Solved: HJT Log Assistance Required

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

AdmiralZ

Thread Starter
Joined
Apr 1, 2005
Messages
219
Could someone take a look at my Highjack This report and tell me what I need to do to get all the crap of my system.

Logfile of HijackThis v1.99.1
Scan saved at 15:05:53, on 01/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\runservice.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Dougie_2\Local Settings\Application Data\3a5c6b29.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\psc_mon.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tiscali.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6EB2C10B-C07F-EEAD-2395-07973B88015D} - C:\WINDOWS\System32\brlaemg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [3a5c6b29.exe] C:\WINDOWS\System32\3a5c6b29.exe
O4 - HKLM\..\Run: [philkxn.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\philkxn.dll,tnvjzof
O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\System32\psc_mon.exe
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [3a5c6b29.exe] C:\Documents and Settings\Dougie_2\Local Settings\Application Data\3a5c6b29.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: GetMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\GetMP3 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
O16 - DPF: {51045741-8C4E-4EAC-8F03-08E43A6FBB29} - http://c.ancestry.com/cab/aft/AncestryFamilyTree.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110069436593
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetupml.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://intranet.bedfordschool.org.uk/tsweb/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52DE1572-A4C5-41FC-A905-F04A5B8E67AD}: NameServer = 212.139.132.4 212.139.132.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{52DE1572-A4C5-41FC-A905-F04A5B8E67AD}: NameServer = 212.139.132.4 212.139.132.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115

AdmiralZ

Thread Starter
Joined
Apr 1, 2005
Messages
219
Combofix Log:

"Dougie_2" - 07-02-01 23:37:30 Service Pack 1
ComboFix 07.01.31 - Running from: "C:\Documents and Settings\Dougie_2\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-01 to 2007-02-01 ))))))))))))))))))))))))))))))))))


