Solved: pop up..CPVfeed and other spyware

shaji007 · Jul 3, 2007

im sure everyone knows about this. IE opens a window with a URL starting with http:...then something url cpvfeed...ive tried getting rid of it and stuff but it hasnt worked...and on top of that my computer has gone really slow...its never this slow

heres the hijack log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 01:46, on 2007-07-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\gwxjbaxc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\SpeedItUpFree\SpeedItUp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Home\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {471F5839-6189-4FEF-88E1-C282CE060F2D} - C:\WINDOWS\system32\jkhhf.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\nqqyaikx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {D9CF9E72-1E65-4EC1-B57A-19BE12030BF5} - C:\WINDOWS\system32\iiffcba.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\lccyeedj.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\SpeedItUpFree\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://www.youtube.com
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168431977546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://support.installshield.com/kb/files/Q105097/OCI/isetup.cab
O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://www.theradclyffeschool.co.uk:6226/program/SonySncRz25View.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iiffcba - C:\WINDOWS\SYSTEM32\iiffcba.dll
O20 - Winlogon Notify: jkhhf - C:\WINDOWS\system32\jkhhf.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\gwxjbaxc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\system32\snmptrap.exe (file missing)

--
End of file - 9744 bytes

thanks for looking XD

MFDnNC · Jul 3, 2007

If you have vundofix, remove it and get the current version

Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish its thing, sometimes it can take multiple passes
====================
NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

==============
Download Superantispyware (SAS)

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.

shaji007 · Jul 3, 2007

thanks for ya reply however ive done all this...found a similiar post...but what is the spyware that causes the popups and the system slowing down?

anyways this is the hijack log after doing everything you said:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 07:47, on 2007-07-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\SpeedItUpFree\SpeedItUp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Home\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\SpeedItUpFree\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://www.youtube.com
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168431977546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://support.installshield.com/kb/files/Q105097/OCI/isetup.cab
O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://www.theradclyffeschool.co.uk:6226/program/SonySncRz25View.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\system32\snmptrap.exe (file missing)

--
End of file - 9341 bytes

and the anti-virus scan log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/03/2007 at 02:49 AM

Application Version : 3.9.1008

Core Rules Database Version : 3264
Trace Rules Database Version: 1275

Scan type : Complete Scan
Total Scan Time : 00:59:23

Memory items scanned : 422
Memory threats detected : 3
Registry items scanned : 7160
Registry threats detected : 18
File items scanned : 36922
File threats detected : 215

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\JKHHF.DLL
C:\WINDOWS\SYSTEM32\JKHHF.DLL
HKLM\Software\Classes\CLSID\{471F5839-6189-4FEF-88E1-C282CE060F2D}
HKCR\CLSID\{471F5839-6189-4FEF-88E1-C282CE060F2D}
HKCR\CLSID\{471F5839-6189-4FEF-88E1-C282CE060F2D}\InprocServer32
HKCR\CLSID\{471F5839-6189-4FEF-88E1-C282CE060F2D}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{471F5839-6189-4FEF-88E1-C282CE060F2D}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkhhf

Adware.eZula
C:\WINDOWS\SYSTEM32\GWXJBAXC.EXE
C:\WINDOWS\SYSTEM32\GWXJBAXC.EXE
HKLM\System\ControlSet001\Services\DomainService
HKLM\System\ControlSet003\Services\DomainService
HKLM\System\CurrentControlSet\Services\DomainService
C:\WINDOWS\SYSTEM32\AANYQKDF.EXE
C:\WINDOWS\SYSTEM32\AATJEMGC.EXE
C:\WINDOWS\SYSTEM32\ABEVSLSA.EXE
C:\WINDOWS\SYSTEM32\AMXWAWLC.EXE
C:\WINDOWS\SYSTEM32\ARSBPJUN.EXE
C:\WINDOWS\SYSTEM32\ATGJGUBI.EXE
C:\WINDOWS\SYSTEM32\AVLKBOTE.EXE
C:\WINDOWS\SYSTEM32\BAYLYSVI.EXE
C:\WINDOWS\SYSTEM32\BDOIWWLM.EXE
C:\WINDOWS\SYSTEM32\BETCAPSH.EXE
C:\WINDOWS\SYSTEM32\BGFARMTT.EXE
C:\WINDOWS\SYSTEM32\BLWEDBFE.EXE
C:\WINDOWS\SYSTEM32\BMFUPHJG.EXE
C:\WINDOWS\SYSTEM32\BOTHUOUL.EXE
C:\WINDOWS\SYSTEM32\BPRGUBFJ.EXE
C:\WINDOWS\SYSTEM32\BQDQPJKY.EXE
C:\WINDOWS\SYSTEM32\BRLFJUGW.EXE
C:\WINDOWS\SYSTEM32\BWIYHCYI.EXE
C:\WINDOWS\SYSTEM32\CBIGTFQS.EXE
C:\WINDOWS\SYSTEM32\CDFTBECD.EXE
C:\WINDOWS\SYSTEM32\CEYJIEPC.EXE
C:\WINDOWS\SYSTEM32\CFGVJKCE.EXE
C:\WINDOWS\SYSTEM32\CMHHYPVM.EXE
C:\WINDOWS\SYSTEM32\CPXEEJUJ.EXE
C:\WINDOWS\SYSTEM32\CQKSIDFQ.EXE
C:\WINDOWS\SYSTEM32\CQMPSCOX.EXE
C:\WINDOWS\SYSTEM32\CSFGVOBT.EXE
C:\WINDOWS\SYSTEM32\DCLKQKNF.EXE
C:\WINDOWS\SYSTEM32\DCMDFRSW.EXE
C:\WINDOWS\SYSTEM32\DFWSNOYV.EXE
C:\WINDOWS\SYSTEM32\DPUPETKQ.EXE
C:\WINDOWS\SYSTEM32\DSETMCYD.EXE
C:\WINDOWS\SYSTEM32\EMRAULUE.EXE
C:\WINDOWS\SYSTEM32\ENAEDWYR.EXE
C:\WINDOWS\SYSTEM32\EPGFAAPS.EXE
C:\WINDOWS\SYSTEM32\ETRNMXUD.EXE
C:\WINDOWS\SYSTEM32\FAHOSYNW.EXE
C:\WINDOWS\SYSTEM32\FCQBTEJQ.EXE
C:\WINDOWS\SYSTEM32\FGXPPGLK.EXE
C:\WINDOWS\SYSTEM32\FHAEHYHP.EXE
C:\WINDOWS\SYSTEM32\FIABVNII.EXE
C:\WINDOWS\SYSTEM32\FJAUHXFQ.EXE
C:\WINDOWS\SYSTEM32\FJEGXUFL.EXE
C:\WINDOWS\SYSTEM32\FJIOIUNO.EXE
C:\WINDOWS\SYSTEM32\FNGPIUWT.EXE
C:\WINDOWS\SYSTEM32\FOVVDTUD.EXE
C:\WINDOWS\SYSTEM32\FSBLNQXH.EXE
C:\WINDOWS\SYSTEM32\FTKMTWWV.EXE
C:\WINDOWS\SYSTEM32\FUASBADK.EXE
C:\WINDOWS\SYSTEM32\FXKBWNEU.EXE
C:\WINDOWS\SYSTEM32\GFCPXYLV.EXE
C:\WINDOWS\SYSTEM32\GHYKXMGR.EXE
C:\WINDOWS\SYSTEM32\GLAASGKV.EXE
C:\WINDOWS\SYSTEM32\GMPCWQQL.EXE
C:\WINDOWS\SYSTEM32\GUPPUKHN.EXE
C:\WINDOWS\SYSTEM32\GVIYNPBI.EXE
C:\WINDOWS\SYSTEM32\GXNPOBKN.EXE
C:\WINDOWS\SYSTEM32\HHIJRDND.EXE
C:\WINDOWS\SYSTEM32\HHYOTMFR.EXE
C:\WINDOWS\SYSTEM32\HQLVTCWJ.EXE
C:\WINDOWS\SYSTEM32\HXXQYROX.EXE
C:\WINDOWS\SYSTEM32\IAEGTNBH.EXE
C:\WINDOWS\SYSTEM32\IBYTBJPC.EXE
C:\WINDOWS\SYSTEM32\ICFKWRYK.EXE
C:\WINDOWS\SYSTEM32\IEOSUSAN.EXE
C:\WINDOWS\SYSTEM32\IINKOSAQ.EXE
C:\WINDOWS\SYSTEM32\IRABHBCR.EXE
C:\WINDOWS\SYSTEM32\ISBSGFGD.EXE
C:\WINDOWS\SYSTEM32\IWANRCRL.EXE
C:\WINDOWS\SYSTEM32\JEUMUPSE.EXE
C:\WINDOWS\SYSTEM32\JFAAQVAC.EXE
C:\WINDOWS\SYSTEM32\JNRRLHOP.EXE
C:\WINDOWS\SYSTEM32\JNVSDXMA.EXE
C:\WINDOWS\SYSTEM32\JVMDLDQA.EXE
C:\WINDOWS\SYSTEM32\KDRMQEKK.EXE
C:\WINDOWS\SYSTEM32\KHTNGGYE.EXE
C:\WINDOWS\SYSTEM32\KJUISIMB.EXE
C:\WINDOWS\SYSTEM32\KKSLKXQD.EXE
C:\WINDOWS\SYSTEM32\KNCUBLOM.EXE
C:\WINDOWS\SYSTEM32\KPBXJIUL.EXE
C:\WINDOWS\SYSTEM32\KUBHIKXC.EXE
C:\WINDOWS\SYSTEM32\KUUXALEN.EXE
C:\WINDOWS\SYSTEM32\KWFCBNLP.EXE
C:\WINDOWS\SYSTEM32\LMBNEFPA.EXE
C:\WINDOWS\SYSTEM32\LMTFPWOV.EXE
C:\WINDOWS\SYSTEM32\LNYIIJCS.EXE
C:\WINDOWS\SYSTEM32\LOBGCDVC.EXE
C:\WINDOWS\SYSTEM32\LPXQXQLO.EXE
C:\WINDOWS\SYSTEM32\LQVCJOIL.EXE
C:\WINDOWS\SYSTEM32\LUADPWXY.EXE
C:\WINDOWS\SYSTEM32\LWOFNLMU.EXE
C:\WINDOWS\SYSTEM32\MBBRJHKP.EXE
C:\WINDOWS\SYSTEM32\MBUHDCWT.EXE
C:\WINDOWS\SYSTEM32\MCHKBBDQ.EXE
C:\WINDOWS\SYSTEM32\MIKHXVKP.EXE
C:\WINDOWS\SYSTEM32\MNAXHIRF.EXE
C:\WINDOWS\SYSTEM32\MPGTAUSM.EXE
C:\WINDOWS\SYSTEM32\MUMMALVP.EXE
C:\WINDOWS\SYSTEM32\MWTSFULW.EXE
C:\WINDOWS\SYSTEM32\NCKJJCRM.EXE
C:\WINDOWS\SYSTEM32\NMUIYUUV.EXE
C:\WINDOWS\SYSTEM32\NTQWDYBC.EXE
C:\WINDOWS\SYSTEM32\NWJFGABC.EXE
C:\WINDOWS\SYSTEM32\NYOTEWKJ.EXE
C:\WINDOWS\SYSTEM32\NYOVNQSV.EXE
C:\WINDOWS\SYSTEM32\OGHXUAVC.EXE
C:\WINDOWS\SYSTEM32\OJMOPGBU.EXE
C:\WINDOWS\SYSTEM32\OJYMGXMA.EXE
C:\WINDOWS\SYSTEM32\OLNUVHFB.EXE
C:\WINDOWS\SYSTEM32\OPJWJPFU.EXE
C:\WINDOWS\SYSTEM32\OQNTROKB.EXE
C:\WINDOWS\SYSTEM32\OQRWYRTK.EXE
C:\WINDOWS\SYSTEM32\ORUKQONR.EXE
C:\WINDOWS\SYSTEM32\OUPIFPCX.EXE
C:\WINDOWS\SYSTEM32\OWYYDOOV.EXE
C:\WINDOWS\SYSTEM32\OXNMPCTG.EXE
C:\WINDOWS\SYSTEM32\PAXORVEG.EXE
C:\WINDOWS\SYSTEM32\PCQGBOGN.EXE
C:\WINDOWS\SYSTEM32\PEFICFHI.EXE
C:\WINDOWS\SYSTEM32\PGLLWIGT.EXE
C:\WINDOWS\SYSTEM32\POVXTAXL.EXE
C:\WINDOWS\SYSTEM32\PQPVMYVD.EXE
C:\WINDOWS\SYSTEM32\PVPFOUUX.EXE
C:\WINDOWS\SYSTEM32\QCRDBXLK.EXE
C:\WINDOWS\SYSTEM32\QFJVLWDR.EXE
C:\WINDOWS\SYSTEM32\QGDVWNAC.EXE
C:\WINDOWS\SYSTEM32\QNFBJFRR.EXE
C:\WINDOWS\SYSTEM32\QNGPUUOU.EXE
C:\WINDOWS\SYSTEM32\QTWLSOCF.EXE
C:\WINDOWS\SYSTEM32\QXHJDOAX.EXE
C:\WINDOWS\SYSTEM32\QXOXNUUR.EXE
C:\WINDOWS\SYSTEM32\RDMWHWEK.EXE
C:\WINDOWS\SYSTEM32\RJANSADU.EXE
C:\WINDOWS\SYSTEM32\RLJILNYP.EXE
C:\WINDOWS\SYSTEM32\RSFFNRET.EXE
C:\WINDOWS\SYSTEM32\RVWDRHSG.EXE
C:\WINDOWS\SYSTEM32\RWVCXECU.EXE
C:\WINDOWS\SYSTEM32\SDVTNPTF.EXE
C:\WINDOWS\SYSTEM32\SSVSOSPY.EXE
C:\WINDOWS\SYSTEM32\SUCFLIHI.EXE
C:\WINDOWS\SYSTEM32\SUSFWKAI.EXE
C:\WINDOWS\SYSTEM32\TDFXPJEQ.EXE
C:\WINDOWS\SYSTEM32\TDVPVSLP.EXE
C:\WINDOWS\SYSTEM32\TGYLEROA.EXE
C:\WINDOWS\SYSTEM32\THJMRFUB.EXE
C:\WINDOWS\SYSTEM32\TTBGEPQB.EXE
C:\WINDOWS\SYSTEM32\TTVWREKP.EXE
C:\WINDOWS\SYSTEM32\TUBLNNAG.EXE
C:\WINDOWS\SYSTEM32\TUEKYNIX.EXE
C:\WINDOWS\SYSTEM32\TYLAMEDI.EXE
C:\WINDOWS\SYSTEM32\UHVYNDAE.EXE
C:\WINDOWS\SYSTEM32\UNAMHFIV.EXE
C:\WINDOWS\SYSTEM32\UNXMVWTA.EXE
C:\WINDOWS\SYSTEM32\UPWOIUSJ.EXE
C:\WINDOWS\SYSTEM32\UTVWWGIK.EXE
C:\WINDOWS\SYSTEM32\UVGVLNJF.EXE
C:\WINDOWS\SYSTEM32\VFKICWQL.EXE
C:\WINDOWS\SYSTEM32\VFSWHLAG.EXE
C:\WINDOWS\SYSTEM32\VHPHPNBJ.EXE
C:\WINDOWS\SYSTEM32\VOOWDIPH.EXE
C:\WINDOWS\SYSTEM32\VQJVMVMY.EXE
C:\WINDOWS\SYSTEM32\VREBIXKX.EXE
C:\WINDOWS\SYSTEM32\VUEKWOAC.EXE
C:\WINDOWS\SYSTEM32\WDCPBVOI.EXE
C:\WINDOWS\SYSTEM32\WMKQOICN.EXE
C:\WINDOWS\SYSTEM32\WQEOJEHD.EXE
C:\WINDOWS\SYSTEM32\WWGDKVUF.EXE
C:\WINDOWS\SYSTEM32\WYJBEYVQ.EXE
C:\WINDOWS\SYSTEM32\XEGDRHJV.EXE
C:\WINDOWS\SYSTEM32\XERWXYEE.EXE
C:\WINDOWS\SYSTEM32\XFKNDTSS.EXE
C:\WINDOWS\SYSTEM32\XMANVKPR.EXE
C:\WINDOWS\SYSTEM32\XPFSBVCB.EXE
C:\WINDOWS\SYSTEM32\XXJIXELM.EXE
C:\WINDOWS\SYSTEM32\YIVAIJLS.EXE
C:\WINDOWS\SYSTEM32\YMVRTCUM.EXE
C:\WINDOWS\Prefetch\DFWSNOYV.EXE-1CA65D64.pf
C:\WINDOWS\Prefetch\LUADPWXY.EXE-1BC2D39B.pf
C:\WINDOWS\Prefetch\VOOWDIPH.EXE-1EA33EA4.pf

