Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
General Security
Go to first new post Security -Expert installed multiple remo ...
Go to first new post Solved: not sure?about site
Go to first new post Computer security, may have been hacked ...
Go to first new post Account Maintenance/Upgrade
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
Looking for advice

Page 2 of 6 1 2 345 Last »
Reply  
Thread Tools
millburyst's Avatar
Computer Specs
Junior Member with 1 posts.
  
Join Date: Jan 2008
Experience: Intermediate
09-Jan-2008, 08:02 PM #16
win32.trojan.killproc remove? abandon? quarantine?? or other?????????????????


{Moderator Note: **Hi millburyst- Kindly explain what you are posting about and I will try to help....you have jumped into a thread where I am helping ryanryan007..... I think you might have downloaded VundoFix and got an alert from an antivirus program, perhaps? I assure you it is a safe tool, but one that you do not want to use on your own....

if you are having malware problems, I suggest you post your Hijackthis log and a brief description of the problem in the Malware Removal forum- thanks!}
Last edited by Byteman; 09-Jan-2008 at 08:59 PM..
Register for free to hide this ad!
ryanryan007's Avatar
Member with 48 posts.
  
Join Date: Jan 2008
Experience: Beginner
10-Jan-2008, 04:20 AM #17
Uninstall log
Ad-Aware SE Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.7
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 7.10
Audacity 1.2.6
avast! Antivirus
Canon MP Drivers
Canon MP Toolbox 4.1.1.0.mp10
ConvertXtoDVD 2.0.12
Cucusoft Zune Video Converter 5.07
DivX
DivX Converter
DivX Player
DivX Web Player
Folder Lock
Hamachi 1.0.2.2
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Intel Application Accelerator
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
ISO Recorder
IsoBuster 2.2
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
LimeWire PRO 4.12.3
Magic ISO Maker v5.4 (build 0251)
MediaMonkey 2.5
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Enterprise 2007 (Beta)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Photo Premium 9
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
MOVAVI VideoSuite 3.5
Mozilla Firefox (2.0.0.11)
MP3-Info extension V3.4.23
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 6 Ultra Edition
PerfectDisk
Post-it® Digital Notes
QuickTime
RealPlayer
Realtek AC'97 Audio
Registry Mechanic 6.0
Ross Histology
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Smart Menus (Windows Live Toolbar)
Spyware Doctor 5.0
Starcraft
Steam
TuneUp Utilities 2007
TVUPlayer 2.3.4.1
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb943597)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Word 2007 (KB934173)
Ventrilo Client
VideoLAN VLC media player 0.8.4a
Westwood Shared Internet Components
Window Washer
Windows Communication Foundation
Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
Yahoo! Toolbar
Yahoo! Toolbar
Zune
ryanryan007's Avatar
Member with 48 posts.
  
Join Date: Jan 2008
Experience: Beginner
10-Jan-2008, 05:16 AM #18
Vundofix
VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 12:22:44 AM 1/10/2008

Listing files found while scanning....

