1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: mllmm.dll

Discussion in 'Virus & Other Malware Removal' started by piggy40, Jun 30, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. piggy40

    piggy40 Thread Starter

    Joined:
    Jun 30, 2007
    Messages:
    7
    ive also got this nasty, to save a bit of time i'll copy/paste from my post on another forum.
    this is a list of what i was attacked with
    trojans:
    nebular
    dropper
    horse
    vundo
    backdoor
    lowzones
    also:
    downloader
    downloader.misleadapp
    winfixer
    drivecleaner
    adware.maxsearch
    adware.purityscan
    adware.starware
    infostealer.ldpinch

    there is still something wrong but norton, spydoctor, adaware can't find it, i did what keith advised and disabled all add ons and this allows me to use the pc as normal but what i have noticed is that every time i start pc something adds mllmm.dll to add ons, this ticks work offline so i have to untick and restart explorer before i can get online, does this sound familiar to anyone? any help/advice would be greatly appreciated.

    after this post thankfully i was directed here.
    a small piece of advice for any1 else in the same position do disable all add ons then after starting/rebooting open IE go to tools untick work offline then tools - manage add ons you'll find at the bottom mllmm.dll has enabled itself disable it and your pc will run much much better, close IE , open your internet connection then restart IE. you can then work normally for quite a while until trojans start hitting you, if off to get hjt and will post log so hopefully some1 can help me.
    all the best.....martin
     
  2. piggy40

    piggy40 Thread Starter

    Joined:
    Jun 30, 2007
    Messages:
    7
    Logfile of HijackThis v1.99.1
    Scan saved at 15:10:23, on 30/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\system32\svchost.exe
    I:\Program Files\Spyware Doctor\svcntaux.exe
    I:\Program Files\Spyware Doctor\swdsvc.exe
    I:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [RaidTool] I:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [AudioDeck] I:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [FlashIcon] I:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "I:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [YOP] I:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] I:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] I:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [mmtask] I:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] I:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [wfmlibal.exe] I:\Documents and Settings\All Users\Application Data\wfmlibal.exe
    O4 - HKLM\..\Run: [SC2] I:\WINDOWS\system32\scchk32.exe
    O4 - HKLM\..\Run: [SDTray] "I:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [avp] I:\WINDOWS\TEMP\win76.tmp.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "I:\WINDOWS\system32\yvxiirio.dll",forkonce
    O4 - HKLM\..\RunServices: [DJSNetCN] I:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O4 - HKCU\..\Run: [NBJ] "I:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [CTSyncU.exe] "I:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [MtdAcqu] "I:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = I:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OpenOffice.org 2.0.lnk = I:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = I:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - I:\Program Files\bet365MPP\MPPoker.exe
    O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - I:\Program Files\ladbrokesMPP\MPPoker.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - I:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - I:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - I:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - I:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - I:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - I:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - I:\Program Files\Yahoo!\NAV\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - I:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - I:\Program Files\Yahoo!\NAV\SAVScan.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - I:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - I:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - I:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: YPCService - Yahoo! Inc. - I:\WINDOWS\system32\YPCSER~1.EXE
     
  3. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    If you have vundofix, remove it and get the current version

    Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
    Double-click VundoFix.exe to run it.
    click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

    Please let Vundo finish its thing, sometimes it can take multiple passes
    ====================
    Download Superantispyware (SAS)

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.
     
  4. piggy40

    piggy40 Thread Starter

    Joined:
    Jun 30, 2007
    Messages:
    7
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/30/2007 at 09:00 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3263
    Trace Rules Database Version: 1274

    Scan type : Complete Scan
    Total Scan Time : 00:48:51

    Memory items scanned : 682
    Memory threats detected : 2
    Registry items scanned : 6248
    Registry threats detected : 34
    File items scanned : 35782
    File threats detected : 67

    Trojan.Downloader-Gen/AVP
    I:\WINDOWS\TEMP\WIN76.TMP.EXE
    I:\WINDOWS\TEMP\WIN76.TMP.EXE
    [avp] I:\WINDOWS\TEMP\WIN76.TMP.EXE
    I:\WINDOWS\Prefetch\WIN76.TMP.EXE-022CE810.pf

    Trojan.Downloader-MGRS
    I:\WINDOWS\MGRS.EXE
    I:\WINDOWS\MGRS.EXE
    [smgr] I:\WINDOWS\MGRS.EXE
    I:\WINDOWS\Prefetch\MGRS.EXE-34C3510A.pf

    Trojan.WinFixer
    HKLM\Software\Classes\CLSID\{D9D067E0-5B3F-4EB9-B6B9-89AFEDA70EDF}
    HKCR\CLSID\{D9D067E0-5B3F-4EB9-B6B9-89AFEDA70EDF}
    HKCR\CLSID\{D9D067E0-5B3F-4EB9-B6B9-89AFEDA70EDF}\InprocServer32
    HKCR\CLSID\{D9D067E0-5B3F-4EB9-B6B9-89AFEDA70EDF}\InprocServer32#ThreadingModel
    I:\WINDOWS\SYSTEM32\MLLMM.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D9D067E0-5B3F-4EB9-B6B9-89AFEDA70EDF}