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\NQQYAIKX.DLL
C:\WINDOWS\SYSTEM32\NQQYAIKX.DLL

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}

Trojan.Unknown Origin
HKLM\System\ControlSet001\Services\ip139
C:\WINDOWS\SYSTEM32\PG.EXE
HKLM\System\ControlSet003\Services\ip139
HKLM\System\CurrentControlSet\Services\ip139
C:\WINDOWS\B129.EXE
C:\WINDOWS\SYSTEM32\WINTSVCC32.EXE

Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\UNIVERSAL TORRENT ACCELERATOR\SETTINGS\YAZZLEBUNDLE-1488.EXE

Adware.ClickSpring/Resident
C:\SYSTEM VOLUME INFORMATION\_RESTORE{49C3395E-AE30-4D0A-BBF5-3B7FE62EC82A}\RP23\A0019463.DLL

Trojan.Downloader-Gen/Installer
C:\WINDOWS\B104.EXE
C:\WINDOWS\B122.EXE
C:\WINDOWS\B136.EXE

Trojan.Downloader-SpyTool
C:\WINDOWS\SYSTEM32\BEEGHBGI.DLL
C:\WINDOWS\SYSTEM32\CGIKBCUV.DLL
C:\WINDOWS\SYSTEM32\DROKUWMV.DLL
C:\WINDOWS\SYSTEM32\ERBBOGCQ.DLL
C:\WINDOWS\SYSTEM32\GYWWFALR.DLL
C:\WINDOWS\SYSTEM32\IIRIFFIO.DLL
C:\WINDOWS\SYSTEM32\JUAYPIOM.DLL
C:\WINDOWS\SYSTEM32\KFOYULYW.DLL
C:\WINDOWS\SYSTEM32\LCSUBTFY.DLL
C:\WINDOWS\SYSTEM32\LQEAUYVA.DLL
C:\WINDOWS\SYSTEM32\LYQFVVEE.DLL
C:\WINDOWS\SYSTEM32\PGMDOQBO.DLL
C:\WINDOWS\SYSTEM32\QGMAOAOC.DLL
C:\WINDOWS\SYSTEM32\QHJJOVKE.DLL
C:\WINDOWS\SYSTEM32\QRYNBYAG.DLL
C:\WINDOWS\SYSTEM32\QTTMXWOF.DLL
C:\WINDOWS\SYSTEM32\RBUKNUSK.DLL
C:\WINDOWS\SYSTEM32\UHJUUADB.DLL
C:\WINDOWS\SYSTEM32\UOMRGUYX.DLL
C:\WINDOWS\SYSTEM32\VMWICQEK.DLL
C:\WINDOWS\SYSTEM32\WAMAUMRU.DLL
C:\WINDOWS\SYSTEM32\WEWUNNJL.DLL
C:\WINDOWS\SYSTEM32\YLAQNXEA.DLL

Trojan.Rootkit-TnCore
C:\WINDOWS\SYSTEM32\DRIVERS\CORE.SYS

Adware.ClickSpring
C:\WINDOWS\system32\SEMBLY~1\TSKMGR~1.EXE

MFDnNC · Jul 3, 2007

Where is the vundofix log - C:\vundofix.txt

MFDnNC · Jul 3, 2007

You have no active AntiVirus!

Get the free AVG AntiVirus 7.5 install it, check for updates and run a full scan

AVG 7.5 - http://free.grisoft.com/freeweb.php/doc/2/

shaji007 · Jul 3, 2007

oh yea sorry bout the vundo log:

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 03:34:15 2007-07-03

Listing files found while scanning....