2007-02-01 15:30 71,680 --a------ C:\WINDOWS\SYSTEM32\bsnchml.dll
2007-02-01 15:30 59,392 --a------ C:\WINDOWS\SYSTEM32\jwszizi.dll
2007-02-01 15:30 13,824 --a------ C:\DOCUME~1\Dougie_2\loaded.exe
2007-02-01 08:14 70,656 --a------ C:\WINDOWS\SYSTEM32\brlaemg.dll
2007-02-01 08:14 59,392 --a------ C:\WINDOWS\SYSTEM32\philkxn.dll
2007-02-01 08:14 221,184 --a------ C:\WINDOWS\SYSTEM32\psc_mon.exe
2007-01-31 13:00 95,744 --a------ C:\WINDOWS\SYSTEM32\blooetj.dll
2007-01-30 08:37 95,744 --a------ C:\WINDOWS\SYSTEM32\fbyghbg.dll
2007-01-29 23:52 96,256 --a------ C:\WINDOWS\SYSTEM32\rbspgil.dll
2007-01-29 16:39 96,256 --a------ C:\WINDOWS\SYSTEM32\jtsoomf.dll
2007-01-29 09:07 96,256 --a------ C:\WINDOWS\SYSTEM32\vsrjpkh.dll
2007-01-28 23:33 95,744 --a------ C:\WINDOWS\SYSTEM32\dykwlnf.dll
2007-01-28 20:16 96,256 --a------ C:\WINDOWS\SYSTEM32\zuwsmwi.dll
2007-01-28 13:57 95,744 --a------ C:\WINDOWS\SYSTEM32\rxdyigm.dll
2007-01-28 09:09 96,256 --a------ C:\WINDOWS\SYSTEM32\uplvigi.dll
2007-01-27 14:02 96,256 --a------ C:\WINDOWS\SYSTEM32\jmhwawm.dll
2007-01-27 10:51 96,256 --a------ C:\WINDOWS\SYSTEM32\hscxrzi.dll
2007-01-26 23:14 95,744 --a------ C:\WINDOWS\SYSTEM32\pzxsagk.dll
2007-01-26 13:01 96,768 --a------ C:\WINDOWS\SYSTEM32\iggdqxk.dll
2007-01-26 09:31 95,744 --a------ C:\WINDOWS\SYSTEM32\mwrqive.dll
2007-01-25 13:03 95,232 --a------ C:\WINDOWS\SYSTEM32\ylarqae.dll
2007-01-25 08:42 95,744 --a------ C:\WINDOWS\SYSTEM32\ogqpmml.dll
2007-01-24 08:14 96,256 --a------ C:\WINDOWS\SYSTEM32\hizuglb.dll
2007-01-23 19:38 95,232 --a------ C:\WINDOWS\SYSTEM32\lcufcem.dll
2007-01-23 16:01 95,744 --a------ C:\WINDOWS\SYSTEM32\ibnlqcb.dll
2007-01-23 12:23 95,232 --a------ C:\WINDOWS\SYSTEM32\rbfbvfe.dll
2007-01-09 23:57 112,640 --a------ C:\WINDOWS\lsb_un20.exe
2007-01-09 23:55 <DIR> d-------- C:\Program Files\Gallan
2007-01-07 02:06 <DIR> d-------- C:\Program Files\Audacity
2007-01-03 19:08 93,696 --a------ C:\WINDOWS\SYSTEM32\wdokbye.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-01 15:41 7673 --ahs---- C:\WINDOWS\SYSTEM32\mmf.sys
2007-02-01 15:05 -------- d-------- C:\Program Files\hijackthis
2007-02-01 08:26 -------- d-------- C:\DOCUME~1\Dougie_2\Application Data\adobeum
2007-01-03 10:10 93696 --a------ C:\WINDOWS\SYSTEM32\hrcopul.dll
2006-12-26 00:22 -------- d-------- C:\DOCUME~1\Dougie_2\Application Data\sports interactive
2006-12-26 00:13 -------- d-------- C:\Program Files\sports interactive
2006-12-26 00:08 -------- d-------- C:\Program Files\Common Files\installshield
2006-12-24 21:45 -------- d-------- C:\DOCUME~1\Dougie_2\Application Data\wings3d
2006-12-24 21:33 -------- d-------- C:\Program Files\wings3d_0.98.32a
2006-12-23 15:46 -------- d-------- C:\Program Files\Common Files\daz
2006-12-23 02:47 -------- d-------- C:\Program Files\daz
2006-12-21 14:44 -------- d-------- C:\Program Files\ds9
2006-12-21 00:43 94208 --a------ C:\WINDOWS\SYSTEM32\gqljkoj.dll
2006-12-21 00:22 -------- d-------- C:\Program Files\gds
2006-12-20 19:53 -------- d-------- C:\Program Files\quicktime
2006-12-20 19:39 -------- d-------- C:\Program Files\itunes
2006-12-20 19:38 -------- d-------- C:\Program Files\google
2006-12-20 19:29 -------- d-------- C:\Program Files\finepixviewer
2006-12-20 17:59 93696 --a------ C:\WINDOWS\SYSTEM32\zkmqfsi.dll
2006-12-20 14:52 -------- d-------- C:\Program Files\grisoft
2006-12-20 13:35 -------- d--h----- C:\Program Files\installshield installation information
2006-12-20 13:17 93696 --a------ C:\WINDOWS\SYSTEM32\ansfsrg.dll
2006-12-14 21:21 -------- d-------- C:\Program Files\educational simulations
2006-12-11 18:40 91648 --a------ C:\WINDOWS\SYSTEM32\vyxeevm.dll
2006-12-07 19:07 -------- d-------- C:\Program Files\ultimate defender
2006-12-05 15:07 32256 --a------ C:\WINDOWS\SYSTEM32\dzbryce6.dll
2006-12-05 15:00 6144000 --a------ C:\WINDOWS\SYSTEM32\dzcore.dll
2006-12-05 15:00 180224 --a------ C:\WINDOWS\SYSTEM32\dzwrapper.dll
2006-11-20 16:25 4984832 --a------ C:\WINDOWS\SYSTEM32\daz-qt-mt.dll
2006-11-20 16:25 1343488 --a------ C:\WINDOWS\SYSTEM32\daz-qsa.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sonic RecordNow!"=""
"atiupdate"=""
"NOMAD Detector"="\"C:\\Program Files\\Creative\\PlayCenter2\\CTNMRUN.EXE\""
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"3a5c6b29.exe"="C:\\Documents and Settings\\Dougie_2\\Local Settings\\Application Data\\3a5c6b29.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"3a5c6b29.exe"="C:\\WINDOWS\\System32\\3a5c6b29.exe"
"philkxn.dll"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\philkxn.dll,tnvjzof"
"Personal Security Center Monitor"="C:\\WINDOWS\\System32\\psc_mon.exe"
"jwszizi.dll"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\jwszizi.dll,uxdnhxb"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"_NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"ktohkhblk.exe"="C:\\WINDOWS\\system\\ktohkhblk.exe"
"rnrfv.exe"="C:\\WINDOWS\\system\\rnrfv.exe"
"msgcaplv.exe"="C:\\WINDOWS\\system\\msgcaplv.exe"
"wsmhtr.exe"="C:\\WINDOWS\\system\\wsmhtr.exe"
"rjrei.exe"="C:\\WINDOWS\\system\\rjrei.exe"
"gcilch.exe"="C:\\WINDOWS\\system\\gcilch.exe"
"wxgwd.exe"="C:\\WINDOWS\\system\\wxgwd.exe"
"krjgtman.exe"="C:\\WINDOWS\\system\\krjgtman.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a05761fd-a683-11d8-96ce-806d6172696f}]
Shell\AutoRun\command D:\autorun.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ISP signup reminder 1.job