C:\WINDOWS\FLV Player\uninstall.exe
C:\WINDOWS\system32\aeeasvaa.dll
C:\WINDOWS\system32\ahmhxcnc.dll
C:\WINDOWS\system32\asbdieyg.dll
C:\WINDOWS\system32\bikxmeir.dll
C:\WINDOWS\system32\bkrpbhbi.dll
C:\WINDOWS\system32\cbxwurq.dll
C:\WINDOWS\system32\cinieuhu.dll
C:\WINDOWS\system32\daigykjr.dll
C:\WINDOWS\system32\dbdwhkjd.dll
C:\WINDOWS\system32\ddcbywx.dll
C:\WINDOWS\system32\esfphwyx.dll
C:\WINDOWS\system32\eyxlwhjf.ini
C:\WINDOWS\system32\fjhwlxye.dll
C:\WINDOWS\system32\gainqhua.dll
C:\WINDOWS\system32\gwvuxydl.dll
C:\WINDOWS\system32\gyeidbsa.ini
C:\WINDOWS\system32\hoffmkhi.dll
C:\WINDOWS\system32\horygoqb.dll
C:\WINDOWS\system32\htuhxvcv.dll
C:\WINDOWS\system32\idbwxnut.dll
C:\WINDOWS\system32\ilwfefcb.dll
C:\WINDOWS\system32\iutqagki.dll
C:\WINDOWS\system32\jkiprudb.dll
C:\WINDOWS\system32\jtqdrocy.dll
C:\WINDOWS\system32\khfcdcd.dll
C:\WINDOWS\system32\lborcqrq.dll
C:\WINDOWS\system32\mljiifg.dll
C:\WINDOWS\system32\msvxcnsq.dll
C:\WINDOWS\system32\mxcwfleu.dll
C:\WINDOWS\system32\nmxgljnw.dll
C:\WINDOWS\system32\nyyxjqxk.dll
C:\WINDOWS\system32\oyiewouo.dll
C:\WINDOWS\system32\pfvrrsoh.dll
C:\WINDOWS\system32\qpqsavmg.dll
C:\WINDOWS\system32\ruxsojhm.dll
C:\WINDOWS\system32\sdaxukgi.dll
C:\WINDOWS\system32\sqlmfvwd.dll
C:\WINDOWS\system32\srcwjwyh.dll
C:\WINDOWS\system32\tmkurvqr.dll
C:\WINDOWS\system32\uoyshubt.dll
C:\WINDOWS\system32\vvgbuesh.dll
C:\WINDOWS\system32\wdgageyn.dll
C:\WINDOWS\system32\yqycqldr.dll
C:\WINDOWS\system32\yvwydwvc.dll

Beginning removal...

Attempting to delete C:\WINDOWS\FLV Player\uninstall.exe
C:\WINDOWS\FLV Player\uninstall.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\aeeasvaa.dll
C:\WINDOWS\system32\aeeasvaa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ahmhxcnc.dll
C:\WINDOWS\system32\ahmhxcnc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\asbdieyg.dll
C:\WINDOWS\system32\asbdieyg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bikxmeir.dll
C:\WINDOWS\system32\bikxmeir.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bkrpbhbi.dll
C:\WINDOWS\system32\bkrpbhbi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxwurq.dll
C:\WINDOWS\system32\cbxwurq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\cinieuhu.dll
C:\WINDOWS\system32\cinieuhu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\daigykjr.dll
C:\WINDOWS\system32\daigykjr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dbdwhkjd.dll
C:\WINDOWS\system32\dbdwhkjd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcbywx.dll
C:\WINDOWS\system32\ddcbywx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\esfphwyx.dll
C:\WINDOWS\system32\esfphwyx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eyxlwhjf.ini
C:\WINDOWS\system32\eyxlwhjf.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fjhwlxye.dll
C:\WINDOWS\system32\fjhwlxye.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gainqhua.dll
C:\WINDOWS\system32\gainqhua.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gwvuxydl.dll
C:\WINDOWS\system32\gwvuxydl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gyeidbsa.ini
C:\WINDOWS\system32\gyeidbsa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hoffmkhi.dll
C:\WINDOWS\system32\hoffmkhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\horygoqb.dll
C:\WINDOWS\system32\horygoqb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\htuhxvcv.dll
C:\WINDOWS\system32\htuhxvcv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\idbwxnut.dll
C:\WINDOWS\system32\idbwxnut.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ilwfefcb.dll
C:\WINDOWS\system32\ilwfefcb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iutqagki.dll
C:\WINDOWS\system32\iutqagki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkiprudb.dll
C:\WINDOWS\system32\jkiprudb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jtqdrocy.dll
C:\WINDOWS\system32\jtqdrocy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfcdcd.dll
C:\WINDOWS\system32\khfcdcd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lborcqrq.dll
C:\WINDOWS\system32\lborcqrq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljiifg.dll
C:\WINDOWS\system32\mljiifg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\msvxcnsq.dll
C:\WINDOWS\system32\msvxcnsq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mxcwfleu.dll
C:\WINDOWS\system32\mxcwfleu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nmxgljnw.dll
C:\WINDOWS\system32\nmxgljnw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nyyxjqxk.dll
C:\WINDOWS\system32\nyyxjqxk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oyiewouo.dll
C:\WINDOWS\system32\oyiewouo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pfvrrsoh.dll
C:\WINDOWS\system32\pfvrrsoh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qpqsavmg.dll
C:\WINDOWS\system32\qpqsavmg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ruxsojhm.dll
C:\WINDOWS\system32\ruxsojhm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sdaxukgi.dll
C:\WINDOWS\system32\sdaxukgi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sqlmfvwd.dll
C:\WINDOWS\system32\sqlmfvwd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\srcwjwyh.dll
C:\WINDOWS\system32\srcwjwyh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tmkurvqr.dll
C:\WINDOWS\system32\tmkurvqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uoyshubt.dll
C:\WINDOWS\system32\uoyshubt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vvgbuesh.dll
C:\WINDOWS\system32\vvgbuesh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wdgageyn.dll
C:\WINDOWS\system32\wdgageyn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yqycqldr.dll
C:\WINDOWS\system32\yqycqldr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yvwydwvc.dll
C:\WINDOWS\system32\yvwydwvc.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbxwurq.dll
C:\WINDOWS\system32\cbxwurq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\idbwxnut.dll
C:\WINDOWS\system32\idbwxnut.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\sqlmfvwd.dll
C:\WINDOWS\system32\sqlmfvwd.dll Has been deleted!