C:\windows\system32\abixtuyp.ini
C:\windows\system32\acopayvq.dll
C:\windows\system32\afdayxwp.dll
C:\windows\system32\ahujykhc.dll
C:\windows\system32\akyfvmkv.ini
C:\windows\system32\aoucigbx.dll
C:\windows\system32\avfifufy.ini
C:\windows\system32\bdmwgvix.dll
C:\windows\system32\bgxomtfw.dll
C:\windows\system32\bhwydatj.ini
C:\windows\system32\bmloqdfm.ini
C:\windows\system32\boenccbs.exe
C:\windows\system32\bwsahdnd.ini
C:\windows\system32\cahrpehn.ini
C:\windows\system32\cakhctcg.dll
C:\windows\system32\chkyjuha.ini
C:\windows\system32\cmpnwwxc.ini
C:\windows\system32\cpnwfadw.ini
C:\windows\system32\crpglgvc.ini
C:\windows\system32\cvglgprc.dll
C:\windows\system32\cxwwnpmc.dll
C:\windows\system32\cygshphd.dll
C:\windows\system32\dcnagcsu.dll
C:\windows\system32\dcyynxyo.dll
C:\windows\system32\ddccc.dll
C:\windows\system32\ddrhowcv.dll
C:\windows\system32\dhphsgyc.ini
C:\windows\system32\dkqteioh.dll
C:\windows\system32\dndhaswb.dll
C:\windows\system32\dpxwiefl.ini
C:\windows\system32\dumasivk.ini
C:\windows\system32\efhkj.bak1
C:\windows\system32\efhkj.ini
C:\windows\system32\emfdmkbw.exe
C:\windows\system32\etlmtxcr.dll
C:\windows\system32\ewegoqhu.ini
C:\windows\system32\fbnynqih.dll
C:\windows\system32\fcssnnlo.dll
C:\windows\system32\fgcslcnl.ini
C:\windows\system32\fjvssftf.ini
C:\windows\system32\fkodjkfi.ini
C:\windows\system32\fprjhfhm.dll
C:\windows\system32\frglmjgg.ini
C:\windows\system32\ftfssvjf.dll
C:\windows\system32\ftfxumoq.dll
C:\windows\system32\funkurog.dll
C:\windows\system32\gctchkac.ini
C:\windows\system32\gfmflyxm.ini
C:\windows\system32\ggjmlgrf.dll
C:\windows\system32\gkalirbi.dll
C:\windows\system32\gpmblkuv.dll
C:\windows\system32\gpwrmmnq.dll
C:\windows\system32\hbblelyu.ini
C:\windows\system32\heawgtwy.ini
C:\windows\system32\hibwjchd.exe
C:\windows\system32\hpcfmout.ini
C:\windows\system32\hxevncsk.dll
C:\windows\system32\ianbnigs.dll
C:\windows\system32\iaqyhtvp.ini
C:\windows\system32\ibrilakg.ini
C:\windows\system32\idpnhuvl.dll
C:\windows\system32\ifkjdokf.dll
C:\windows\system32\iiffcba.dll
C:\windows\system32\irugxiun.dll
C:\windows\system32\itopebxv.ini
C:\windows\system32\iuflhloe.dll
C:\windows\system32\iwrglwkq.dll
C:\windows\system32\j8261037.dll
C:\windows\system32\jdeeyccl.ini
C:\windows\system32\jenaccak.dll
C:\windows\system32\jgefqwox.dll
C:\WINDOWS\system32\jkhfe.dll
C:\windows\system32\jtadywhb.dll
C:\windows\system32\jxutfruo.ini
C:\windows\system32\kaccanej.ini
C:\windows\system32\kjlmyxvn.dll
C:\windows\system32\kkkafsyb.dll
C:\windows\system32\kkocyaml.ini
C:\windows\system32\kvisamud.dll
C:\windows\system32\kwstutos.ini
C:\windows\system32\lasrvdop.dll
C:\windows\system32\lccyeedj.dll
C:\windows\system32\lcsbpjvv.ini
C:\windows\system32\lfeiwxpd.dll
C:\windows\system32\lmaycokk.dll
C:\windows\system32\lnclscgf.dll
C:\windows\system32\lpaxxquo.dll
C:\windows\system32\lvuhnpdi.ini
C:\windows\system32\lwpxuqwp.dll
C:\windows\system32\mfdqolmb.dll
C:\windows\system32\mhfhjrpf.ini
C:\windows\system32\mrjdcpcv.exe
C:\windows\system32\muokwqgr.exe
C:\windows\system32\mxylfmfg.dll
C:\windows\system32\ndxvrafs.ini
C:\windows\system32\nheprhac.dll
C:\windows\system32\nkufmwsy.dll
C:\windows\system32\nnnxafip.dll
C:\windows\system32\nuixguri.ini
C:\windows\system32\nxebohsp.dll
C:\WINDOWS\system32\oaqqccki.dll
C:\windows\system32\olnnsscf.ini
C:\windows\system32\oremcswe.dll
C:\windows\system32\ouqxxapl.ini
C:\windows\system32\ourftuxj.dll
C:\windows\system32\oycwpjkv.exe
C:\windows\system32\oyxnyycd.ini
C:\windows\system32\pftexcsx.dll
C:\windows\system32\pifaxnnn.ini
C:\windows\system32\pikryffx.dll
C:\windows\system32\podvrsal.ini
C:\windows\system32\pvthyqai.dll
C:\windows\system32\pxldflix.ini
C:\windows\system32\pyutxiba.dll
C:\windows\system32\qjsgulnq.ini
C:\windows\system32\qkwlgrwi.ini
C:\windows\system32\qnhixxir.ini
C:\WINDOWS\system32\qnlugsjq.dll
C:\windows\system32\qnmmrwpg.ini
C:\windows\system32\qomuxftf.ini
C:\windows\system32\qphnguhc.dll
C:\windows\system32\qqvbhsix.exe
C:\windows\system32\qwmhapti.exe
C:\windows\system32\qxjkgxcx.dll
C:\windows\system32\rcqeyflw.dll
C:\windows\system32\rcxtmlte.ini
C:\windows\system32\rdmvvrsr.ini
C:\windows\system32\rixxihnq.dll
C:\windows\system32\rnvbnvnw.ini
C:\windows\system32\rspsivdw.dll
C:\windows\system32\rsrvvmdr.dll
C:\windows\system32\sebaxpox.ini
C:\windows\system32\sfarvxdn.dll
C:\windows\system32\sginbnai.ini
C:\windows\system32\sjplxllx.dll
C:\windows\system32\smauxgnv.dll
C:\windows\system32\sotutswk.dll
C:\windows\system32\stdjocfv.dll
C:\windows\system32\sxqykeau.ini
C:\windows\system32\tjlbjlhx.ini
C:\windows\system32\trsfhjqu.dll
C:\windows\system32\tuomfcph.dll
C:\windows\system32\uaekyqxs.dll
C:\windows\system32\uhqogewe.dll
C:\windows\system32\uksuvmma.dll
C:\windows\system32\umtfxlkg.exe
C:\windows\system32\uscgancd.ini
C:\windows\system32\uvvfcswi.dll
C:\windows\system32\uxhiawgi.dll
C:\windows\system32\uylelbbh.dll
C:\windows\system32\vabxhqxs.exe
C:\windows\system32\vcwohrdd.ini
C:\windows\system32\vfcojdts.ini
C:\windows\system32\vkmvfyka.dll
C:\windows\system32\vngxuams.ini
C:\windows\system32\vvjpbscl.dll
C:\windows\system32\vxbepoti.dll
C:\windows\system32\wdafwnpc.dll
C:\windows\system32\wdvispsr.ini
C:\windows\system32\wftmoxgb.ini
C:\windows\system32\wgbopxpl.dll
C:\windows\system32\wlfyeqcr.ini
C:\windows\system32\wnvnbvnr.dll
C:\windows\system32\xcxgkjxq.ini
C:\windows\system32\xffyrkip.ini
C:\windows\system32\xhljbljt.dll
C:\windows\system32\xilfdlxp.dll
C:\windows\system32\xivgwmdb.ini
C:\windows\system32\xllxlpjs.ini
C:\windows\system32\xopxabes.dll
C:\windows\system32\xowqfegj.ini
C:\windows\system32\xpkxxljp.dll
C:\windows\system32\xscxetfp.ini
C:\windows\system32\yfufifva.dll
C:\windows\system32\ywtgwaeh.dll

Beginning removal...

Attempting to delete C:\windows\system32\abixtuyp.ini
C:\windows\system32\abixtuyp.ini Has been deleted!

Attempting to delete C:\windows\system32\acopayvq.dll
C:\windows\system32\acopayvq.dll Has been deleted!

Attempting to delete C:\windows\system32\afdayxwp.dll
C:\windows\system32\afdayxwp.dll Has been deleted!

Attempting to delete C:\windows\system32\ahujykhc.dll
C:\windows\system32\ahujykhc.dll Has been deleted!

Attempting to delete C:\windows\system32\akyfvmkv.ini
C:\windows\system32\akyfvmkv.ini Has been deleted!

Attempting to delete C:\windows\system32\aoucigbx.dll
C:\windows\system32\aoucigbx.dll Has been deleted!

Attempting to delete C:\windows\system32\avfifufy.ini
C:\windows\system32\avfifufy.ini Has been deleted!

Attempting to delete C:\windows\system32\bdmwgvix.dll
C:\windows\system32\bdmwgvix.dll Has been deleted!

Attempting to delete C:\windows\system32\bgxomtfw.dll
C:\windows\system32\bgxomtfw.dll Has been deleted!

Attempting to delete C:\windows\system32\bhwydatj.ini
C:\windows\system32\bhwydatj.ini Has been deleted!

Attempting to delete C:\windows\system32\bmloqdfm.ini
C:\windows\system32\bmloqdfm.ini Has been deleted!

Attempting to delete C:\windows\system32\boenccbs.exe
C:\windows\system32\boenccbs.exe Has been deleted!

Attempting to delete C:\windows\system32\bwsahdnd.ini
C:\windows\system32\bwsahdnd.ini Has been deleted!

Attempting to delete C:\windows\system32\cahrpehn.ini
C:\windows\system32\cahrpehn.ini Has been deleted!

Attempting to delete C:\windows\system32\cakhctcg.dll
C:\windows\system32\cakhctcg.dll Has been deleted!

Attempting to delete C:\windows\system32\chkyjuha.ini
C:\windows\system32\chkyjuha.ini Has been deleted!

Attempting to delete C:\windows\system32\cmpnwwxc.ini
C:\windows\system32\cmpnwwxc.ini Has been deleted!

Attempting to delete C:\windows\system32\cpnwfadw.ini
C:\windows\system32\cpnwfadw.ini Has been deleted!

Attempting to delete C:\windows\system32\crpglgvc.ini
C:\windows\system32\crpglgvc.ini Has been deleted!

Attempting to delete C:\windows\system32\cvglgprc.dll
C:\windows\system32\cvglgprc.dll Has been deleted!

Attempting to delete C:\windows\system32\cxwwnpmc.dll
C:\windows\system32\cxwwnpmc.dll Has been deleted!

Attempting to delete C:\windows\system32\cygshphd.dll
C:\windows\system32\cygshphd.dll Has been deleted!

Attempting to delete C:\windows\system32\dcnagcsu.dll
C:\windows\system32\dcnagcsu.dll Has been deleted!

Attempting to delete C:\windows\system32\dcyynxyo.dll
C:\windows\system32\dcyynxyo.dll Has been deleted!

Attempting to delete C:\windows\system32\ddccc.dll
C:\windows\system32\ddccc.dll Could not be deleted.

Attempting to delete C:\windows\system32\ddrhowcv.dll
C:\windows\system32\ddrhowcv.dll Has been deleted!

Attempting to delete C:\windows\system32\dhphsgyc.ini
C:\windows\system32\dhphsgyc.ini Has been deleted!

Attempting to delete C:\windows\system32\dkqteioh.dll
C:\windows\system32\dkqteioh.dll Has been deleted!

Attempting to delete C:\windows\system32\dndhaswb.dll
C:\windows\system32\dndhaswb.dll Has been deleted!

Attempting to delete C:\windows\system32\dpxwiefl.ini
C:\windows\system32\dpxwiefl.ini Has been deleted!

Attempting to delete C:\windows\system32\dumasivk.ini
C:\windows\system32\dumasivk.ini Has been deleted!

Attempting to delete C:\windows\system32\efhkj.bak1
C:\windows\system32\efhkj.bak1 Has been deleted!

Attempting to delete C:\windows\system32\efhkj.ini
C:\windows\system32\efhkj.ini Has been deleted!

Attempting to delete C:\windows\system32\emfdmkbw.exe
C:\windows\system32\emfdmkbw.exe Has been deleted!

Attempting to delete C:\windows\system32\etlmtxcr.dll
C:\windows\system32\etlmtxcr.dll Has been deleted!

Attempting to delete C:\windows\system32\ewegoqhu.ini
C:\windows\system32\ewegoqhu.ini Has been deleted!

Attempting to delete C:\windows\system32\fbnynqih.dll
C:\windows\system32\fbnynqih.dll Has been deleted!

Attempting to delete C:\windows\system32\fcssnnlo.dll
C:\windows\system32\fcssnnlo.dll Has been deleted!

Attempting to delete C:\windows\system32\fgcslcnl.ini
C:\windows\system32\fgcslcnl.ini Has been deleted!

Attempting to delete C:\windows\system32\fjvssftf.ini
C:\windows\system32\fjvssftf.ini Has been deleted!

Attempting to delete C:\windows\system32\fkodjkfi.ini
C:\windows\system32\fkodjkfi.ini Has been deleted!

Attempting to delete C:\windows\system32\fprjhfhm.dll
C:\windows\system32\fprjhfhm.dll Has been deleted!

Attempting to delete C:\windows\system32\frglmjgg.ini
C:\windows\system32\frglmjgg.ini Has been deleted!

Attempting to delete C:\windows\system32\ftfssvjf.dll
C:\windows\system32\ftfssvjf.dll Has been deleted!

Attempting to delete C:\windows\system32\ftfxumoq.dll
C:\windows\system32\ftfxumoq.dll Has been deleted!

Attempting to delete C:\windows\system32\funkurog.dll
C:\windows\system32\funkurog.dll Has been deleted!

Attempting to delete C:\windows\system32\gctchkac.ini
C:\windows\system32\gctchkac.ini Has been deleted!

Attempting to delete C:\windows\system32\gfmflyxm.ini
C:\windows\system32\gfmflyxm.ini Has been deleted!

Attempting to delete C:\windows\system32\ggjmlgrf.dll
C:\windows\system32\ggjmlgrf.dll Has been deleted!

Attempting to delete C:\windows\system32\gkalirbi.dll
C:\windows\system32\gkalirbi.dll Has been deleted!

Attempting to delete C:\windows\system32\gpmblkuv.dll
C:\windows\system32\gpmblkuv.dll Has been deleted!

Attempting to delete C:\windows\system32\gpwrmmnq.dll
C:\windows\system32\gpwrmmnq.dll Has been deleted!

Attempting to delete C:\windows\system32\hbblelyu.ini
C:\windows\system32\hbblelyu.ini Has been deleted!

Attempting to delete C:\windows\system32\heawgtwy.ini
C:\windows\system32\heawgtwy.ini Has been deleted!

Attempting to delete C:\windows\system32\hibwjchd.exe
C:\windows\system32\hibwjchd.exe Has been deleted!

Attempting to delete C:\windows\system32\hpcfmout.ini
C:\windows\system32\hpcfmout.ini Has been deleted!

Attempting to delete C:\windows\system32\hxevncsk.dll
C:\windows\system32\hxevncsk.dll Has been deleted!

Attempting to delete C:\windows\system32\ianbnigs.dll
C:\windows\system32\ianbnigs.dll Has been deleted!

Attempting to delete C:\windows\system32\iaqyhtvp.ini
C:\windows\system32\iaqyhtvp.ini Has been deleted!

Attempting to delete C:\windows\system32\ibrilakg.ini
C:\windows\system32\ibrilakg.ini Has been deleted!

Attempting to delete C:\windows\system32\idpnhuvl.dll
C:\windows\system32\idpnhuvl.dll Has been deleted!

Attempting to delete C:\windows\system32\ifkjdokf.dll
C:\windows\system32\ifkjdokf.dll Has been deleted!

Attempting to delete C:\windows\system32\iiffcba.dll
C:\windows\system32\iiffcba.dll Could not be deleted.

Attempting to delete C:\windows\system32\irugxiun.dll
C:\windows\system32\irugxiun.dll Has been deleted!

Attempting to delete C:\windows\system32\itopebxv.ini
C:\windows\system32\itopebxv.ini Has been deleted!

Attempting to delete C:\windows\system32\iuflhloe.dll
C:\windows\system32\iuflhloe.dll Has been deleted!

Attempting to delete C:\windows\system32\iwrglwkq.dll
C:\windows\system32\iwrglwkq.dll Has been deleted!

Attempting to delete C:\windows\system32\j8261037.dll
C:\windows\system32\j8261037.dll Has been deleted!

Attempting to delete C:\windows\system32\jdeeyccl.ini
C:\windows\system32\jdeeyccl.ini Has been deleted!

Attempting to delete C:\windows\system32\jenaccak.dll
C:\windows\system32\jenaccak.dll Has been deleted!

Attempting to delete C:\windows\system32\jgefqwox.dll
C:\windows\system32\jgefqwox.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\jkhfe.dll Could not be deleted.

Attempting to delete C:\windows\system32\jtadywhb.dll
C:\windows\system32\jtadywhb.dll Has been deleted!

Attempting to delete C:\windows\system32\jxutfruo.ini
C:\windows\system32\jxutfruo.ini Has been deleted!

Attempting to delete C:\windows\system32\kaccanej.ini
C:\windows\system32\kaccanej.ini Has been deleted!

Attempting to delete C:\windows\system32\kjlmyxvn.dll
C:\windows\system32\kjlmyxvn.dll Has been deleted!

Attempting to delete C:\windows\system32\kkkafsyb.dll
C:\windows\system32\kkkafsyb.dll Has been deleted!

Attempting to delete C:\windows\system32\kkocyaml.ini
C:\windows\system32\kkocyaml.ini Has been deleted!

Attempting to delete C:\windows\system32\kvisamud.dll
C:\windows\system32\kvisamud.dll Has been deleted!

Attempting to delete C:\windows\system32\kwstutos.ini
C:\windows\system32\kwstutos.ini Has been deleted!

Attempting to delete C:\windows\system32\lasrvdop.dll
C:\windows\system32\lasrvdop.dll Has been deleted!

Attempting to delete C:\windows\system32\lccyeedj.dll
C:\windows\system32\lccyeedj.dll Has been deleted!

Attempting to delete C:\windows\system32\lcsbpjvv.ini
C:\windows\system32\lcsbpjvv.ini Has been deleted!

Attempting to delete C:\windows\system32\lfeiwxpd.dll
C:\windows\system32\lfeiwxpd.dll Has been deleted!

Attempting to delete C:\windows\system32\lmaycokk.dll
C:\windows\system32\lmaycokk.dll Has been deleted!

Attempting to delete C:\windows\system32\lnclscgf.dll
C:\windows\system32\lnclscgf.dll Has been deleted!

Attempting to delete C:\windows\system32\lpaxxquo.dll
C:\windows\system32\lpaxxquo.dll Has been deleted!

Attempting to delete C:\windows\system32\lvuhnpdi.ini
C:\windows\system32\lvuhnpdi.ini Has been deleted!

Attempting to delete C:\windows\system32\lwpxuqwp.dll
C:\windows\system32\lwpxuqwp.dll Has been deleted!

Attempting to delete C:\windows\system32\mfdqolmb.dll
C:\windows\system32\mfdqolmb.dll Has been deleted!

Attempting to delete C:\windows\system32\mhfhjrpf.ini
C:\windows\system32\mhfhjrpf.ini Has been deleted!

Attempting to delete C:\windows\system32\mrjdcpcv.exe
C:\windows\system32\mrjdcpcv.exe Could not be deleted.

Attempting to delete C:\windows\system32\muokwqgr.exe
C:\windows\system32\muokwqgr.exe Has been deleted!

Attempting to delete C:\windows\system32\mxylfmfg.dll
C:\windows\system32\mxylfmfg.dll Has been deleted!

Attempting to delete C:\windows\system32\ndxvrafs.ini
C:\windows\system32\ndxvrafs.ini Has been deleted!

Attempting to delete C:\windows\system32\nheprhac.dll
C:\windows\system32\nheprhac.dll Has been deleted!

Attempting to delete C:\windows\system32\nkufmwsy.dll
C:\windows\system32\nkufmwsy.dll Has been deleted!

Attempting to delete C:\windows\system32\nnnxafip.dll
C:\windows\system32\nnnxafip.dll Has been deleted!

Attempting to delete C:\windows\system32\nuixguri.ini
C:\windows\system32\nuixguri.ini Has been deleted!

Attempting to delete C:\windows\system32\nxebohsp.dll
C:\windows\system32\nxebohsp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oaqqccki.dll
C:\WINDOWS\system32\oaqqccki.dll Has been deleted!

Attempting to delete C:\windows\system32\olnnsscf.ini
C:\windows\system32\olnnsscf.ini Has been deleted!

Attempting to delete C:\windows\system32\oremcswe.dll
C:\windows\system32\oremcswe.dll Has been deleted!

Attempting to delete C:\windows\system32\ouqxxapl.ini
C:\windows\system32\ouqxxapl.ini Has been deleted!

Attempting to delete C:\windows\system32\ourftuxj.dll
C:\windows\system32\ourftuxj.dll Has been deleted!

Attempting to delete C:\windows\system32\oycwpjkv.exe
C:\windows\system32\oycwpjkv.exe Has been deleted!

Attempting to delete C:\windows\system32\oyxnyycd.ini
C:\windows\system32\oyxnyycd.ini Has been deleted!

Attempting to delete C:\windows\system32\pftexcsx.dll
C:\windows\system32\pftexcsx.dll Has been deleted!

Attempting to delete C:\windows\system32\pifaxnnn.ini
C:\windows\system32\pifaxnnn.ini Has been deleted!

Attempting to delete C:\windows\system32\pikryffx.dll
C:\windows\system32\pikryffx.dll Has been deleted!

Attempting to delete C:\windows\system32\podvrsal.ini
C:\windows\system32\podvrsal.ini Has been deleted!

Attempting to delete C:\windows\system32\pvthyqai.dll
C:\windows\system32\pvthyqai.dll Has been deleted!

Attempting to delete C:\windows\system32\pxldflix.ini
C:\windows\system32\pxldflix.ini Has been deleted!

Attempting to delete C:\windows\system32\pyutxiba.dll
C:\windows\system32\pyutxiba.dll Has been deleted!

Attempting to delete C:\windows\system32\qjsgulnq.ini
C:\windows\system32\qjsgulnq.ini Has been deleted!

Attempting to delete C:\windows\system32\qkwlgrwi.ini
C:\windows\system32\qkwlgrwi.ini Has been deleted!

Attempting to delete C:\windows\system32\qnhixxir.ini
C:\windows\system32\qnhixxir.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qnlugsjq.dll
C:\WINDOWS\system32\qnlugsjq.dll Could not be deleted.

Attempting to delete C:\windows\system32\qnmmrwpg.ini
C:\windows\system32\qnmmrwpg.ini Has been deleted!

Attempting to delete C:\windows\system32\qomuxftf.ini
C:\windows\system32\qomuxftf.ini Has been deleted!

Attempting to delete C:\windows\system32\qphnguhc.dll
C:\windows\system32\qphnguhc.dll Has been deleted!

Attempting to delete C:\windows\system32\qqvbhsix.exe
C:\windows\system32\qqvbhsix.exe Has been deleted!

Attempting to delete C:\windows\system32\qwmhapti.exe
C:\windows\system32\qwmhapti.exe Has been deleted!

Attempting to delete C:\windows\system32\qxjkgxcx.dll
C:\windows\system32\qxjkgxcx.dll Has been deleted!

Attempting to delete C:\windows\system32\rcqeyflw.dll
C:\windows\system32\rcqeyflw.dll Has been deleted!

Attempting to delete C:\windows\system32\rcxtmlte.ini
C:\windows\system32\rcxtmlte.ini Has been deleted!

Attempting to delete C:\windows\system32\rdmvvrsr.ini
C:\windows\system32\rdmvvrsr.ini Has been deleted!

Attempting to delete C:\windows\system32\rixxihnq.dll
C:\windows\system32\rixxihnq.dll Has been deleted!

Attempting to delete C:\windows\system32\rnvbnvnw.ini
C:\windows\system32\rnvbnvnw.ini Has been deleted!

Attempting to delete C:\windows\system32\rspsivdw.dll
C:\windows\system32\rspsivdw.dll Has been deleted!

Attempting to delete C:\windows\system32\rsrvvmdr.dll
C:\windows\system32\rsrvvmdr.dll Has been deleted!

Attempting to delete C:\windows\system32\sebaxpox.ini
C:\windows\system32\sebaxpox.ini Has been deleted!

Attempting to delete C:\windows\system32\sfarvxdn.dll
C:\windows\system32\sfarvxdn.dll Has been deleted!

Attempting to delete C:\windows\system32\sginbnai.ini
C:\windows\system32\sginbnai.ini Has been deleted!

Attempting to delete C:\windows\system32\sjplxllx.dll
C:\windows\system32\sjplxllx.dll Has been deleted!

Attempting to delete C:\windows\system32\smauxgnv.dll
C:\windows\system32\smauxgnv.dll Has been deleted!

Attempting to delete C:\windows\system32\sotutswk.dll
C:\windows\system32\sotutswk.dll Has been deleted!

Attempting to delete C:\windows\system32\stdjocfv.dll
C:\windows\system32\stdjocfv.dll Has been deleted!

Attempting to delete C:\windows\system32\sxqykeau.ini
C:\windows\system32\sxqykeau.ini Has been deleted!

Attempting to delete C:\windows\system32\tjlbjlhx.ini
C:\windows\system32\tjlbjlhx.ini Has been deleted!

Attempting to delete C:\windows\system32\trsfhjqu.dll
C:\windows\system32\trsfhjqu.dll Has been deleted!

Attempting to delete C:\windows\system32\tuomfcph.dll
C:\windows\system32\tuomfcph.dll Has been deleted!

Attempting to delete C:\windows\system32\uaekyqxs.dll
C:\windows\system32\uaekyqxs.dll Has been deleted!

Attempting to delete C:\windows\system32\uhqogewe.dll
C:\windows\system32\uhqogewe.dll Has been deleted!

Attempting to delete C:\windows\system32\uksuvmma.dll
C:\windows\system32\uksuvmma.dll Has been deleted!

Attempting to delete C:\windows\system32\umtfxlkg.exe
C:\windows\system32\umtfxlkg.exe Has been deleted!

Attempting to delete C:\windows\system32\uscgancd.ini
C:\windows\system32\uscgancd.ini Has been deleted!

Attempting to delete C:\windows\system32\uvvfcswi.dll
C:\windows\system32\uvvfcswi.dll Has been deleted!

Attempting to delete C:\windows\system32\uxhiawgi.dll
C:\windows\system32\uxhiawgi.dll Has been deleted!

Attempting to delete C:\windows\system32\uylelbbh.dll
C:\windows\system32\uylelbbh.dll Has been deleted!

Attempting to delete C:\windows\system32\vabxhqxs.exe
C:\windows\system32\vabxhqxs.exe Has been deleted!

Attempting to delete C:\windows\system32\vcwohrdd.ini
C:\windows\system32\vcwohrdd.ini Has been deleted!

Attempting to delete C:\windows\system32\vfcojdts.ini
C:\windows\system32\vfcojdts.ini Has been deleted!

Attempting to delete C:\windows\system32\vkmvfyka.dll
C:\windows\system32\vkmvfyka.dll Has been deleted!

Attempting to delete C:\windows\system32\vngxuams.ini
C:\windows\system32\vngxuams.ini Has been deleted!

Attempting to delete C:\windows\system32\vvjpbscl.dll
C:\windows\system32\vvjpbscl.dll Has been deleted!

Attempting to delete C:\windows\system32\vxbepoti.dll
C:\windows\system32\vxbepoti.dll Has been deleted!

Attempting to delete C:\windows\system32\wdafwnpc.dll
C:\windows\system32\wdafwnpc.dll Has been deleted!

Attempting to delete C:\windows\system32\wdvispsr.ini
C:\windows\system32\wdvispsr.ini Has been deleted!

Attempting to delete C:\windows\system32\wftmoxgb.ini
C:\windows\system32\wftmoxgb.ini Has been deleted!

Attempting to delete C:\windows\system32\wgbopxpl.dll
C:\windows\system32\wgbopxpl.dll Has been deleted!

Attempting to delete C:\windows\system32\wlfyeqcr.ini
C:\windows\system32\wlfyeqcr.ini Has been deleted!

Attempting to delete C:\windows\system32\wnvnbvnr.dll
C:\windows\system32\wnvnbvnr.dll Has been deleted!

Attempting to delete C:\windows\system32\xcxgkjxq.ini
C:\windows\system32\xcxgkjxq.ini Has been deleted!

Attempting to delete C:\windows\system32\xffyrkip.ini
C:\windows\system32\xffyrkip.ini Has been deleted!

Attempting to delete C:\windows\system32\xhljbljt.dll
C:\windows\system32\xhljbljt.dll Has been deleted!

Attempting to delete C:\windows\system32\xilfdlxp.dll
C:\windows\system32\xilfdlxp.dll Has been deleted!

Attempting to delete C:\windows\system32\xivgwmdb.ini
C:\windows\system32\xivgwmdb.ini Has been deleted!

Attempting to delete C:\windows\system32\xllxlpjs.ini
C:\windows\system32\xllxlpjs.ini Has been deleted!

Attempting to delete C:\windows\system32\xopxabes.dll
C:\windows\system32\xopxabes.dll Has been deleted!

Attempting to delete C:\windows\system32\xowqfegj.ini
C:\windows\system32\xowqfegj.ini Has been deleted!

Attempting to delete C:\windows\system32\xpkxxljp.dll
C:\windows\system32\xpkxxljp.dll Has been deleted!

Attempting to delete C:\windows\system32\xscxetfp.ini
C:\windows\system32\xscxetfp.ini Has been deleted!

Attempting to delete C:\windows\system32\yfufifva.dll
C:\windows\system32\yfufifva.dll Has been deleted!

Attempting to delete C:\windows\system32\ywtgwaeh.dll
C:\windows\system32\ywtgwaeh.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 03:40:21 2007-07-03

Listing files found while scanning....

C:\windows\system32\iiffcba.dll
C:\windows\system32\jkhfe.dll
C:\windows\system32\mrjdcpcv.exe
C:\windows\system32\qnlugsjq.dll

Beginning removal...

Attempting to delete C:\windows\system32\iiffcba.dll
C:\windows\system32\iiffcba.dll Could not be deleted.

Attempting to delete C:\windows\system32\jkhfe.dll
C:\windows\system32\jkhfe.dll Has been deleted!

Attempting to delete C:\windows\system32\mrjdcpcv.exe
C:\windows\system32\mrjdcpcv.exe Has been deleted!

Attempting to delete C:\windows\system32\qnlugsjq.dll
C:\windows\system32\qnlugsjq.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\iiffcba.dll
C:\windows\system32\iiffcba.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 03:54:17 2007-07-03

Listing files found while scanning....

No infected files were found.

well i got quite a lot of antivirus i dont know which one to keep or delete
il give you a list please tell me which ones the best to keep. I dont want to clog my system up with them.

Spybot Search And Destroy
SpywareBlaster
Super Antivirus Free Edtion

MFDnNC · Jul 3, 2007

The first 2 are antiSpyware not AntiVirus

Did you mean this for the 3rd - SUPERAntiSpyware - it is not an AntiVirus either

Get AVG as I posted, do a scan, and then post a new hijack log

shaji007 · Jul 3, 2007

did the virus scan which took forever any this is the latest HiJack this log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:41, on 2007-07-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Home\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\SpeedItUpFree\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168431977546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://support.installshield.com/kb/files/Q105097/OCI/isetup.cab
O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://www.theradclyffeschool.co.uk:6226/program/SonySncRz25View.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\system32\snmptrap.exe (file missing)

--
End of file - 9652 bytes

MFDnNC · Jul 3, 2007

Clean
If you feel its is fixed mark it solved via Thread Tools above

Turn off restore points, boot, turn them back on heres how

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

This clears infected restore points and sets a new, clean one.

shaji007 · Jul 3, 2007

thanks for ya help and time XD

Log in or Sign up

Solved: pop up..CPVfeed and other spyware

shaji007 Thread Starter

MFDnNC

shaji007 Thread Starter

MFDnNC

MFDnNC

shaji007 Thread Starter

MFDnNC

shaji007 Thread Starter

MFDnNC

shaji007 Thread Starter

Sponsor

Welcome to Tech Support Guy!

Log in or Sign up

Solved: pop up..CPVfeed and other spyware

shaji007 Thread Starter

MFDnNC

shaji007 Thread Starter

MFDnNC

MFDnNC

shaji007 Thread Starter

MFDnNC

shaji007 Thread Starter

MFDnNC

shaji007 Thread Starter

Sponsor

Welcome to Tech Support Guy!

Useful Searches