Completion time: 07-02-01 23:47:51
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again and put a check in the following:

O2 - BHO: (no name) - {6EB2C10B-C07F-EEAD-2395-07973B88015D} - C:\WINDOWS\System32\brlaemg.dll
O4 - HKLM\..\Run: [philkxn.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\philkxn.dll,tnvjzof
O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\System32\psc_mon.exe
O4 - HKCU\..\Run: [3a5c6b29.exe] C:\Documents and Settings\Dougie_2\Local Settings\Application Data\3a5c6b29.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: GetMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\GetMP3 (file missing)

Close all applications and browser windows before you click "fix checked".


Open notepad. Copy and paste the quote box below in to the notepad.
REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
Save as select all files name it fix.reg and place it on your desktop.

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes.


1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy the entire contents of the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\DOCUME~1\Dougie_2\loaded.exe
C:\Documents and Settings\Dougie_2\Local Settings\Application Data\3a5c6b29.exe
C:\WINDOWS\lsb_un20.exe
C:\WINDOWS\system\gcilch.exe
C:\WINDOWS\system\krjgtman.exe
C:\WINDOWS\system\ktohkhblk.exe
C:\WINDOWS\system\msgcaplv.exe
C:\WINDOWS\system\rjrei.exe
C:\WINDOWS\system\rnrfv.exe
C:\WINDOWS\system\wsmhtr.exe
C:\WINDOWS\system\wxgwd.exe
C:\WINDOWS\System32\3a5c6b29.exe
C:\WINDOWS\SYSTEM32\ansfsrg.dll
C:\WINDOWS\SYSTEM32\blooetj.dll
C:\WINDOWS\SYSTEM32\brlaemg.dll
C:\WINDOWS\SYSTEM32\bsnchml.dll
C:\WINDOWS\SYSTEM32\dykwlnf.dll
C:\WINDOWS\SYSTEM32\fbyghbg.dll
C:\WINDOWS\SYSTEM32\gqljkoj.dll
C:\WINDOWS\SYSTEM32\hizuglb.dll
C:\WINDOWS\SYSTEM32\hrcopul.dll
C:\WINDOWS\SYSTEM32\hscxrzi.dll
C:\WINDOWS\SYSTEM32\ibnlqcb.dll
C:\WINDOWS\SYSTEM32\iggdqxk.dll
C:\WINDOWS\SYSTEM32\jmhwawm.dll
C:\WINDOWS\SYSTEM32\jtsoomf.dll
C:\WINDOWS\SYSTEM32\jwszizi.dll
C:\WINDOWS\SYSTEM32\lcufcem.dll
C:\WINDOWS\SYSTEM32\mwrqive.dll
C:\WINDOWS\SYSTEM32\ogqpmml.dll
C:\WINDOWS\System32\philkxn.dll
C:\WINDOWS\SYSTEM32\psc_mon.exe
C:\WINDOWS\SYSTEM32\pzxsagk.dll
C:\WINDOWS\SYSTEM32\rbfbvfe.dll
C:\WINDOWS\SYSTEM32\rbspgil.dll
C:\WINDOWS\SYSTEM32\rxdyigm.dll
C:\WINDOWS\SYSTEM32\uplvigi.dll
C:\WINDOWS\SYSTEM32\vsrjpkh.dll
C:\WINDOWS\SYSTEM32\vyxeevm.dll
C:\WINDOWS\SYSTEM32\wdokbye.dll
C:\WINDOWS\SYSTEM32\ylarqae.dll
C:\WINDOWS\SYSTEM32\zkmqfsi.dll
C:\WINDOWS\SYSTEM32\zuwsmwi.dll


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh hijackthis log.
 

AdmiralZ

Thread Starter
Joined
Apr 1, 2005
Messages
219
Open notepad. Copy and paste the quote box below in to the notepad.

Quote:
REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er\run]



Save as select all files name it fix.reg and place it on your desktop.

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes.
I can't open notepad for some reason, I press the button but nothing happens. Any idea why this could be?
 

AdmiralZ

Thread Starter
Joined
Apr 1, 2005
Messages
219
Avenger Log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ovyauijk

*******************

Script file located at: \??\C:\Documents and Settings\jvvfnhgp.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\DOCUME~1\Dougie_2\loaded.exe deleted successfully.
File C:\Documents and Settings\Dougie_2\Local Settings\Application Data\3a5c6b29.exe deleted successfully.
File C:\WINDOWS\lsb_un20.exe deleted successfully.


File C:\WINDOWS\system\gcilch.exe not found!
Deletion of file C:\WINDOWS\system\gcilch.exe failed!

Could not process line:
C:\WINDOWS\system\gcilch.exe
Status: 0xc0000034



File C:\WINDOWS\system\krjgtman.exe not found!
Deletion of file C:\WINDOWS\system\krjgtman.exe failed!

Could not process line:
C:\WINDOWS\system\krjgtman.exe
Status: 0xc0000034



File C:\WINDOWS\system\ktohkhblk.exe not found!
Deletion of file C:\WINDOWS\system\ktohkhblk.exe failed!

Could not process line:
C:\WINDOWS\system\ktohkhblk.exe
Status: 0xc0000034



File C:\WINDOWS\system\msgcaplv.exe not found!
Deletion of file C:\WINDOWS\system\msgcaplv.exe failed!

Could not process line:
C:\WINDOWS\system\msgcaplv.exe
Status: 0xc0000034



File C:\WINDOWS\system\rjrei.exe not found!
Deletion of file C:\WINDOWS\system\rjrei.exe failed!

Could not process line:
C:\WINDOWS\system\rjrei.exe
Status: 0xc0000034



File C:\WINDOWS\system\rnrfv.exe not found!
Deletion of file C:\WINDOWS\system\rnrfv.exe failed!

Could not process line:
C:\WINDOWS\system\rnrfv.exe
Status: 0xc0000034



File C:\WINDOWS\system\wsmhtr.exe not found!
Deletion of file C:\WINDOWS\system\wsmhtr.exe failed!

Could not process line:
C:\WINDOWS\system\wsmhtr.exe
Status: 0xc0000034



File C:\WINDOWS\system\wxgwd.exe not found!
Deletion of file C:\WINDOWS\system\wxgwd.exe failed!

Could not process line:
C:\WINDOWS\system\wxgwd.exe
Status: 0xc0000034

File C:\WINDOWS\System32\3a5c6b29.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\ansfsrg.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\blooetj.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\brlaemg.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\bsnchml.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\dykwlnf.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\fbyghbg.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\gqljkoj.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\hizuglb.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\hrcopul.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\hscxrzi.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\ibnlqcb.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\iggdqxk.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\jmhwawm.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\jtsoomf.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\jwszizi.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\lcufcem.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\mwrqive.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\ogqpmml.dll deleted successfully.
File C:\WINDOWS\System32\philkxn.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\psc_mon.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\pzxsagk.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\rbfbvfe.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\rbspgil.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\rxdyigm.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\uplvigi.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\vsrjpkh.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\vyxeevm.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\wdokbye.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\ylarqae.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\zkmqfsi.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\zuwsmwi.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
 

