af82825583} Win32.Trojandownloader.Zlob Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1085031214-688789844-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{a95b2816-1d7e-4561-a202-68c0de02353a} Win32.Trojandownloader.Zlob Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{a95b2816-1d7e-4561-a202-68c0de02353a} Win32.Trojandownloader.Zlob Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : "{11a69ae4-fbed-4832-a2bf-45af82825583}" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\toolbar Value : {11a69ae4-fbed-4832-a2bf-45af82825583} Registry Scan result: ?????????????????????????????????????? New critical objects: 6 Objects found so far: 17 Started deep registry scan ?????????????????????????????????????? Deep registry scan result: ?????????????????????????????????????? New critical objects: 0 Objects found so far: 17 Started Tracking Cookie scan ?????????????????????????????????????? Tracking cookie scan result: ?????????????????????????????????????? New critical objects: 0 Objects found so far: 17 Deep scanning and examining files (C:) ?????????????????????????????????????? Disk Scan Result for C:\ ?????????????????????????????????????? New critical objects: 0 Objects found so far: 17 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". ???????????????????????????????????????????????????????????????????????????? Hosts file scan result: ?????????????????????????????????????? 1 entries scanned. New critical objects:0 Objects found so far: 17 Performing conditional scans... ?????????????????????????????????????? Win32.Trojandownloader.Zlob Object Recognized! Type : File Data : tracking.log TAC Rating : 10 Category : Malware Comment : Object : c:\system volume information\ Conditional scan result: ?????????????????????????????????????? New critical objects: 1 Objects found so far: 18 1:57:15 AM Scan Complete Summary Of This Scan ?????????????????????????????????????? Total scanning time:01:24:27.94 Objects scanned:318651 Objects identified:7 Objects ignored:0 New critical objects:7 Adaware_Full_Scan.txt Share this post Link to post Share on other sites
Anton.B 0 Report post Posted November 18, 2007 --><div class='quotetop'>QUOTE(Anton.B @ Nov 18 2007, 12:09 PM) 61052[/snapback]</div><div class='quotemain'><!--quotec-->Tx Noadfear, here is my latest hijackthis log, I've sent the adaware log as an attchment. Thanks Anton Sorry about that Anton Logfile of HijackThis v1.99.1 Scan saved at 12:01:31 PM, on 18/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\WINDOWS\system32\atwtusb.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\CS Fire Monitor\CSFireMon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe C:\Documents and Settings\Dad\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [d48aeba1] rundll32.exe "C:\WINDOWS\system32\wqnfsxfb.dll",b O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Dad\Desktop\HijackThis.exe /startupscan O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?42def64ca47e412b8c501d922166e5af O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?42def64ca47e412b8c501d922166e5af O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125884139484 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00DB3BE.dat O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: CS Fire Monitor - Unknown owner - C:\Program Files\CS Fire Monitor\CSFireMonService.exe" -service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe hijackthis.log Share this post Link to post Share on other sites
noahdfear 0 Report post Posted November 18, 2007 Download VundoFix by Atribune, saving it to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HijackThis log in a reply to this thread. Note: It is possible that VundoFix encounters a file it could not remove. In this case, VundoFix will run on reboot. If that happens, follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting. Share this post Link to post Share on other sites
Anton.B 0 Report post Posted November 18, 2007 Hi Dave, I am re-sending this info ..got a gut feeling I messed up last time.... Vundo could not remove C:\windows\system32\_c00DB3BE.DAT (I tried 6 times). I've attached the logs you asked for previously. Cheers, and thanks. Anton Share this post Link to post Share on other sites
Anton.B 0 Report post Posted November 18, 2007 --> QUOTE(Anton.B @ Nov 18 2007, 09:36 PM) 61106[/snapback] Hi Dave, I am re-sending this info ..got a gut feeling I messed up last time.... Vundo could not remove C:\windows\system32\_c00DB3BE.DAT (I tried 6 times). I've attached the logs you asked for previously. Cheers, and thanks. Anton Sorry dave, sent you wrong file last time. Cheers VundoFix.txt VundoFix.txt Share this post Link to post Share on other sites
noahdfear 0 Report post Posted November 18, 2007 Please run a new scan with HijackThis and post the log. Share this post Link to post Share on other sites
Anton.B 0 Report post Posted November 18, 2007 Please run a new scan with HijackThis and post the log. New HJT log attached Logfile of HijackThis v1.99.1 Scan saved at 6:26:57 AM, on 19/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CS Fire Monitor\CSFireMon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\atwtusb.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Documents and Settings\Dad\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [d48aeba1] rundll32.exe "C:\WINDOWS\system32\wqnfsxfb.dll",b O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Dad\Desktop\HijackThis.exe /startupscan O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?42def64ca47e412b8c501d922166e5af O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?42def64ca47e412b8c501d922166e5af O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125884139484 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A6484.dat O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: CS Fire Monitor - Unknown owner - C:\Program Files\CS Fire Monitor\CSFireMonService.exe" -service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe hijackthis.log Share this post Link to post Share on other sites
noahdfear 0 Report post Posted November 18, 2007 Download ComboFix by sUBs from here, saving the file to your desktop. Close all open programs and windows Double click combofix.exe and follow the prompts. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply. Note: Do not mouseclick combofix's window while its running. That may cause it to stall Share this post Link to post Share on other sites
Anton.B 0 Report post Posted November 18, 2007 Download ComboFix by sUBs from here, saving the file to your desktop. Close all open programs and windows Double click combofix.exe and follow the prompts. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply. Note: Do not mouseclick combofix's window while its running. That may cause it to stall Combofix is downloading but when run states that it is out of date and uninstalls itself Share this post Link to post Share on other sites
noahdfear 0 Report post Posted November 18, 2007 Download Deckard's System Scanner (dss.exe) and save it to your desktop. Close all applications and windows. Double click on dss.exe to run it and follow the prompts. When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized. Post the contents of main.txt only for now. Share this post Link to post Share on other sites
Anton.B 0 Report post Posted November 19, 2007 (edited) Download Deckard's System Scanner (dss.exe) and save it to your desktop. Close all applications and windows. Double click on dss.exe to run it and follow the prompts. When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized. Post the contents of main.txt only for now. Deckard's System Scanner v20071014.68 Run by Dad on 2007-11-19 10:55:12 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 3 Restore Point(s) -- 3: 2007-11-18 23:55:32 UTC - RP648 - Deckard's System Scanner Restore Point 2: 2007-11-18 23:49:03 UTC - RP647 - Last known good configuration 1: 2007-11-18 23:48:40 UTC - RP646 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Dad.exe) ------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 10:57:46 AM, on 19/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\WINDOWS\system32\fdhaoohi.exe C:\Program Files\CS Fire Monitor\CSFireMon.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\WINDOWS\system32\atwtusb.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Dad\Desktop\dss.exe C:\DOCUME~1\Dad\Desktop\Dad.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file) O2 - BHO: (no name) - {10C0C3B9-FC60-4902-92B3-49E09D7BAE89} - C:\WINDOWS\system32\mljgg.dll O2 - BHO: (no name) - {18CCB518-1374-4946-A4C2-21EFD6C471CE} - (no file) O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: {8086f986-44d7-bb1a-8ae4-189a0888f064} - {460f8880-a981-4ea8-a1bb-7d44689f6808} - C:\WINDOWS\system32\uimnlulf.dll O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file) O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\fpktuukr.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\tuvwwxy.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {EF18E814-3E1B-452D-8EAE-208E53C009F5} - C:\WINDOWS\system32\vtstt.dll (file missing) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fpktuukr.dll O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [d48aeba1] rundll32.exe "C:\WINDOWS\system32\utmojxcc.dll",b O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Dad\Desktop\HijackThis.exe /startupscan O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?42def64ca47e412b8c501d922166e5af O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?42def64ca47e412b8c501d922166e5af O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125884139484 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A6484.dat O20 - Winlogon Notify: fpktuukr - C:\WINDOWS\SYSTEM32\fpktuukr.dll O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O20 - Winlogon Notify: tuvwwxy - C:\WINDOWS\SYSTEM32\tuvwwxy.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: CS Fire Monitor - Unknown owner - C:\Program Files\CS Fire Monitor\CSFireMonService.exe" -service (file missing) O23 - Service: DomainService - - C:\WINDOWS\system32\fdhaoohi.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe -- HijackThis Fixed Entries (C:\DOCUME~1\Dad\Desktop\backups\) ----------------- backup-20071117-224612-508 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll backup-20071117-224612-736 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe backup-20071117-224612-957 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257 backup-20071117-224613-360 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe backup-20071117-224613-732 O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\yykgwquj.exe (file missing) backup-20071117-225611-345 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll backup-20071117-232507-408 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll backup-20071117-232523-543 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll backup-20071117-235154-656 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll backup-20071117-235210-352 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll backup-20071117-235853-186 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll backup-20071117-235853-313 O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll backup-20071117-235853-790 O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll backup-20071118-000440-504 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll backup-20071118-002640-825 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll backup-20071118-002640-908 O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll backup-20071118-031523-396 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\adkfjpjc.dll -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 Imagedrv - c:\windows\system32\drivers\imagedrv.sys <Not Verified; Ahead Software AG and its licensors; NERO IMAGEDRIVE> R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS> R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10> R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; > R3 uscbs108 - c:\windows\system32\drivers\uscbs108.sys R3 uscsc108 - c:\windows\system32\drivers\uscsc108.sys S3 catchme - c:\docume~1\dad\locals~1\temp\catchme.sys (file missing) S3 StkMini (Syntek DC-112X) - c:\windows\system32\drivers\stkmini.sys <Not Verified; Syntek America Inc.; Syntek Universal Serial Bus 2.0 Video Mini Driver> S3 StkScan (Syntek DC-112X Still