    Unclassified.Oreans32
    HKLM\System\ControlSet001\Services\oreans32
    I:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
    HKLM\System\ControlSet002\Services\oreans32
    HKLM\System\CurrentControlSet\Services\oreans32
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance

    Adware.Tracking Cookie
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected]ehg-bskyb.hitbox[1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][1].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt
    I:\Documents and Settings\Mr Whittle\Cookies\[email protected][2].txt

    Adware.Casino Games (Golden Palace Casino)
    I:\POKER\BLUESQUARE POKER\CASINO.EXE
    I:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\BLUESQUARE POKER.LNK
    I:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\BLUESQUARE POKER\BLUESQUARE POKER.LNK

    Trojan.Downloader-Gen/Mandingo
    I:\DOCUMENTS AND SETTINGS\MR WHITTLE\LOCAL SETTINGS\TEMP\WIN55C.TMP.EXE
    I:\WINDOWS\TEMP\WIN7C.TMP.EXE

    Trojan.Downloader-SVCHost/Fake
    I:\DOCUMENTS AND SETTINGS\MR WHITTLE\LOCAL SETTINGS\TEMP\WIN561.TMP.EXE
    I:\WINDOWS\TEMP\WIN85.TMP.EXE

    Trojan.Downloader-NoName
    I:\SYSTEM VOLUME INFORMATION\_RESTORE{8EE23917-22F1-4A5D-A62E-FE5E596678FD}\RP274\A0022213.EXE

    Trojan.Downloader-Gen/HitItQuitIt
    I:\SYSTEM VOLUME INFORMATION\_RESTORE{8EE23917-22F1-4A5D-A62E-FE5E596678FD}\RP274\A0022280.DLL
    I:\SYSTEM VOLUME INFORMATION\_RESTORE{8EE23917-22F1-4A5D-A62E-FE5E596678FD}\RP274\A0022348.DLL
    I:\SYSTEM VOLUME INFORMATION\_RESTORE{8EE23917-22F1-4A5D-A62E-FE5E596678FD}\RP274\A0022358.DLL

    Trojan.Downloader-Win/GHY
    I:\WINDOWS\SYSTEM32\WINOPN32.DLL
    ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 21:07:50, on 30/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\csrss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\WINDOWS\system32\svchost.exe
    I:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    I:\WINDOWS\Explorer.EXE
    I:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    I:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    I:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    I:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    I:\WINDOWS\system32\CTsvcCDA.exe
    I:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    I:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    I:\Program Files\Yahoo!\NAV\navapsvc.exe
    I:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
    I:\Program Files\Spyware Doctor\svcntaux.exe
    I:\Program Files\Spyware Doctor\swdsvc.exe
    I:\Program Files\Spyware Doctor\SDTrayApp.exe
    I:\WINDOWS\system32\svchost.exe
    I:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    I:\WINDOWS\System32\alg.exe
    I:\Program Files\VIA\RAID\raid_tool.exe
    I:\WINDOWS\system32\VTTimer.exe
    I:\Program Files\VIAudioi\SBADeck\ADeck.exe
    I:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    I:\PROGRA~1\Yahoo!\YOP\yop.exe
    I:\Program Files\Common Files\Symantec Shared\ccApp.exe
    I:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
    I:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    I:\WINDOWS\system32\wbem\wmiprvse.exe
    I:\Program Files\QuickTime\qttask.exe
    I:\Program Files\iTunes\iTunesHelper.exe
    I:\Documents and Settings\All Users\Application Data\wfmlibal.exe
    I:\WINDOWS\system32\ctfmon.exe
    I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    I:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    I:\Program Files\Creative\MediaSource5\MtdAcqu.exe
    I:\PROGRA~1\Yahoo!\browser\ycommon.exe
    I:\Program Files\iPod\bin\iPodService.exe
    I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    I:\WINDOWS\system32\wuauclt.exe
    I:\Program Files\Messenger\msmsgs.exe
    I:\PROGRA~1\Yahoo!\YOP\secstat.exe
    I:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    I:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    I:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    I:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0CD75D10-0BD8-48D1-9F41-76BAAFCEE734} - I:\WINDOWS\system32\fccywwx.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - I:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - I:\Program Files\Yahoo!\NAV\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [RaidTool] I:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [AudioDeck] I:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [FlashIcon] I:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "I:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [YOP] I:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] I:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] I:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [mmtask] I:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] I:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [wfmlibal.exe] I:\Documents and Settings\All Users\Application Data\wfmlibal.exe
    O4 - HKLM\..\Run: [SC2] I:\WINDOWS\system32\scchk32.exe
    O4 - HKLM\..\Run: [SDTray] "I:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\RunServices: [DJSNetCN] I:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O4 - HKCU\..\Run: [NBJ] "I:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [CTSyncU.exe] "I:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [MtdAcqu] "I:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
    O4 - HKCU\..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = I:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OpenOffice.org 2.0.lnk = I:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = I:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - I:\Program Files\bet365MPP\MPPoker.exe
    O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - I:\Program Files\ladbrokesMPP\MPPoker.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - I:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - I:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: ddaby - I:\WINDOWS\
    O20 - Winlogon Notify: ddayy - I:\WINDOWS\system32\ddayy.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - I:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - I:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - I:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - I:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - I:\Program Files\Yahoo!\NAV\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - I:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - I:\Program Files\Yahoo!\NAV\SAVScan.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - I:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - I:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - I:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: YPCService - Yahoo! Inc. - I:\WINDOWS\system32\YPCSER~1.EXE
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You did not post C:\vundofix.txt