AdmiralZ

Thread Starter
Joined
Apr 1, 2005
Messages
219
HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 14:41:05, on 03/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\runservice.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tiscali.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4218C234-8B55-7B5C-0DC4-02C4E551896C} - C:\WINDOWS\System32\lfzglqc.dll
O2 - BHO: (no name) - {51771211-D409-F4D9-CF59-00504F895E21} - C:\WINDOWS\System32\bsnchml.dll (file missing)
O2 - BHO: (no name) - {5313DACB-4196-E725-3542-0B2D5DFF4498} - C:\WINDOWS\System32\blamntj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [3a5c6b29.exe] C:\WINDOWS\System32\3a5c6b29.exe
O4 - HKLM\..\Run: [jwszizi.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\jwszizi.dll,uxdnhxb
O4 - HKLM\..\Run: [hcbzwfd.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\hcbzwfd.dll,lqwjbwc
O4 - HKLM\..\Run: [fqznfrb.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\fqznfrb.dll,jdcdgob
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {B93AC13A-2E2F-428c-A426-2C131FAD7305} - (no file) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
O16 - DPF: {51045741-8C4E-4EAC-8F03-08E43A6FBB29} - http://c.ancestry.com/cab/aft/AncestryFamilyTree.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110069436593
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetupml.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://intranet.bedfordschool.org.uk/tsweb/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52DE1572-A4C5-41FC-A905-F04A5B8E67AD}: NameServer = 212.139.132.21 212.139.132.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{52DE1572-A4C5-41FC-A905-F04A5B8E67AD}: NameServer = 212.139.132.21 212.139.132.20
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 

AdmiralZ

Thread Starter
Joined
Apr 1, 2005
Messages
219
And, thanks for the notepad thing, I been trying to find a solution to that for a while!
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware as follows:
1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?" check all (default).
  • Under "Possibly unwanted software" check all (default).
  • Under "What to Scan?" make sure "Scan every file" is selected (default).
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

Note: If AVG Anti-Spyware "crashes" or "hangs" during the scan, try scanning again by doing this:
1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.

2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.
 

AdmiralZ

Thread Starter
Joined
Apr 1, 2005
Messages
219
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

A V G A n t i - S p y w a r e - S c a n R e p o r t

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



+ C r e a t e d a t : 1 7 : 1 6 : 3 8 0 5 / 0 2 / 2 0 0 7



+ S c a n r e s u l t :







H K U \ S - 1 - 5 - 2 1 - 1 9 6 7 2 9 8 9 0 8 - 2 8 5 1 8 1 1 6 0 9 - 1 9 8 1 6 1 7 4 9 6 - 1 0 0 9 \ S o f t w a r e \ C l a s s e s \ C L S I D \ { 0 0 C E A F 8 F - B F 5 9 - 4 2 9 b - A 1 D 9 - 9 1 C 8 8 C C F E 9 4 B } - > A d w a r e . A B X T o o l b a r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

