There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
audio bios blue screen boot bsod computer connection crash dcom dell driver drivers email error excel firefox freeze google hard drive hardware hijackthis internet keyboard laptop logon logs off macro malware microsoft motherboard network problem ram recovery router screen slow software sound trojan usb userinit.exe virus vista wifi windows windows 7 windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
please help (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
pflyer05's Avatar
Computer Specs
Junior Member with 5 posts.
  
Join Date: May 2007
Experience: Advanced
08-May-2007, 08:52 PM #1
please help
Hello, ive been browsing on here and have seen some advice on removing this pain in the a$$. however ive noticed everybody posts a hijack this log so i thought i should too. Also i am running Panda anti-virus platinum 2007, Previx1 adware watcher and Bulletproof spyware remover. Panda keeps popping up stating it has found the vttc.exe file in c:\windows\vttc.exe
and it is going to remove it, but i think it keeps reinserting itself. here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 12:24:53 AM, on 5/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WMP54GX.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1160365455\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\retadpu1000140.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\BPS Remover\BPSRem.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\psimreal.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Peter\Local Settings\Temp\HijackThis.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\avciman.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb103\Dealio.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160365455\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000140.exe 61A847B5BBF72813329B385776F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F 310
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\ciprkiwp.dll",realset
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BPS Remover] C:\Program Files\BPS Remover\SpyRem.exe
O4 - HKCU\..\Run: [BPS Spyware Remover] C:\Program Files\BPS Remover\BPSRem.exe /STARTUP
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb103\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D92D7607-05D9-4DD8-B68B-D458948FB883} (QuickBooks Online Edition Utilities Class v7) - https://accounting.quickbooks.com/v11.279/qboax7.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: WMP54GXSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe" "WMP54GX.exe (file missing)
Register for free to hide this ad!
cybertech's Avatar
Computer Specs
Moderator with 68,814 posts.
  
Join Date: Apr 2002
Location: Washington State
09-May-2007, 01:10 PM #2
Hi, Welcome to TSG!!

Please move hijackthis.exe into a permanent folder.

To create a permanent folder click My Computer, then C:\
In the menu bar click on File, New, Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder.
Put your HijackThis.exe into that folder.


Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Download this tool to your desktop:
http://www.uploads.ejvindh.net/rootchk.exe
Run the program. After a short time a logfile will turn up. Copy the contents of the log into the thread.

Notice: Some security-programs prevent the creation of dummy drivers with certain names. This may cause false positives. If the log of rootchk contains a lot of hidden drivers, you may want to turn of your security programs while rootchk is scanning (you should then unhook your network connection as well)
__________________
Microsoft MVP/Windows - Consumer Security
pflyer05's Avatar
Computer Specs
Junior Member with 5 posts.
  
Join Date: May 2007
Experience: Advanced
12-May-2007, 12:19 AM #3
k...here is the logs:

********************************* ROOTCHK-(02-05-07)-LOG, by ejvindh
Fri 05/11/2007 21:08:08.17

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-11 21:08:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0



"z" - 2007-05-11 20:53:38 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Program Files\Mozilla Firefox\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\vtusqqn.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\b.exe
C:\Program Files\outlook\p.zip
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\Program Files\inetget2
C:\Program Files\ipwindows
C:\Program Files\outlook
C:\Program Files\web buying
C:\WINDOWS\system32\drivers\core.sys


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-11 ))))))))))))))))))))))))))))))))))