Performing Repairs to the registry.
Done!
Byteman's Avatar
Moderator & Malware Removal Specialist with 17,387 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Junkware Jouster
10-Jan-2008, 09:33 AM #19
Hi, Looks like you missed this part of my last reply:

Quote:
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Post the new HJThis log please.

Keep the computer off the Internet as much as possible- if you could use another computer to check messages here it will help.

Only use the infected one to get and run the fixes if possible.

There of course will be fixes that require the Internet such as online scans...

After you post that new Hijackthis log, please do this:

((Note: If you have the free version of Spyware Doctor, it will not be able to remove anything unless you purchase it. I suggest you get SUPERAntispyware Free Home edition, and keep it. You can uninstall Spyware Doctor, unless it is the paid for version and you want to continue using and subscribing to it.))

We will get and scan with SuperAntispyware now-

You should again turn off Spyware Doctor before you install SAS- and keep it off during the scan.

Download SUPERAntiSpyware Free for Home Users
alternate site
  • Double-click SUPERAntiSpyware.exe to install and use the default settings for installation.
    Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
  • Run SUPERAntiSpyware and update the definitions before scanning by selecting "Check for Udates".
  • When done, select "Scan for Harmful Software".
  • There are three scanning options available. Choose "Perform Complete Scan" and click "Next".
  • When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".
  • Place a checkmark next to items you wish to remove/quarantine and Click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked to Reboot, please do.
  • After Reboot, double-click on SuperAnti-Spyware icon on your Desktop.
  • Click Preferences, Click the Statistics/Logs Tab.
  • Under Scanner logs, Double-click SuperAnti-Spyware Scan Log.
  • It will open in your default test editor (such as Notepad or WordPad).
  • Please Highlight everything in the Notepad, then right-click and choose copy.
  • In your next reply, please post those results and include a fresh Hijackthis log.
  • Select close to exit the program.
Note: If you encounter any problems while downloading the updates, manually download and unzip them from here.


Post the log from SAS and one from Hijackthis made afterward.
__________________
Mung (computer term), the act of making several incremental changes to an item that combine to destroy it
Donate directly to help the site TSG Library
TSG's Welcome Guide- Tips, Rules, How to use TSG and more!
Last edited by Byteman; 10-Jan-2008 at 09:40 AM..
ryanryan007's Avatar
Member with 48 posts.
  
Join Date: Jan 2008
Experience: Beginner
10-Jan-2008, 01:30 PM #20
new HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:19 PM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\firefoxupdateg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\3M\PDNotes\PDNotes.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7822058A-1C84-4A8A-979A-0B1189930CA6} - C:\WINDOWS\system32\cbxwurq.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DD0C8F29-FCF5-4884-AB4C-3ECB2A4F9949} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: {27189456-efe9-6f38-5564-a5d547c9298e} - {e8929c74-5d5a-4655-83f6-9efe65498172} - C:\WINDOWS\system32\sqlmfvwd.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [firefox] firefoxupdateg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [a8ee4813] rundll32.exe "C:\WINDOWS\system32\idbwxnut.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [firefox] firefoxupdateg.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Post-it® Digital Notes.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/14ffe564...p/RdxIE601.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/...oUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...v2.0.0.10.cab?
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 9227 bytes
Byteman's Avatar
Moderator & Malware Removal Specialist with 17,387 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Junkware Jouster
10-Jan-2008, 01:51 PM #21
Hi, Do what is in my other reply about SUPERAntispyware please.