Image) - c:\windows\system32\drivers\stkscan.sys <Not Verified; Syntek America Inc.; Syntek Universal Serial Bus 2.0 Still Image Driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Capture Device Service - "c:\program files\common files\intervideo\deviceservice\devsvc.exe" <Not Verified; InterVideo Inc.; Capture Device Service> R2 DomainService - c:\windows\system32\fdhaoohi.exe /service <Not Verified; ; DDC> R2 ScsiAccess - c:\windows\system32\scsiaccess.exe R2 UStorage Server Service - c:\windows\system32\ustorsrv.exe /service <Not Verified; OTi; OTi Content Service> S2 CS Fire Monitor - "c:\program files\cs fire monitor\csfiremonservice.exe" -service <Not Verified; Crofts Software; CS Fire Monitor Service> S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\71402320ED Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\71402320ED Service: NIC1394 Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A} Description: Nokia Windows Portable Device Driver Device ID: ROOT\WPD00 Manufacturer: Nokia Name: Princess Nokia N70 PNP Device ID: ROOT\WPD00 Service: WUDFRd Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A} Description: Antons Nokia N70 Device ID: ROOT\WPD01 Manufacturer: Nokia Name: Antons Nokia N70 PNP Device ID: ROOT\WPD01 Service: WUDFRd -- Scheduled Tasks ------------------------------------------------------------- 2007-11-19 10:29:24 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job 2007-11-14 20:02:19 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2006-08-21 12:11:04 338 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1125623360.job -- Files created between 2007-10-19 and 2007-11-19 ----------------------------- 2007-11-19 09:55:46 145984 --a------ C:\WINDOWS\system32\fpktuukr.dll 2007-11-19 09:55:17 145984 --a------ C:\WINDOWS\system32\rjfppvrf.dll 2007-11-19 06:37:18 79424 --a------ C:\WINDOWS\system32\uimnlulf.dll 2007-11-19 06:34:29 85056 --a------ C:\WINDOWS\system32\utmojxcc.dll 2007-11-19 06:28:22 71232 --a------ C:\WINDOWS\system32\fdhaoohi.exe <Not Verified; ; DDC> 2007-11-19 06:25:18 10816 --a------ C:\WINDOWS\system32\__c00A6484.dat 2007-11-19 06:25:16 10816 --a------ C:\WINDOWS\system32\okxlwala.dll 2007-11-19 06:24:44 10816 --a------ C:\WINDOWS\system32\fqjdksao.dll 2007-11-18 16:51:42 152642 --ahs---- C:\WINDOWS\system32\ggjlm.ini2 2007-11-18 16:51:28 320608 --a------ C:\WINDOWS\system32\mljgg.dll 2007-11-18 10:04:14 82496 --a------ C:\WINDOWS\system32\rwnyclfe.dll 2007-11-18 09:57:26 10816 -----n--- C:\WINDOWS\system32\__c00DB3BE.dat 2007-11-18 04:24:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-18 02:14:15 2390 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-17 14:22:49 128 --a------ C:\Documents and Settings\Dad\services.exe 2007-11-16 21:42:12 35840 --a------ C:\WINDOWS\17PHolmes1188.exe 2007-11-16 21:41:59 36352 --a------ C:\WINDOWS\system32\ddcyvww.dll 2007-11-16 20:44:42 36352 --a------ C:\WINDOWS\system32\tuvwwxy.dll 2007-11-16 17:03:24 71232 --a------ C:\WINDOWS\system32\brepqytj.exe <Not Verified; ; DDC> 2007-11-16 16:54:48 40960 --a------ C:\Documents and Settings\Mum\f.exe 2007-11-16 16:54:35 0 --a------ C:\Documents and Settings\Mum\x.dat 2007-11-16 16:54:23 36352 --a------ C:\WINDOWS\system32\yaywxuv.dll 2007-11-16 16:54:19 1017 --a------ C:\Documents and Settings\Mum\z.dat 2007-11-16 16:54:01 36352 --a------ C:\WINDOWS\system32\pmnopnk.dll 2007-11-15 11:03:37 40960 --a------ C:\Documents and Settings\Dad\f.exe 2007-11-15 11:03:24 1204 --a------ C:\Documents and Settings\Dad\x.dat 2007-11-15 11:03:16 36352 --a------ C:\WINDOWS\system32\byxuvvu.dll 2007-11-15 11:03:07 4840 --a------ C:\Documents and Settings\Dad\z.dat 2007-11-15 11:02:54 36352 --a------ C:\WINDOWS\system32\vtuvsqr.dll 2007-11-15 10:36:10 35840 --a------ C:\WINDOWS\mrofinu1000106.exe 2007-11-15 10:35:01 40960 --a------ C:\Documents and Settings\Anton\f.exe 2007-11-15 10:34:54 299 --a------ C:\Documents and Settings\Anton\x.dat 2007-11-15 10:34:30 40341 --a------ C:\Documents and Settings\Anton\z.dat 2007-11-15 10:34:17 36352 --a------ C:\WINDOWS\system32\iifffde.dll 2007-11-15 10:34:00 0 d-------- C:\WINDOWS\system32\rMa18yy 2007-11-13 16:03:09 4882432 --a------ C:\Documents and Settings\Anton\ntuser.dat 2007-11-13 16:00:35 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ> 2007-11-05 15:35:30 0 d-------- C:\WINDOWS\pss 2007-11-01 17:45:28 0 d-------- C:\Program Files\Guitar Pro 5 2007-10-30 12:22:51 0 d-------- C:\Racing 2007-10-23 12:35:40 0 d-------- C:\Program Files\iPod 2007-10-23 12:35:09 0 d-------- C:\Program Files\iTunes 2007-10-22 19:54:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-10-19 23:05:01 0 d-------- C:\the hedgehog -- Find3M Report --------------------------------------------------------------- 2007-11-18 04:26:14 0 d-------- C:\Program Files\Lavasoft 2007-11-18 04:26:12 0 d-------- C:\Documents and Settings\Dad\Application Data\Lavasoft 2007-11-18 04:22:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-11-17 17:36:23 0 d-------- C:\Program Files\Java 2007-11-14 23:30:21 0 d-------- C:\Program Files\Common Files 2007-11-08 09:50:59 0 d-------- C:\Documents and Settings\Dad\Application Data\U3 2007-11-07 14:35:58 0 d-------- C:\Program Files\CS Fire Monitor 2007-11-05 15:22:52 0 d-------- C:\Program Files\GSM 2007-11-02 20:44:26 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-10-22 19:54:28 0 d-------- C:\Program Files\Common Files\Adobe 2007-10-18 00:42:08 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL> 2007-10-17 13:12:37 0 d-------- C:\Program Files\Free Metronome 2007-10-17 12:48:58 0 d-------- C:\Program Files\FretPro 2007-10-17 09:42:08 0 d-------- C:\Program Files\LogMeIn 2007-10-15 22:37:18 0 d-------- C:\Program Files\Lame 2007-10-14 19:57:40 0 d-------- C:\Program Files\Audacity 2007-10-09 21:53:27 0 d-------- C:\Program Files\Apple Software Update 2007-10-08 20:47:34 0 d-------- C:\Program Files\Burn4Free 2007-09-28 19:33:00 0 d-------- C:\Program Files\WinAce 2007-09-27 12:01:18 0 d-------- C:\Program Files\Microsoft Silverlight 2007-09-24 22:46:36 0 d-------- C:\Program Files\GameSpy Arcade 2007-09-24 22:43:50 0 d-------- C:\Program Files\Microsoft Games 2007-09-19 14:58:04 0 d-------- C:\Program Files\Scales Dictionary System 2007-09-19 14:57:35 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows> 2007-09-19 14:57:29 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft? Visual Basic for Windows> 2007-09-19 12:23:45 0 d-------- C:\Program Files\GiveMeTac 1.1 2007-09-14 15:30:55 229727 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_6984.exe <Not Verified; Burn4Free; Burn4Free CD and DVD> 2007-09-08 22:29:51 7188 --a------ C:\WINDOWS\mozver.