2007-05-11 20:48 <DIR> d-------- C:\Highjack This
2007-05-09 17:27 <DIR> d-------- C:\DOCUME~1\z\APPLIC~1\Dealio
2007-05-09 12:56 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-08 16:50 <DIR> d-------- C:\VundoFix Backups
2007-05-08 16:32 <DIR> d-------- C:\DOCUME~1\z\APPLIC~1\Jasc Software Inc
2007-05-08 16:31 <DIR> d-------- C:\DOCUME~1\Peter\Shared
2007-05-08 16:04 <DIR> d-------- C:\DOCUME~1\z\APPLIC~1\Prevx
2007-05-08 16:03 1,572,864 --ah----- C:\DOCUME~1\z\NTUSER.DAT
2007-05-08 16:03 <DIR> d-------- C:\DOCUME~1\z\APPLIC~1\Sonic
2007-05-07 12:01 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-07 02:39 <DIR> d-------- C:\DOCUME~1\DEVINE~1\APPLIC~1\Prevx
2007-05-07 01:49 <DIR> d-------- C:\DOCUME~1\Peter\APPLIC~1\Prevx
2007-05-07 01:29 <DIR> d-------- C:\DOCUME~1\Rory\APPLIC~1\Prevx
2007-05-07 01:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2007-05-07 01:27 77,312 --a------ C:\WINDOWS\ua2.dll
2007-05-06 23:52 512,688 --a------ C:\WINDOWS\SYSTEM32\XceedCry.dll
2007-05-06 23:52 423,784 --a------ C:\WINDOWS\SYSTEM32\XceedBkp.dll
2007-05-06 23:52 101,888 --a------ C:\WINDOWS\SYSTEM32\VB6STKIT.DLL
2007-05-06 20:18 1,466,882 ---hs---- C:\WINDOWS\SYSTEM32\hjjlm.ini2
2007-05-06 18:27 <DIR> d-------- C:\Program Files\BulletProofSoft.com
2007-05-06 18:12 <DIR> d-------- C:\DOCUME~1\Peter\Incomplete
2007-05-06 17:37 <DIR> d-------- C:\Program Files\Windows Defender
2007-05-06 17:26 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-05-06 17:05 1,465,473 ---hs---- C:\WINDOWS\SYSTEM32\hjjlm.bak2
2007-05-06 15:05 1,468,359 ---hs---- C:\WINDOWS\SYSTEM32\hjjlm.bak1
2007-05-06 14:13 71,680 --------- C:\WINDOWS\SYSTEM32\DRIVERS\PAVDRV51.SYS
2007-05-06 14:13 248 --a------ C:\WINDOWS\SYSTEM32\PavCPL.dat
2007-05-06 14:13 <DIR> d-------- C:\WINDOWS\SYSTEM32\PAV
2007-05-06 14:12 45,056 --a------ C:\WINDOWS\SYSTEM32\avldr.dll
2007-05-06 14:12 <DIR> d-------- C:\Program Files\Panda Software
2007-05-06 13:54 245,760 --a------ C:\WINDOWS\SYSTEM32\rlxf.dll
2007-05-06 13:52 8,464 --a------ C:\WINDOWS\SYSTEM32\sporder.dll
2007-05-06 13:52 32,768 --a------ C:\WINDOWS\SYSTEM32\setup9x_exe.vir
2007-05-06 13:52 167 --a------ C:\WINDOWS\SYSTEM32\6265.bat
2007-05-06 13:52 109,359 --a------ C:\WINDOWS\SYSTEM32\app.exe
2007-05-06 13:52 <DIR> d--hs---- C:\DOCUME~1\Rory\Complete
2007-05-06 13:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\smpi1
2007-05-06 13:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\SBO
2007-05-06 13:52 <DIR> d-------- C:\TEMP\tn3
2007-05-06 13:52 <DIR> d-------- C:\TEMP\17O7
2007-05-06 13:52 <DIR> d-------- C:\Program Files\Dealio
2007-05-06 13:51 0 --a------ C:\WINDOWS\SYSTEM32\taskkill.exe
2007-04-27 00:12 <DIR> d-------- C:\DOCUME~1\Peter\APPLIC~1\Apple Computer
2007-04-25 23:45 <DIR> d-------- C:\WINDOWS\FSX Flight Weather Report
2007-04-25 23:45 <DIR> d-------- C:\Program Files\FSX Flight Weather Report
2007-04-25 23:06 <DIR> d-------- C:\DOCUME~1\Peter\APPLIC~1\MySpace
2007-04-20 22:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-11 21:08:00 -------- d-----w C:\Program Files\Full Tilt Poker
2007-05-08 23:31:10 -------- d-----w C:\Program Files\LimeWire
2007-05-07 01:55:51 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-25 01:38:01 -------- d-----w C:\Program Files\Microsoft Games
2007-03-20 21:24:40 -------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-03-20 00:18:14 -------- d-----w C:\Program Files\iTunes
2007-03-20 00:18:02 -------- d-----w C:\Program Files\iPod
2007-03-20 00:13:56 -------- d-----w C:\Program Files\Apple Software Update
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-11 11:47:24 -------- d-----w C:\Program Files\AOL games
2007-03-10 05:02:50 -------- d-----w C:\Program Files\QuickTime
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-08 12:49:33 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-02-10 05:52:29 173,356 ----a-w C:\WINDOWS\Embraer ERJ-145 Uninstaller.exe
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects]
"{0B311916-A2DF-401B-8AD1-9EA8E2711E7C}"="C:\Program Files\Internet Explorer\satedip.dll" [x]
"{1BBB5F9D-A117-47BE-9462-37240BD14618}"="C:\WINDOWS\system32\shnifydn.dll" [x]
"{53798690-0E7E-4D12-D1A9-9951E3F4F15B}"="C:\Program Files\Windows Media Player\woguwyqag.dll"
"{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}"="C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll"
"{5839A01F-3C40-42DC-BFE9-DFD319FEB10C}"="C:\Program Files\Internet Explorer\satedip.dll" [x]
"{5CA3D70E-1895-11CF-8E15-001234567890}"="C:\WINDOWS\system32\dla\tfswshx.dll"
"{6A87B991-A31F-4130-AE72-6D0C294BF082}"="C:\Program Files\Dealio\kb104\Dealio.dll"
"{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}"="C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll"
"{8D478CC6-0B80-493A-9E43-E8A209ADAFCa}"="C:\WINDOWS\system32\shnifydn.dll" [x]
"{C318CD44-E327-4377-A28E-6EC16A921AE8}"="C:\Program Files\Web Buying\v1.6.8\webbuying.dll" [x]
"{C4F587BA-B601-4BAB-BBDD-64BF7896F523}"="C:\WINDOWS\system32\shnifydn.dll" [x]
"{CBB91EC8-664E-4A0E-8FF6-44EE24EF5EC8}"="C:\WINDOWS\system32\shnifydn.dll" [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1160365455\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"au"="C:\\Program Files\\Dealio\\DealioAU.exe"
"APVXDWIN"="\"C:\\Program Files\\Panda Software\\Panda Antivirus 2007\\APVXDWIN.EXE\" /s"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sonic RecordNow!"=""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcdedd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjh

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^america online 9.0 tray icon.lnk
C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^limewire 4.0.5.lnk
C:\Program Files\LimeWire\LimeWire 4.0.5\LimeWire.exe -startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^microsoft office.lnk
C:\PROGRA~1\MICROS~4\Office10\OSA.EXE -b -l

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^winzip quick pick.lnk
C:\PROGRA~1\WinZip\WZQKPICK.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^zonealarm pro.lnk
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe -nopopup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aim
C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aol spyware protection
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aoldialer
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avg7_cc
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avg7_emc
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bart station
C:\Program Files\ISP50\BIN\PPCOLink -STATION

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dell aio printer a940
"C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla
C:\WINDOWS\system32\dla\tfswctrl.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvdsentry
C:\WINDOWS\System32\DSentry.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hostmanager
C:\Program Files\Common Files\AOL\1127427062\ee\AOLHostManager.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hotkeyscmds
C:\WINDOWS\System32\hkcmd.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray
C:\WINDOWS\System32\igfxtray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\intelmem
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\microsoft works update detection
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtray
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs
"C:\Program Files\Messenger\msmsgs.exe" /background

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcmservice
"C:\Program Files\Dell\Media Experience\PCMService.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppcrunonce
C:\WINDOWS\system32\PPCRunOnce.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\propel accelerator
"C:\PROGRA~1\PEOPLE~3\PropelAC.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realtray
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sonic recordnow!


HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\storageguard
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\update service
C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\viewmgr
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\virusscan online
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vsochecktask
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\weather
C:\Program Files\AWS\WeatherBug\Weather.EXE 1

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\weathercast
"C:\Program Files\WeatherCast\Weather.exe" /q

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\whenusave
"C:\Program Files\Save\Save.exe"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0
WudfServiceGroup WUDFSvc\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_GTNDIS5


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-11 21:04:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-11 21:05:02 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-11 21:05


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:50:33 PM, on 5/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WMP54GX.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1160365455\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\z\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B311916-A2DF-401B-8AD1-9EA8E2711E7C} - C:\Program Files\Internet Explorer\satedip.dll (file missing)
O2 - BHO: (no name) - {1BBB5F9D-A117-47BE-9462-37240BD14618} - C:\WINDOWS\system32\shnifydn.dll (file missing)
O2 - BHO: 0 - {53798690-0E7E-4D12-D1A9-9951E3F4F15B} - C:\Program Files\Windows Media Player\woguwyqag.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: (no name) - {5839A01F-3C40-42DC-BFE9-DFD319FEB10C} - C:\Program Files\Internet Explorer\satedip.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb104\Dealio.dll
O2 - BHO: (no name) - {6EAD88BF-B96D-456E-86F6-E7C5DC86216C} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8D478CC6-0B80-493A-9E43-E8A209ADAFCa} - C:\WINDOWS\system32\shnifydn.dll (file missing)
O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll (file missing)
O2 - BHO: (no name) - {C4F587BA-B601-4BAB-BBDD-64BF7896F523} - C:\WINDOWS\system32\shnifydn.dll (file missing)
O2 - BHO: (no name) - {CA2CFBDE-0F94-491B-9286-00C60C553954} - (no file)
O2 - BHO: (no name) - {CBB91EC8-664E-4A0E-8FF6-44EE24EF5EC8} - C:\WINDOWS\system32\shnifydn.dll (file missing)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\hgptkuuw.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb104\Dealio.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160365455\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3553334939-3839644652-2194750355-1007\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp (User '?')
O4 - HKUS\S-1-5-21-3553334939-3839644652-2194750355-1007\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup (User '?')
O4 - HKUS\S-1-5-21-3553334939-3839644652-2194750355-1007\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\S-1-5-21-3553334939-3839644652-2194750355-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3553334939-3839644652-2194750355-1007\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User '?')
O4 - HKUS\S-1-5-21-3553334939-3839644652-2194750355-1007\..\Run: [POPUPWATCH] C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe /STARTUP (User '?')
O4 - HKUS\S-1-5-21-3553334939-3839644652-2194750355-1011\..\Run: [Sonic RecordNow!] (User '?')
O4 - HKUS\S-1-5-21-3553334939-3839644652-2194750355-1012\..\Run: [Sonic RecordNow!] (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-21-3553334939-3839644652-2194750355-1007 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\z\Application Data\Dealio\kb104\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb104\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb104\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D92D7607-05D9-4DD8-B68B-D458948FB883} (QuickBooks Online Edition Utilities Class v7) - https://accounting.quickbooks.com/v11.279/qboax7.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: efcdedd - C:\WINDOWS\
O20 - Winlogon Notify: mljjh - C:\WINDOWS\
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: WMP54GXSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe

--
End of file - 10503 bytes
cybertech's Avatar
Computer Specs
Moderator with 68,814 posts.
  
Join Date: Apr 2002
Location: Washington State
12-May-2007, 02:24 PM #4
Run HJT again and put a check in the following:

O2 - BHO: (no name) - {0B311916-A2DF-401B-8AD1-9EA8E2711E7C} - C:\Program Files\Internet Explorer\satedip.dll (file missing)
O2 - BHO: (no name) - {1BBB5F9D-A117-47BE-9462-37240BD14618} - C:\WINDOWS\system32\shnifydn.dll (file missing)
O2 - BHO: 0 - {53798690-0E7E-4D12-D1A9-9951E3F4F15B} - C:\Program Files\Windows Media Player\woguwyqag.dll
O2 - BHO: (no name) - {5839A01F-3C40-42DC-BFE9-DFD319FEB10C} - C:\Program Files\Internet Explorer\satedip.dll (file missing)
O2 - BHO: (no name) - {6EAD88BF-B96D-456E-86F6-E7C5DC86216C} - (no file)
O2 - BHO: (no name) - {8D478CC6-0B80-493A-9E43-E8A209ADAFCa} - C:\WINDOWS\system32\shnifydn.dll (file missing)
O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll (file missing)
O2 - BHO: (no name) - {C4F587BA-B601-4BAB-BBDD-64BF7896F523} - C:\WINDOWS\system32\shnifydn.dll (file missing)
O2 - BHO: (no name) - {CA2CFBDE-0F94-491B-9286-00C60C553954} - (no file)
O2 - BHO: (no name) - {CBB91EC8-664E-4A0E-8FF6-44EE24EF5EC8} - C:\WINDOWS\system32\shnifydn.dll (file missing)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\hgptkuuw.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O20 - Winlogon Notify: efcdedd - C:\WINDOWS\
O20 - Winlogon Notify: mljjh - C:\WINDOWS\

Close all applications and browser windows before you click "fix checked".



Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.


Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
  • Click Close to exit the program.
__________________
Microsoft MVP/Windows - Consumer Security
pflyer05's Avatar
Computer Specs
Junior Member with 5 posts.
  
Join Date: May 2007
Experience: Advanced
15-May-2007, 02:02 AM #5
ok so here is the new log...however previx1 still says it is "capturing" A0211414.DLL, A0212492, SWSC.EXE.......


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:57:12 PM, on 5/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1160365455\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WMP54GX.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Highjack This\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160365455\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D92D7607-05D9-4DD8-B68B-D458948FB883} (QuickBooks Online Edition Utilities Class v7) - https://accounting.quickbooks.com/v11.279/qboax7.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: WMP54GXSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe

--
End of file - 7231 bytes
cybertech's Avatar
Computer Specs
Moderator with 68,814 posts.
  
Join Date: Apr 2002
Location: Washington State
15-May-2007, 01:04 PM #6
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please post the resulting log here as an attachment.
__________________
Microsoft MVP/Windows - Consumer Security
Closed Thread Bookmark and Share   techguy.org/571278

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 01:36 PM.
Copyright © 1996 - 2010 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2010, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.