That will determine what is left to remove manually.
ryanryan007's Avatar
Member with 48 posts.
  
Join Date: Jan 2008
Experience: Beginner
11-Jan-2008, 06:19 PM #22
SAS log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/11/2008 at 03:47 AM

Application Version : 3.9.1008

Core Rules Database Version : 3377
Trace Rules Database Version: 1371

Scan type : Complete Scan
Total Scan Time : 73:78:68

Memory items scanned : 513
Memory threats detected : 2
Registry items scanned : 6523
Registry threats detected : 40
File items scanned : 47712
File threats detected : 76

Adware.Vundo-Variant/Small
C:\WINDOWS\SYSTEM32\CBXWURQ.DLL
C:\WINDOWS\SYSTEM32\CBXWURQ.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000064.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000078.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000080.DLL

Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\IDBWXNUT.DLL
C:\WINDOWS\SYSTEM32\IDBWXNUT.DLL
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\SSOULXTA.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000056.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000057.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000058.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000059.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000060.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000061.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000062.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000063.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000065.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000067.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000068.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000069.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000071.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000072.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000073.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000074.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000075.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000076.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000077.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000079.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000081.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000082.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000083.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000084.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000085.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000086.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000087.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000088.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000089.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000090.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000091.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000092.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000093.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000094.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000095.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0000096.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{19A6BFB3-6883-4B37-9088-B77B5C0438D8}\RP2\A0001017.DLL
C:\WINDOWS\SYSTEM32\GPTAMQBE.DLL
C:\WINDOWS\SYSTEM32\IOFNSJXO.DLL
C:\WINDOWS\SYSTEM32\PYCJGBMW.DLL

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{7822058A-1C84-4A8A-979A-0B1189930CA6}
HKCR\CLSID\{7822058A-1C84-4A8A-979A-0B1189930CA6}
HKCR\CLSID\{7822058A-1C84-4A8A-979A-0B1189930CA6}\InprocServer32
HKCR\CLSID\{7822058A-1C84-4A8A-979A-0B1189930CA6}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7822058A-1C84-4A8A-979A-0B1189930CA6}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{ 7822058A-1C84-4A8A-979A-0B1189930CA6}
HKCR\CLSID\{7822058A-1C84-4A8A-979A-0B1189930CA6}
C:\WINDOWS\SYSTEM32\AWTSR.DLL

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{DD0C8F29-FCF5-4884-AB4C-3ECB2A4F9949}
HKCR\CLSID\{DD0C8F29-FCF5-4884-AB4C-3ECB2A4F9949}
HKCR\CLSID\{DD0C8F29-FCF5-4884-AB4C-3ECB2A4F9949}\InprocServer32
HKCR\CLSID\{DD0C8F29-FCF5-4884-AB4C-3ECB2A4F9949}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\AWVTU.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD0C8F29-FCF5-4884-AB4C-3ECB2A4F9949}

Unclassified.Oreans32
HKLM\System\ControlSet001\Services\oreans32
C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
HKLM\System\ControlSet003\Services\oreans32
HKLM\System\CurrentControlSet\Services\oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#Active Service
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@www.zanox-affiliate[2].txt
C:\Documents and Settings\Owner\Cookies\owner@hornymatches[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bestsellerantivirus[1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.zanox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@valuesloo.8.clickshield[1].txt
C:\Documents and Settings\Owner\Cookies\owner@systemerrorfixer[2].txt
C:\Documents and Settings\Owner\Cookies\owner@secure.systemerrorfixer[1].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.popundersupply[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.realtechnetwork[1].txt
C:\Documents and Settings\Owner\Cookies\owner@statsgod[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@precisionclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.ticketsnow2[2].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt

Trojan.Unclassifed/AffiliateBundle
C:\VUNDOFIX BACKUPS\CBXWURQ.DLL.BAD
C:\VUNDOFIX BACKUPS\DDCBYWX.DLL.BAD
C:\VUNDOFIX BACKUPS\KHFCDCD.DLL.BAD
C:\VUNDOFIX BACKUPS\MLJIIFG.DLL.BAD
Byteman's Avatar
Moderator & Malware Removal Specialist with 17,387 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Junkware Jouster
11-Jan-2008, 06:28 PM #23
Hi, One reason you have most of this infection is you are using a very outdated version of Sun Java Plugin do this:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 3.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.


Also please- post a brand new Hijackthis log-
__________________
Mung (computer term), the act of making several incremental changes to an item that combine to destroy it
Donate directly to help the site TSG Library
TSG's Welcome Guide- Tips, Rules, How to use TSG and more!
ryanryan007's Avatar
Member with 48 posts.
  
Join Date: Jan 2008
Experience: Beginner
12-Jan-2008, 05:58 AM #24
New Hjt Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:47 AM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\firefoxupdateg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\3M\PDNotes\PDNotes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {27189456-efe9-6f38-5564-a5d547c9298e} - {e8929c74-5d5a-4655-83f6-9efe65498172} - C:\WINDOWS\system32\sqlmfvwd.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [firefox] firefoxupdateg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [a8ee4813] rundll32.exe "C:\WINDOWS\system32\idbwxnut.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\RunServices: [firefox] firefoxupdateg.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Post-it® Digital Notes.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/14ffe564...p/RdxIE601.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/...oUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...v2.0.0.10.cab?
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 8843 bytes



BY THE WAY..I DID ANOTHER SAS SCAN..AND I GOT LIKE ANOTHER 50 INFECTIONS..Y ARENT THEY BEING REMOVED? OR ARE THEY NEW ONES?
Byteman's Avatar
Moderator & Malware Removal Specialist with 17,387 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Junkware Jouster
12-Jan-2008, 04:03 PM #25
Hi, If you post the newest SUPERantispyware log I will take a look and compare it to the first one.

The infection you have will take more than one scan, and more than one tool, to fix.
ryanryan007's Avatar
Member with 48 posts.
  
Join Date: Jan 2008
Experience: Beginner
13-Jan-2008, 12:43 AM #26
What other tools
More than 1 tool? what other suggested programs should i use?
Byteman's Avatar
Moderator & Malware Removal Specialist with 17,387 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Junkware Jouster
13-Jan-2008, 01:10 AM #27
Hi, I was trying to calm you down.....

Quote:
BY THE WAY..I DID ANOTHER SAS SCAN..AND I GOT LIKE ANOTHER 50 INFECTIONS..Y ARENT THEY BEING REMOVED? OR ARE THEY NEW ONES?
This is a bad trojan that can recreate itself, especially if you turn off and/or restart the computer a lot, or leave it running connected to the Internet such as with broadband service which is always ON....

What I meant was, we will no doubt have to use some other scans...with SUPER A/S, and other things that I will post. But, I need to see that newest log with the 50 items.... the trojan can create new file names, for example....each time you restart.



Please try to post that SUPERantispyware log and I can tell if the things are new or the same.
__________________
Mung (computer term), the act of making several incremental changes to an item that combine to destroy it
Donate directly to help the site TSG Library
TSG's Welcome Guide- Tips, Rules, How to use TSG and more!
ryanryan007's Avatar
Member with 48 posts.
  
Join Date: Jan 2008
Experience: Beginner
13-Jan-2008, 01:11 AM #28
alrite lol
lol the caps lock was on so it would grab ur attention..not cuz i was soo worried..i just started another scan..and it seems to be much better..its almost done and its only found 2 traces so far compared to the 50 it found during its last scan
Byteman's Avatar
Moderator & Malware Removal Specialist with 17,387 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Junkware Jouster
13-Jan-2008, 01:19 AM #29
Just try not to restart, at least for tonight if you are going to be around, perhaps we can wind it up now.

As soon as this scan is finished, I need to see the other log with those 50 things, it's quite important that I have the things detected!

As well as the current scan log....and, a brand new Hijackthis log, made after this new scan, please.

It will take only a minute or so for me to post the next step, so don't go offline, and do not restart unless my directions say to.
__________________
Mung (computer term), the act of making several incremental changes to an item that combine to destroy it
Donate directly to help the site TSG Library
TSG's Welcome Guide- Tips, Rules, How to use TSG and more!
ryanryan007's Avatar
Member with 48 posts.
  
Join Date: Jan 2008
Experience: Beginner
13-Jan-2008, 01:22 AM #30
k ill stay on
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 2 of 6 1 2 345 Last »

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 10:35 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.