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C0C3B9-FC60-4902-92B3-49E09D7BAE89}] 18/11/2007 04:51 PM 320608 --a------ C:\WINDOWS\system32\mljgg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CCB518-1374-4946-A4C2-21EFD6C471CE}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{460f8880-a981-4ea8-a1bb-7d44689f6808}] 19/11/2007 06:37 AM 79424 --a------ C:\WINDOWS\system32\uimnlulf.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A57EE9D7-0534-496A-B2B0-E95866D0C1B0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 19/11/2007 09:55 AM 145984 --a------ C:\WINDOWS\system32\fpktuukr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}] 16/11/2007 08:44 PM 36352 --a------ C:\WINDOWS\system32\tuvwwxy.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF18E814-3E1B-452D-8EAE-208E53C009F5}] C:\WINDOWS\system32\vtstt.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\fpktuukr.dll [19/11/2007 09:55 AM 145984] [-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [22/03/2002 03:41 PM] "atwtusb"="atwtusb.exe" [23/04/2002 05:20 PM C:\WINDOWS\system32\atwtusb.exe] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 09:06 PM] "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [06/08/2007 12:08 PM] "nwiz"="nwiz.exe" [25/08/2004 08:14 PM C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [25/08/2004 08:14 PM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [25/08/2004 08:14 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM] "Host Process"="C:\WINDOWS\Fonts\svchost.exe" [] "d48aeba1"="C:\WINDOWS\system32\utmojxcc.dll" [19/11/2007 06:34 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HijackThis startup scan"="C:\Documents and Settings\Dad\Desktop\HijackThis.exe" [16/02/2005 11:06 AM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [20/11/2003 2:11:56 PM] hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [9/04/2003 6:41:38 PM] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [9/04/2003 7:11:12 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [13/03/2006 02:11 PM 233472] "{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\tuvwwxy.dll [16/11/2007 08:44 PM 36352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fpktuukr] fpktuukr.dll 19/11/2007 09:55 AM 145984 C:\WINDOWS\system32\fpktuukr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 02/10/2007 05:51 PM 75064 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwwxy] tuvwwxy.dll 16/11/2007 08:44 PM 36352 C:\WINDOWS\system32\tuvwwxy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\WINDOWS\system32\__c00A6484.dat [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljgg.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Controller.lnk] backup=C:\WINDOWS\pss\Remote Controller.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent] "C:\Program Files\CyberLink\PowerVCRII\Agent.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent] "C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter] wfxsnt40.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52d0c36c-3e4a-11dc-b9ad-0020ed6c9f88}] AutoRun\command- G:\LaunchU3.exe -a -- End of Deckard's System Scanner: finished at 2007-11-19 10:59:47 ------------ main.txt Edited November 19, 2007 by noahdfear dss log posted Share this post Link to post Share on other sites
noahdfear 0 Report post Posted November 19, 2007 Highlight and copy the bolded command below. sc stop DomainService Click Start>Run and paste the command on the run line then hit enter. Now repeat with the next command. sc delete DomainService Delete the following folder. C:\WINDOWS\system32\rMa18yy Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as; Filename: vundofix.vft Save As Type: All Files (*.*) C:\WINDOWS\system32\fpktuukr.dll C:\WINDOWS\system32\rjfppvrf.dll C:\WINDOWS\system32\uimnlulf.dll C:\WINDOWS\system32\utmojxcc.dll C:\WINDOWS\system32\fdhaoohi.exe C:\WINDOWS\system32\__c00A6484.dat C:\WINDOWS\system32\okxlwala.dll C:\WINDOWS\system32\fqjdksao.dll C:\WINDOWS\system32\ggjlm.ini2 C:\WINDOWS\system32\mljgg.dll C:\WINDOWS\system32\rwnyclfe.dll C:\WINDOWS\system32\__c00DB3BE.dat C:\WINDOWS\17PHolmes1188.exe C:\WINDOWS\system32\ddcyvww.dll C:\WINDOWS\system32\tuvwwxy.dll C:\WINDOWS\system32\brepqytj.exe C:\Documents and Settings\Mum\f.exe C:\WINDOWS\system32\yaywxuv.dll C:\WINDOWS\system32\pmnopnk.dll C:\Documents and Settings\Dad\f.exe C:\WINDOWS\system32\byxuvvu.dll C:\WINDOWS\system32\vtuvsqr.dll C:\WINDOWS\mrofinu1000106.exe C:\Documents and Settings\Anton\f.exe C:\WINDOWS\system32\iifffde.dll Close all other windows and programs. Double-click VundoFix.exe to run it. Drag vundofix.vft onto the listbox (white box) of VundoFix. Click the "Remove Vundo" button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new dss log. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting Files were created to collect passwords from your computer and attempt to transmit them to a host. Each of the bolded files below needs to first be moved, say to a new folders such as; C:\passwords\Mum C:\passwords\Dad C:\passwords\Anton C:\Documents and Settings\Mum\x.dat C:\Documents and Settings\Mum\z.dat C:\Documents and Settings\Dad\x.dat C:\Documents and Settings\Dad\z.dat C:\Documents and Settings\Anton\x.dat C:\Documents and Settings\Anton\z.dat Now right click each and select rename, then add a txt extension, so that they become x.dat.txt and z.dat.txt Open each one (will open with notepad) and see which passwords were collected and must be changed. Suggest you let Mum and Dad do their own Share this post Link to post Share on other sites