    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HiJackThis – mark them, close IE, click fix checked

    O2 - BHO: (no name) - {0CD75D10-0BD8-48D1-9F41-76BAAFCEE734} - I:\WINDOWS\system32\fccywwx.dll (file missing)

    O4 - HKLM\..\Run: [wfmlibal.exe] I:\Documents and Settings\All Users\Application Data\wfmlibal.exe

    O4 - HKLM\..\Run: [SC2] I:\WINDOWS\system32\scchk32.exe

    O20 - Winlogon Notify: ddaby - I:\WINDOWS\

    O20 - Winlogon Notify: ddayy - I:\WINDOWS\system32\ddayy.dll (file missing)

    DownLoad Killbox from one of these links

    http://www.downloads.subratam.org/KillBox.zip or
    http://www.thespykiller.co.uk/files/killbox.exe

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    I:\Documents and Settings\All Users\Application Data\wfmlibal.exe
    I:\WINDOWS\system32\scchk32.exe

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new hijack log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  6. piggy40

    piggy40 Thread Starter

    Joined:
    Jun 30, 2007
    Messages:
    7
    Logfile of HijackThis v1.99.1
    Scan saved at 10:41:51, on 01/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\csrss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\WINDOWS\system32\svchost.exe
    I:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    I:\WINDOWS\Explorer.EXE
    I:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    I:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    I:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    I:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    I:\WINDOWS\system32\CTsvcCDA.exe
    I:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    I:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    I:\Program Files\Yahoo!\NAV\navapsvc.exe
    I:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
    I:\Program Files\Spyware Doctor\svcntaux.exe
    I:\Program Files\Spyware Doctor\swdsvc.exe
    I:\Program Files\Spyware Doctor\SDTrayApp.exe
    I:\WINDOWS\system32\svchost.exe
    I:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    I:\WINDOWS\System32\alg.exe
    I:\Program Files\VIA\RAID\raid_tool.exe
    I:\WINDOWS\system32\VTTimer.exe
    I:\Program Files\VIAudioi\SBADeck\ADeck.exe
    I:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    I:\PROGRA~1\Yahoo!\YOP\yop.exe
    I:\Program Files\Common Files\Symantec Shared\ccApp.exe
    I:\WINDOWS\system32\wbem\wmiprvse.exe
    I:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
    I:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    I:\Program Files\QuickTime\qttask.exe
    I:\Program Files\iTunes\iTunesHelper.exe
    I:\WINDOWS\system32\ctfmon.exe
    I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    I:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    I:\Program Files\Creative\MediaSource5\MtdAcqu.exe
    I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    I:\Program Files\iPod\bin\iPodService.exe
    I:\WINDOWS\system32\wuauclt.exe
    I:\PROGRA~1\Yahoo!\browser\ycommon.exe
    I:\Program Files\Messenger\msmsgs.exe
    I:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    I:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    I:\PROGRA~1\Yahoo!\YOP\secstat.exe
    I:\Program Files\Hijackthis\HijackThis.exe
    I:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - I:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - I:\Program Files\Yahoo!\NAV\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [RaidTool] I:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [AudioDeck] I:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [FlashIcon] I:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "I:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [YOP] I:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] I:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] I:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [mmtask] I:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] I:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SDTray] "I:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\RunServices: [DJSNetCN] I:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O4 - HKCU\..\Run: [NBJ] "I:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [CTSyncU.exe] "I:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [MtdAcqu] "I:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
    O4 - HKCU\..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = I:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OpenOffice.org 2.0.lnk = I:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = I:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - I:\Program Files\bet365MPP\MPPoker.exe
    O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - I:\Program Files\ladbrokesMPP\MPPoker.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - I:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - I:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - I:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - I:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - I:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - I:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - I:\Program Files\Yahoo!\NAV\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - I:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - I:\Program Files\Yahoo!\NAV\SAVScan.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - I:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - I:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - I:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: YPCService - Yahoo! Inc. - I:\WINDOWS\system32\YPCSER~1.EXE
     
  7. piggy40

    piggy40 Thread Starter

    Joined:
    Jun 30, 2007
    Messages:
    7
    don't want to bother you as i can see how busy you are but is there anything left to do or am i allright now?
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  9. piggy40

    piggy40 Thread Starter

    Joined:
    Jun 30, 2007
    Messages:
    7
    thank you so much for your help it is really asppreciated(y)
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/590218

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice