Sign in to follow this  
bashambr

Cleanup Before 2008

Recommended Posts

We're trying to cleanup for PC before heading into 2008. We're getting married in June and we really need our PC to run as cleanly as possible. Is there anything we should get rid of?

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:15:41 PM, on 12/27/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINNT\System32\cisvc.exe

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\Verizon\SMARTB~1\SBHookSvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: 0 - {509882EB-5DAA-4D66-55B4-F13688E6A5DD} - C:\Program

 

Files\Online Services\qufaxyni.dll (file missing)

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} -

 

C:\WINNT\system32\clefmthe.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

 

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

 

c:\program files\google\googletoolbar2.dll

O2 - BHO: (no name) - {CC928EDA-0E8B-4A4D-9151-A943D276C8FF} -

 

C:\WINNT\system32\jkhig.dll (file missing)

O2 - BHO: (no name) - {EEC49F6A-EB62-4968-A454-5696CF7D95C7} - \

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

 

files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

 

C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media

 

Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [Motive SmartBridge]

 

C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program

 

Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program

 

Files\Verizon\McciTrayApp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

 

-atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program

 

Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O4 - HKCU\..\Run: [swg] C:\Program

 

Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program

 

Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program

 

Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet

 

Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - Global Startup: VersionTrackerPro.lnk = C:\Program

 

Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

 

Toolbar\AIMBar.dll/aimsearch.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console -

 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

 

Files\Java\jre1.6.0_03\bin\ssv.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

 

Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

 

C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control)

 

- http://lads.myspace.com/upload/MySpaceUploader1005.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader

 

Control) - http://www.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

 

http://www.update.microsoft.com/microsoftu...en/x86/client/m

 

uweb_site.cab?1198778159286

O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload

 

Manager Class) -

 

http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload

 

Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O20 - Winlogon Notify: jkhig - C:\WINNT\system32\jkhig.dll (file missing)

O20 - Winlogon Notify: urqoljk - urqoljk.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program

 

Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -

 

VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program

 

Files\Common Files\Command Software\dvpapi.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

 

Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

 

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

 

32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program

 

Files\iPod\bin\iPodService.exe

O23 - Service: McciContextHookSvc - Motive Communications, Inc. - C:\Program

 

Files\Common Files\Motive\McciContextHookSvc_SSR.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

O23 - Service: Pr0tected St0rage (Pr0tectedSt0rage) - Unknown owner -

 

C:\WINNT\system\lsass.exe (file missing)

O23 - Service: SBHookSvc - Motive Communications, Inc. -

 

C:\PROGRA~1\Verizon\SMARTB~1\SBHookSvc.exe

 

--

End of file - 6459 bytes

HiJackThis_Log_File_122707.txt

Share this post


Link to post
Share on other sites

Hello.brb & Welcome

 

Please download

VundoFix.exe

to your desktop.

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files,

click YES

Once you click yes, your desktop will go blank as it starts removing

Vundo.

When completed, it will prompt that it will reboot your computer,

click OK.

Please post the contents of C:\vundofix.txt

 

Gogo ;)

Share this post


Link to post
Share on other sites

VundoFix V6.7.7

 

Checking Java version...

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.10

 

Java version is 1.5.0.11

 

Scan started at 2:20:50 PM 12/29/2007

 

Listing files found while scanning....

 

C:\WINNT\system32\clefmthe.dll

C:\WINNT\system32\gihkj.bak1

C:\WINNT\system32\gihkj.bak2

C:\WINNT\system32\gihkj.ini

C:\WINNT\system32\jkhig.dll

 

Beginning removal...

 

Attempting to delete C:\WINNT\system32\gihkj.bak1

C:\WINNT\system32\gihkj.bak1 Has been deleted!

 

Attempting to delete C:\WINNT\system32\gihkj.bak2

C:\WINNT\system32\gihkj.bak2 Has been deleted!

 

Attempting to delete C:\WINNT\system32\gihkj.ini

C:\WINNT\system32\gihkj.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

 

 

 

 

Hello.brb & Welcome

 

Please download

VundoFix.exe

to your desktop.

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files,

click YES

Once you click yes, your desktop will go blank as it starts removing

Vundo.

When completed, it will prompt that it will reboot your computer,

click OK.

Please post the contents of C:\vundofix.txt

 

Gogo :wub:

Share this post


Link to post
Share on other sites
Sign in to follow this