Anton.B 0 Report post Posted November 19, 2007 Highlight and copy the bolded command below. sc stop DomainService Click Start>Run and paste the command on the run line then hit enter. Now repeat with the next command. sc delete DomainService Delete the following folder. C:\WINDOWS\system32\rMa18yy Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as; Filename: vundofix.vft Save As Type: All Files (*.*) C:\WINDOWS\system32\fpktuukr.dll C:\WINDOWS\system32\rjfppvrf.dll C:\WINDOWS\system32\uimnlulf.dll C:\WINDOWS\system32\utmojxcc.dll C:\WINDOWS\system32\fdhaoohi.exe C:\WINDOWS\system32\__c00A6484.dat C:\WINDOWS\system32\okxlwala.dll C:\WINDOWS\system32\fqjdksao.dll C:\WINDOWS\system32\ggjlm.ini2 C:\WINDOWS\system32\mljgg.dll C:\WINDOWS\system32\rwnyclfe.dll C:\WINDOWS\system32\__c00DB3BE.dat C:\WINDOWS\17PHolmes1188.exe C:\WINDOWS\system32\ddcyvww.dll C:\WINDOWS\system32\tuvwwxy.dll C:\WINDOWS\system32\brepqytj.exe C:\Documents and Settings\Mum\f.exe C:\WINDOWS\system32\yaywxuv.dll C:\WINDOWS\system32\pmnopnk.dll C:\Documents and Settings\Dad\f.exe C:\WINDOWS\system32\byxuvvu.dll C:\WINDOWS\system32\vtuvsqr.dll C:\WINDOWS\mrofinu1000106.exe C:\Documents and Settings\Anton\f.exe C:\WINDOWS\system32\iifffde.dll Close all other windows and programs. Double-click VundoFix.exe to run it. Drag vundofix.vft onto the listbox (white box) of VundoFix. Click the "Remove Vundo" button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new dss log. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting Files were created to collect passwords from your computer and attempt to transmit them to a host. Each of the bolded files below needs to first be moved, say to a new folders such as; C:\passwords\Mum C:\passwords\Dad C:\passwords\Anton C:\Documents and Settings\Mum\x.dat C:\Documents and Settings\Mum\z.dat C:\Documents and Settings\Dad\x.dat C:\Documents and Settings\Dad\z.dat C:\Documents and Settings\Anton\x.dat C:\Documents and Settings\Anton\z.dat Now right click each and select rename, then add a txt extension, so that they become x.dat.txt and z.dat.txt Open each one (will open with notepad) and see which passwords were collected and must be changed. Suggest you let Mum and Dad do their own Vundofix is unable to delete C:\windows\system32\c00A6484.dat Share this post Link to post Share on other sites
Anton.B 0 Report post Posted November 19, 2007 --> QUOTE(Anton.B @ Nov 19 2007, 12:02 PM) 61193[/snapback] Vundofix is unable to delete C:\windows\system32\c00A6484.dat CORRECTION file is _c00A6484.dat (sorry) Share this post Link to post Share on other sites
noahdfear 0 Report post Posted November 19, 2007 Please post the logs. Share this post Link to post Share on other sites
Anton.B 0 Report post Posted November 19, 2007 (edited) Please post the logs. Logs as requested VundoFix V6.6.2 Checking Java version... Scan started at 4:28:50 PM 18/11/2007 Listing files found while scanning.... C:\windows\system32\__c00DB3BE.dat C:\WINDOWS\system32\adkfjpjc.dll C:\windows\system32\adkfjpjc.dllbox C:\windows\system32\efcywvw.dll C:\windows\system32\kxsxwyxs.dll C:\windows\system32\ojslqoow.dll C:\windows\system32\ttstv.ini C:\windows\system32\ttstv.ini2 C:\windows\system32\vtstt.dll Beginning removal... Attempting to delete C:\windows\system32\__c00DB3BE.dat C:\windows\system32\__c00DB3BE.dat Could not be deleted. Attempting to delete C:\WINDOWS\system32\adkfjpjc.dll C:\WINDOWS\system32\adkfjpjc.dll Has been deleted! Attempting to delete C:\windows\system32\adkfjpjc.dllbox C:\windows\system32\adkfjpjc.dllbox Has been deleted! Attempting to delete C:\windows\system32\efcywvw.dll C:\windows\system32\efcywvw.dll Has been deleted! Attempting to delete C:\windows\system32\kxsxwyxs.dll C:\windows\system32\kxsxwyxs.dll Has been deleted! Attempting to delete C:\windows\system32\ojslqoow.dll C:\windows\system32\ojslqoow.dll Has been deleted! Attempting to delete C:\windows\system32\ttstv.ini C:\windows\system32\ttstv.ini Has been deleted! Attempting to delete C:\windows\system32\ttstv.ini2 C:\windows\system32\ttstv.ini2 Has been deleted! Attempting to delete C:\windows\system32\vtstt.dll C:\windows\system32\vtstt.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\__c00DB3BE.dat C:\windows\system32\__c00DB3BE.dat Could not be deleted. Performing Repairs to the registry. Done! VundoFix V6.6.2 Checking Java version... Scan started at 4:46:53 PM 18/11/2007 Listing files found while scanning.... C:\windows\system32\__c00DB3BE.dat Beginning removal... Attempting to delete C:\windows\system32\__c00DB3BE.dat C:\windows\system32\__c00DB3BE.dat Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\__c00DB3BE.dat C:\windows\system32\__c00DB3BE.dat Could not be deleted. Performing Repairs to the registry. Done! VundoFix V6.6.2 Checking Java version... Scan started at 5:06:55 PM 18/11/2007 Listing files found while scanning.... C:\windows\system32\__c00DB3BE.dat Beginning removal... Attempting to delete C:\windows\system32\__c00DB3BE.dat C:\windows\system32\__c00DB3BE.dat Could not be deleted. Performing Repairs to the registry. Done! VundoFix V6.6.2 Checking Java version... Scan started at 11:39:20 AM 19/11/2007 Listing files found while scanning.... Beginning removal... Attempting to delete C:\Documents and Settings\Anton\f.exe C:\Documents and Settings\Anton\f.exe Has been deleted! Attempting to delete C:\Documents and Settings\Dad\f.exe C:\Documents and Settings\Dad\f.exe Has been deleted! Attempting to delete C:\Documents and Settings\Mum\f.exe C:\Documents and Settings\Mum\f.exe Has been deleted! Attempting to delete C:\WINDOWS\17PHolmes1188.exe C:\WINDOWS\17PHolmes1188.exe Has been deleted! Attempting to delete C:\WINDOWS\mrofinu1000106.exe C:\WINDOWS\mrofinu1000106.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\__c00A6484.dat C:\WINDOWS\system32\__c00A6484.dat Could not be deleted. Attempting to delete C:\WINDOWS\system32\__c00DB3BE.dat C:\WINDOWS\system32\__c00DB3BE.dat Has been deleted! Attempting to delete C:\WINDOWS\system32\brepqytj.exe C:\WINDOWS\system32\brepqytj.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\byxuvvu.dll C:\WINDOWS\system32\byxuvvu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddcyvww.dll C:\WINDOWS\system32\ddcyvww.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fdhaoohi.exe C:\WINDOWS\system32\fdhaoohi.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\fpktuukr.dll C:\WINDOWS\system32\fpktuukr.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fqjdksao.dll C:\WINDOWS\system32\fqjdksao.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ggjlm.ini2 C:\WINDOWS\system32\ggjlm.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\iifffde.dll C:\WINDOWS\system32\iifffde.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mljgg.dll C:\WINDOWS\system32\mljgg.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\okxlwala.dll C:\WINDOWS\system32\okxlwala.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pmnopnk.dll C:\WINDOWS\system32\pmnopnk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rjfppvrf.dll C:\WINDOWS\system32\rjfppvrf.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rwnyclfe.dll C:\WINDOWS\system32\rwnyclfe.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\tuvwwxy.dll C:\WINDOWS\system32\tuvwwxy.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\uimnlulf.dll C:\WINDOWS\system32\uimnlulf.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\utmojxcc.dll C:\WINDOWS\system32\utmojxcc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vtuvsqr.dll C:\WINDOWS\system32\vtuvsqr.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\yaywxuv.dll C:\WINDOWS\system32\yaywxuv.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.6.2 Checking Java version... Scan started at 11:47:06 AM 19/11/2007 Listing files found while scanning.... C:\windows\system32\__c00A6484.dat C:\windows\system32\fpktuukr.dllbox Beginning removal... Attempting to delete C:\windows\system32\__c00A6484.dat C:\windows\system32\__c00A6484.dat Could not be deleted. Attempting to delete C:\windows\system32\fpktuukr.dllbox C:\windows\system32\fpktuukr.dllbox Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\__c00A6484.dat C:\windows\system32\__c00A6484.dat Could not be deleted. Performing Repairs to the registry. Done! Deckard's System Scanner v20071014.68 Run by Dad on 2007-11-19 12:20:21 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Dad.exe) ------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 12:20:31 PM, on 19/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CS Fire Monitor\CSFireMon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\WINDOWS\system32\atwtusb.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Documents and Settings\Dad\Desktop\dss.exe C:\DOCUME~1\Dad\Desktop\Dad.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file) O2 - BHO: (no name) - {10C0C3B9-FC60-4902-92B3-49E09D7BAE89} - C:\WINDOWS\system32\mljgg.dll (file missing) O2 - BHO: (no name) - {18CCB518-1374-4946-A4C2-21EFD6C471CE} - (no file) O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: {8086f986-44d7-bb1a-8ae4-189a0888f064} - {460f8880-a981-4ea8-a1bb-7d44689f6808} - C:\WINDOWS\system32\uimnlulf.dll (file missing) O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {B13CD278-8708-412A-A1D5-12DC54BCF488} - C:\WINDOWS\system32\pmkjh.dll O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\tuvwwxy.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {EF18E814-3E1B-452D-8EAE-208E53C009F5} - C:\WINDOWS\system32\vtstt.dll (file missing) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [d48aeba1] rundll32.exe "C:\WINDOWS\system32\utmojxcc.dll",b O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Dad\Desktop\HijackThis.exe /startupscan O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?42def64ca47e412b8c501d922166e5af O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?42def64ca47e412b8c501d922166e5af O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125884139484 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A6484.dat O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: CS Fire Monitor - Unknown owner - C:\Program Files\CS Fire Monitor\CSFireMonService.exe" -service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe -- Files created between 2007-10-19 and 2007-11-19 ----------------------------- 2007-11-19 11:51:31 6948 --ahs---- C:\WINDOWS\system32\hjkmp.ini2 2007-11-19 11:51:14 320608 --a------ C:\WINDOWS\system32\pmkjh.dll 2007-11-19 11:39:20 0 d-------- C:\VundoFix Backups 2007-11-19 06:25:18 10816 -----n--- C:\WINDOWS\system32\__c00A6484.dat 2007-11-18 04:24:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-18 02:14:15 2390 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-17 14:22:49 128 --a------ C:\Documents and Settings\Dad\services.exe 2007-11-16 20:44:42 36352 -----n--- C:\WINDOWS\system32\tuvwwxy.dll 2007-11-13 16:03:09 4882432 --a------ C:\Documents and Settings\Anton\ntuser.dat 2007-11-13 16:00:35 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ> 2007-11-05 15:35:30 0 d-------- C:\WINDOWS\pss 2007-11-01 17:45:28 0 d-------- C:\Program Files\Guitar Pro 5 2007-10-30 12:22:51 0 d-------- C:\Racing 2007-10-23 12:35:40 0 d-------- C:\Program Files\iPod 2007-10-23 12:35:09 0 d-------- C:\Program Files\iTunes 2007-10-22 19:54:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-10-19 23:05:01 0 d-------- C:\the hedgehog -- Find3M Report --------------------------------------------------------------- 2007-11-18 04:26:14 0 d-------- C:\Program Files\Lavasoft 2007-11-18 04:26:12 0 d-------- C:\Documents and Settings\Dad\Application Data\Lavasoft 2007-11-18 04:22:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-11-17 17:36:23 0 d-------- C:\Program Files\Java 2007-11-14 23:30:21 0 d-------- C:\Program Files\Common Files 2007-11-08 09:50:59 0 d-------- C:\Documents and Settings\Dad\Application Data\U3 2007-11-07 14:35:58 0 d-------- C:\Program Files\CS Fire Monitor 2007-11-05 15:22:52 0 d-------- C:\Program Files\GSM 2007-11-02 20:44:26 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-10-22 19:54:28 0 d-------- C:\Program Files\Common Files\Adobe 2007-10-18 00:42:08 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL> 2007-10-17 13:12:37 0 d-------- C:\Program Files\Free Metronome 2007-10-17 12:48:58 0 d-------- C:\Program Files\FretPro 2007-10-17 09:42:08 0 d-------- C:\Program Files\LogMeIn 2007-10-15 22:37:18 0 d-------- C:\Program Files\Lame 2007-10-14 19:57:40 0 d-------- C:\Program Files\Audacity 2007-10-09 21:53:27 0 d-------- C:\Program Files\Apple Software Update 2007-10-08 20:47:34 0 d-------- C:\Program Files\Burn4Free 2007-09-28 19:33:00 0 d-------- C:\Program Files\WinAce 2007-09-27 12:01:18 0 d-------- C:\Program Files\Microsoft Silverlight 2007-09-24 22:46:36 0 d-------- C:\Program Files\GameSpy Arcade 2007-09-24 22:43:50 0 d-------- C:\Program Files\Microsoft Games 2007-09-19 14:58:04 0 d-------- C:\Program Files\Scales Dictionary System 2007-09-19 14:57:35 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows> 2007-09-19 14:57:29 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft? Visual Basic for Windows> 2007-09-19 12:23:45 0 d-------- C:\Program Files\GiveMeTac 1.1 2007-09-14 15:30:55 229727 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_6984.exe <Not Verified; Burn4Free; Burn4Free CD and DVD> 2007-09-08 22:29:51 7188 --a------ C:\WINDOWS\mozver.