H K U \ S - 1 - 5 - 2 1 - 1 9 6 7 2 9 8 9 0 8 - 2 8 5 1 8 1 1 6 0 9 - 1 9 8 1 6 1 7 4 9 6 - 1 0 0 9 _ C l a s s e s \ C L S I D \ { 0 0 C E A F 8 F - B F 5 9 - 4 2 9 b - A 1 D 9 - 9 1 C 8 8 C C F E 9 4 B } - > A d w a r e . A B X T o o l b a r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 2 9 \ A 0 0 1 4 7 4 4 . e x e - > A d w a r e . U l t i m a t e D e f e n d e r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ a v e n g e r \ b a c k u p . z i p / a v e n g e r / p s c _ m o n . e x e - > A d w a r e . U l t i m a t e D e f e n d e r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ a v e n g e r \ b a c k u p - 0 3 . 0 2 . 2 0 0 7 - 1 4 . 3 8 . 3 0 . 1 5 . z i p / a v e n g e r / a n s f s r g . d l l - > D o w n l o a d e r . B u s k y : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ a v e n g e r \ b a c k u p - 0 3 . 0 2 . 2 0 0 7 - 1 4 . 3 8 . 3 0 . 1 5 . z i p / a v e n g e r / h n u j v p c . d l l - > D o w n l o a d e r . B u s k y : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 0 6 \ A 0 0 1 0 5 2 2 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 0 6 \ A 0 0 1 0 5 4 1 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 0 7 \ A 0 0 1 0 5 6 1 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 0 7 \ A 0 0 1 0 5 8 1 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 0 7 \ A 0 0 1 0 6 1 6 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 0 8 \ A 0 0 1 0 6 4 0 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 0 9 \ A 0 0 1 0 6 5 7 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 0 9 \ A 0 0 1 0 6 8 2 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 0 \ A 0 0 1 0 7 0 9 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 0 \ A 0 0 1 0 7 2 2 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 1 \ A 0 0 1 0 7 4 5 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 2 \ A 0 0 1 1 7 5 2 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 2 \ A 0 0 1 1 7 7 4 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 3 \ A 0 0 1 1 7 9 7 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 3 \ A 0 0 1 1 8 1 1 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 4 \ A 0 0 1 1 8 4 9 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 4 \ A 0 0 1 1 8 7 4 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 4 \ A 0 0 1 1 9 0 0 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 5 \ A 0 0 1 1 9 1 5 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 5 \ A 0 0 1 2 9 1 5 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 5 \ A 0 0 1 2 9 2 6 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 6 \ A 0 0 1 2 9 8 7 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 6 \ A 0 0 1 3 0 5 7 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 7 \ A 0 0 1 3 1 3 6 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 7 \ A 0 0 1 3 1 4 7 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 2 9 \ A 0 0 1 4 7 3 0 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 2 9 \ A 0 0 1 4 7 5 2 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ a v e n g e r \ b a c k u p . z i p / a v e n g e r / h r c o p u l . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ a v e n g e r \ b a c k u p . z i p / a v e n g e r / w d o k b y e . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ m s n p o r t a l . 1 1 2 . 2 o 7 [ 1 ] . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ a d r e v o l v e r [ 2 ] . t x t - > T r a c k i n g C o o k i e . A d r e v o l v e r : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ a d t e c h [ 2 ] . t x t - > T r a c k i n g C o o k i e . A d t e c h : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ a d v e r t i s i n g [ 1 ] . t x t - > T r a c k i n g C o o k i e . A d v e r t i s i n g : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ a d v i v a [ 2 ] . t x t - > T r a c k i n g C o o k i e . A d v i v a : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ a t d m t [ 2 ] . t x t - > T r a c k i n g C o o k i e . A t d m t : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ b l u e s t r e a k [ 2 ] . t x t - > T r a c k i n g C o o k i e . B l u e s t r e a k : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ d o u b l e c l i c k [ 1 ] . t x t - > T r a c k i n g C o o k i e . D o u b l e c l i c k : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ a d o p t . e u r o c l i c k [ 2 ] . t x t - > T r a c k i n g C o o k i e . E u r o c l i c k : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ m e d i a p l e x [ 1 ] . t x t - > T r a c k i n g C o o k i e . M e d i a p l e x : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ b s . s e r v i n g - s y s [ 1 ] . t x t - > T r a c k i n g C o o k i e . S e r v i n g - s y s : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ s e r v i n g - s y s [ 2 ] . t x t - > T r a c k i n g C o o k i e . S e r v i n g - s y s : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ a d . y i e l d m a n a g e r [ 1 ] . t x t - > T r a c k i n g C o o k i e . Y i e l d m a n a g e r : C l e a n e d .

C : \ W I N D O W S \ S Y S T E M 3 2 \ o u t . d l l - > T r o j a n . A g e n t . a d l : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .





: : R e p o r t e n d
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Please post your HJT log again and let's get that cleaned up.
 