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C0C3B9-FC60-4902-92B3-49E09D7BAE89}] C:\WINDOWS\system32\mljgg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CCB518-1374-4946-A4C2-21EFD6C471CE}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{460f8880-a981-4ea8-a1bb-7d44689f6808}] C:\WINDOWS\system32\uimnlulf.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A57EE9D7-0534-496A-B2B0-E95866D0C1B0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B13CD278-8708-412A-A1D5-12DC54BCF488}] 19/11/2007 11:51 AM 320608 --a------ C:\WINDOWS\system32\pmkjh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}] 16/11/2007 08:44 PM 36352 --------- C:\WINDOWS\system32\tuvwwxy.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF18E814-3E1B-452D-8EAE-208E53C009F5}] C:\WINDOWS\system32\vtstt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [22/03/2002 03:41 PM] "atwtusb"="atwtusb.exe" [23/04/2002 05:20 PM C:\WINDOWS\system32\atwtusb.exe] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 09:06 PM] "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [06/08/2007 12:08 PM] "nwiz"="nwiz.exe" [25/08/2004 08:14 PM C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [25/08/2004 08:14 PM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [25/08/2004 08:14 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM] "Host Process"="C:\WINDOWS\Fonts\svchost.exe" [] "d48aeba1"="C:\WINDOWS\system32\utmojxcc.dll" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HijackThis startup scan"="C:\Documents and Settings\Dad\Desktop\HijackThis.exe" [16/02/2005 11:06 AM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [20/11/2003 2:11:56 PM] hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [9/04/2003 6:41:38 PM] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [9/04/2003 7:11:12 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [13/03/2006 02:11 PM 233472] "{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\tuvwwxy.dll [16/11/2007 08:44 PM 36352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 02/10/2007 05:51 PM 75064 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\WINDOWS\system32\__c00A6484.dat [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkjh.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Controller.lnk] backup=C:\WINDOWS\pss\Remote Controller.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent] "C:\Program Files\CyberLink\PowerVCRII\Agent.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent] "C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter] wfxsnt40.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52d0c36c-3e4a-11dc-b9ad-0020ed6c9f88}] AutoRun\command- G:\LaunchU3.exe -a -- End of Deckard's System Scanner: finished at 2007-11-19 12:21:14 ------------ main.txt VundoFix.txt Edited November 19, 2007 by noahdfear posted attached logs Share this post Link to post Share on other sites
noahdfear 0 Report post Posted November 19, 2007 Please post your logs right into the topic rather than attaching them. Thanks! Copy the contents of the code box below to a blank notepad. Save it to the desktop as; Filename: fix.reg Save as type: All Files (*.*) REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Host Process"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 Don't do anything with it just yet. Please download OTMoveIt by OldTimer, saving it to your desktop. Scan again with HijackThis and place a check next to the following entries then click Fix Checked. O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file) O2 - BHO: (no name) - {10C0C3B9-FC60-4902-92B3-49E09D7BAE89} - C:\WINDOWS\system32\mljgg.dll (file missing) O2 - BHO: (no name) - {18CCB518-1374-4946-A4C2-21EFD6C471CE} - (no file) O2 - BHO: {8086f986-44d7-bb1a-8ae4-189a0888f064} - {460f8880-a981-4ea8-a1bb-7d44689f6808} - C:\WINDOWS\system32\uimnlulf.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file) O2 - BHO: (no name) - {B13CD278-8708-412A-A1D5-12DC54BCF488} - C:\WINDOWS\system32\pmkjh.dll O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\tuvwwxy.dll O2 - BHO: (no name) - {EF18E814-3E1B-452D-8EAE-208E53C009F5} - C:\WINDOWS\system32\vtstt.dll (file missing) O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O4 - HKLM\..\Run: [d48aeba1] rundll32.exe "C:\WINDOWS\system32\utmojxcc.dll",b O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Dad\Desktop\HijackThis.exe /startupscan O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A6484.dat Close HijackThis Double click fix.reg and allow it to merge with the registry. Please double-click OTMoveIt.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\WINDOWS\system32\hjkmp.ini2C:\WINDOWS\system32\pmkjh.dllC:\WINDOWS\system32\__c00A6484.datC:\WINDOWS\system32\tmp.regC:\Documents and Settings\Dad\services.exeC:\WINDOWS\system32\tuvwwxy.dll Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste. Click the red Moveit! button. Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply. Close OTMoveIt *If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes. **If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at : C:\_OTMoveIt\MovedFiles\********_******.log (where "********_******" is the "date_time") Click "Exit" to close OTMoveIt. After you've posted the OT_MoveIt log, download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Now reboot into Safe Mode and logon to your user account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt(Report.txt will also be copied to Clipboard ready for posting back on the forum). Post the contents of the Report.txt along with a new dss log. Share this post Link to post Share on other sites
Anton.B 0 Report post Posted November 19, 2007 Please post your logs right into the topic rather than attaching them. Thanks! Copy the contents of the code box below to a blank notepad. Save it to the desktop as; Filename: fix.reg Save as type: All Files (*.*) REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Host Process"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 Don't do anything with it just yet. Please download OTMoveIt by OldTimer, saving it to your desktop. Scan again with HijackThis and place a check next to the following entries then click Fix Checked. O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file) O2 - BHO: (no name) - {10C0C3B9-FC60-4902-92B3-49E09D7BAE89} - C:\WINDOWS\system32\mljgg.dll (file missing) O2 - BHO: (no name) - {18CCB518-1374-4946-A4C2-21EFD6C471CE} - (no file) O2 - BHO: {8086f986-44d7-bb1a-8ae4-189a0888f064} - {460f8880-a981-4ea8-a1bb-7d44689f6808} - C:\WINDOWS\system32\uimnlulf.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file) O2 - BHO: (no name) - {B13CD278-8708-412A-A1D5-12DC54BCF488} - C:\WINDOWS\system32\pmkjh.dll O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\tuvwwxy.dll O2 - BHO: (no name) - {EF18E814-3E1B-452D-8EAE-208E53C009F5} - C:\WINDOWS\system32\vtstt.dll (file missing) O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O4 - HKLM\..\Run: [d48aeba1] rundll32.exe "C:\WINDOWS\system32\utmojxcc.dll",b O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Dad\Desktop\HijackThis.exe /startupscan O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A6484.dat Close HijackThis Double click fix.reg and allow it to merge with the registry. Please double-click OTMoveIt.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\WINDOWS\system32\hjkmp.ini2C:\WINDOWS\system32\pmkjh.dllC:\WINDOWS\system32\__c00A6484.datC:\WINDOWS\system32\tmp.regC:\Documents and Settings\Dad\services.exeC:\WINDOWS\system32\tuvwwxy.dll Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste. Click the red Moveit! button. Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply. Close OTMoveIt *If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes. **If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at : C:\_OTMoveIt\MovedFiles\********_******.log (where "********_******" is the "date_time") Click "Exit" to close OTMoveIt. After you've posted the OT_MoveIt log, download SDFix and save it to your Desktop.before downloading and running Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Now reboot into Safe Mode and logon to your user account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt(Report.txt will also be copied to Clipboard ready for posting back on the forum). Post the contents of the Report.txt along with a new dss log. I'm on a different computer because... I forgot to the post OT_MoveIt log before downlading & extracting SDFix. when I rebooted tapping F8 to enter safe mode but was unable to use my arrows to move up to safe mode... time then elapsed and booted as per normal..however at logon it would not accept my password..I've tried 3-4 time with no success. I cannot get past logon.... Share this post Link to post Share on other sites
Anton.B 0 Report post Posted November 19, 2007 --> QUOTE(Anton.B @ Nov 19 2007, 01:56 PM) 61216[/snapback] I'm on a different computer because...I forgot to the post OT_MoveIt log before downlading & extracting SDFix. when I rebooted tapping F8 to enter safe mode but was unable to use my arrows to move up to safe mode... time then elapsed and booted as per normal..however at logon it would not accept my password..I've tried 3-4 time with no success. I cannot get past logon.... my keyboard has gone haywire 3 acts as delete..nothing else seems to work Share this post Link to post Share on other sites
Anton.B 0 Report post Posted November 19, 2007 --> QUOTE(Anton.B @ Nov 19 2007, 01:56 PM) 61216[/snapback] I'm on a different computer because...I forgot to the post OT_MoveIt log before downlading & extracting SDFix. when I rebooted tapping F8 to enter safe mode but was unable to use my arrows to move up to safe mode... time then elapsed and booted as per normal..however at logon it would not accept my password..I've tried 3-4 time with no success. I cannot get past logon.... Latest....now able to logon to my user (DAD) requested log C:\WINDOWS\system32\hjkmp.ini2 moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmkjh.dll C:\WINDOWS\system32\pmkjh.dll NOT unregistered. File move failed. C:\WINDOWS\system32\pmkjh.dll scheduled to be moved on reboot. File move failed. C:\WINDOWS\system32\__c00A6484.dat scheduled to be moved on reboot. C:\WINDOWS\system32\tmp.reg moved successfully. C:\Documents and Settings\Dad\services.exe moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\tuvwwxy.dll C:\WINDOWS\system32\tuvwwxy.dll NOT unregistered. C:\WINDOWS\system32\tuvwwxy.dll moved successfully. Created on 11/19/2007 13:13:25 Share this post Link to post Share on other sites
noahdfear 0 Report post Posted November 19, 2007 Seems you got the keyboard issue worked out. I'll await your next post. Share this post Link to post Share on other sites
Anton.B 0 Report post Posted November 19, 2007 --> QUOTE(Anton.B @ Nov 19 2007, 01:56 PM) 61216[/snapback] I'm on a different computer because...I forgot to the post OT_MoveIt log before downlading & extracting SDFix. when I rebooted tapping F8 to enter safe mode but was unable to use my arrows to move up to safe mode... time then elapsed and booted as per normal..however at logon it would not accept my password..I've tried 3-4 time with no success. I cannot get past logon.... I have been waiting for SDFix to complete it job. Has been approx 20 mins..have blank SDFix screen..HDD LED is constantly lit. Share this post Link to post Share on other sites
noahdfear 0 Report post Posted November 19, 2007 Give it a bit longer if you would please, and if it doesn't complete after 45 min or so, exit out and back to normal mode. Then post a new dss log and see if there is a report.txt in the C:\SDFix folder (post it too if there is). Share this post Link to post Share on other sites