AdmiralZ

Thread Starter
Joined
Apr 1, 2005
Messages
219
Logfile of HijackThis v1.99.1
Scan saved at 01:57:13, on 06/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\runservice.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tiscali.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4218C234-8B55-7B5C-0DC4-02C4E551896C} - C:\WINDOWS\System32\lfzglqc.dll
O2 - BHO: (no name) - {51771211-D409-F4D9-CF59-00504F895E21} - C:\WINDOWS\System32\bsnchml.dll (file missing)
O2 - BHO: (no name) - {5313DACB-4196-E725-3542-0B2D5DFF4498} - C:\WINDOWS\System32\blamntj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [3a5c6b29.exe] C:\WINDOWS\System32\3a5c6b29.exe
O4 - HKLM\..\Run: [jwszizi.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\jwszizi.dll,uxdnhxb
O4 - HKLM\..\Run: [hcbzwfd.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\hcbzwfd.dll,lqwjbwc
O4 - HKLM\..\Run: [fqznfrb.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\fqznfrb.dll,jdcdgob
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
O16 - DPF: {51045741-8C4E-4EAC-8F03-08E43A6FBB29} - http://c.ancestry.com/cab/aft/AncestryFamilyTree.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110069436593
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetupml.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://intranet.bedfordschool.org.uk/tsweb/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52DE1572-A4C5-41FC-A905-F04A5B8E67AD}: NameServer = 212.139.132.21 212.139.132.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{52DE1572-A4C5-41FC-A905-F04A5B8E67AD}: NameServer = 212.139.132.21 212.139.132.20
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again and put a check in the following:

O2 - BHO: (no name) - {4218C234-8B55-7B5C-0DC4-02C4E551896C} - C:\WINDOWS\System32\lfzglqc.dll
O2 - BHO: (no name) - {51771211-D409-F4D9-CF59-00504F895E21} - C:\WINDOWS\System32\bsnchml.dll (file missing)
O2 - BHO: (no name) - {5313DACB-4196-E725-3542-0B2D5DFF4498} - C:\WINDOWS\System32\blamntj.dll
O4 - HKLM\..\Run: [3a5c6b29.exe] C:\WINDOWS\System32\3a5c6b29.exe
O4 - HKLM\..\Run: [jwszizi.dll] C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\jwszizi.dll,uxdnhxb
O4 - HKLM\..\Run: [hcbzwfd.dll] C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\hcbzwfd.dll,lqwjbwc
O4 - HKLM\..\Run: [fqznfrb.dll] C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\fqznfrb.dll,jdcdgob

Close all applications and browser windows before you click "fix checked".


Double-click on Killbox.exe to run it.
Put a tick by Delete on Reboot.
Copy the following list of files to clipboard, CTRL+C to copy

C:\WINDOWS\System32\jwszizi.dll
C:\WINDOWS\System32\3a5c6b29.exe
C:\WINDOWS\System32\lfzglqc.dll


Now in Killbox go to File, Paste from clipboard.
Click the All Files button.
Click on the button that has the red circle with the X in the middle.
It will ask for confimation to delete the file.
Click Yes.
It will ask if you want to reboot now,
Click Yes.

Note: It is possible that Killbox will tell you that the file does not exist.

If your computer does not restart automatically then please restart it manually.
If you get an error message "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.




Click Here and download Killbox and save it to your desktop.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


Run Panda ActiveScan here

Once you are on the Panda site click the "Scan your PC" button.
A new window will open... click the "Check Now" button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address.
Select either Home User or Company.
Click the big "Scan Now" button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes).
When download is complete, click on "Local Disks" to start the scan.
When the scan completes, if anything malicious is detected, click the "See Report" button; then "Save Report" and save it to a convenient location. Post the contents of the Panda scan report in your next reply.


Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Don&#8217;t do anything with it yet!


Reboot to safe mode.


Double click WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient and let it complete.

Reboot to normal mode.

  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Copy and paste WinPFind.txt in your next post here please.
se the Add Reply button and Copy/Paste the information back here in your next reply.
 

AdmiralZ

Thread Starter
Joined
Apr 1, 2005
Messages
219
Vundo Report:

VundoFix V6.3.5

Checking Java version...

Java version is 1.4.2.3

Java version is 1.5.0.9

Scan started at 00:28:12 07/02/2007

Listing files found while scanning....

No infected files were found.
PS: I find it highly unlikely that this is true.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top