1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: "Security Warning" & Internet Explorer Crashing

Discussion in 'Virus & Other Malware Removal' started by keane, Nov 5, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. keane

    keane Thread Starter

    Joined:
    Nov 5, 2006
    Messages:
    13
    Hello,

    I've been having this problem for the past few days where my internet explorer (7) crashes everytime I run it (I'm working in safe mode now), and there is this red icon near the clock which says "Security warning: your computer may be infected with harmful or unwanted software" when i put the mouse over it.

    I've tried running a full system scan with PC-Cillin 2006, ewido, spybot, trojan hunter but the problems keep occuring. Any help would be appreciated.

    I'm running Windows XP Home and here is a log file from HijackThis....



    Logfile of HijackThis v1.99.1
    Scan saved at 11:52:52 AM, on 11/6/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Johnny\Desktop\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {079E20EF-9827-C88F-7922-B7CE6DCBBE9F} - C:\WINDOWS\system32\jjr.dll (file missing)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30F1BF12-089A-1033-0803-040712040001}\MyToolBar.dll
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [sqqf1.exe] C:\WINDOWS\TEMP\sqqf1.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [gyllagj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\gyllagj.dll,samuebf
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvkub.dll,startup
    O4 - HKLM\..\Run: [yxvjyed.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\yxvjyed.dll,oexcpyc
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [kgozilm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\kgozilm.dll,eizrruf
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Ippe] "C:\PROGRA~1\COMMON~1\WNSXS~1\iexplore.exe" -vt yazb
    O4 - HKCU\..\Run: [Mqmnkw] C:\Program Files\Common Files\?ymbols\n?tdde.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158770414312
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: SecYlh - Unknown owner - \\?\C:\Program Files\Common Files\Services\lpt4.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SrvSaq - Unknown owner - \\?\C:\Program Files\Common Files\System\lpt8.exe (file missing)
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: UpdUzn - Unknown owner - \\?\C:\Program Files\Common Files\System\lpt1.exe (file missing)


    Thank you.
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Hi, keane :)

    Welcome to TSG.

    Please download the Killbox by Option^Explicit.

    Note: In the event you already have Killbox, this is a new version that I need you to download.
    • Save it to your desktop.
    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {079E20EF-9827-C88F-7922-B7CE6DCBBE9F} - C:\WINDOWS\system32\jjr.dll (file missing)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30F1BF12-089A-1033-0803-040712040001}\MyToolBar.dll
    O4 - HKLM\..\Run: [sqqf1.exe] C:\WINDOWS\TEMP\sqqf1.exe
    O4 - HKLM\..\Run: [gyllagj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\gyllagj.dll,samuebf
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvkub.dll,startup
    O4 - HKLM\..\Run: [yxvjyed.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\yxvjyed.dll,oexcpyc
    O4 - HKLM\..\Run: [kgozilm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\kgozilm.dll,eizrruf
    O4 - HKCU\..\Run: [Ippe] "C:\PROGRA~1\COMMON~1\WNSXS~1\iexplore.exe" -vt yazb
    O4 - HKCU\..\Run: [Mqmnkw] C:\Program Files\Common Files\?ymbols\n?tdde.exe
    O23 - Service: SecYlh - Unknown owner - \\?\C:\Program Files\Common Files\Services\lpt4.exe (file missing)
    O23 - Service: SrvSaq - Unknown owner - \\?\C:\Program Files\Common Files\System\lpt8.exe (file missing)
    O23 - Service: UpdUzn - Unknown owner - \\?\C:\Program Files\Common Files\System\lpt1.exe (file missing)

    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis.

    Reboot into safe mode.

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    VSToolbar
    VSAdd-in
    ToolBar888


    Please note any other programs that you dont recognize in that list in your next response

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

    C:\Program Files\VSAdd-in
    C:\Program Files\Common Files\WNSXS~1 ->Folder's name first six letters are WNSXS
    C:\Program Files\Common Files\?ymbols -> Note the "?" symbol on its name


    • Please double-click Killbox.exe to run it.
    • Select:
      • Delete on Reboot
      • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\Program Files\Common Files\{30F1BF12-089A-1033-0803-040712040001}\MyToolBar.dll
      C:\WINDOWS\TEMP\sqqf1.exe
      C:\WINDOWS\system32\gyllagj.dll
      C:\WINDOWS\system32\drvkub.dll
      C:\WINDOWS\system32\yxvjyed.dll
      C:\WINDOWS\system32\kgozilm.dll
      C:\Program Files\Common Files\Services\lpt1.exe
      C:\Program Files\Common Files\Services\lpt4.exe
      C:\Program Files\Common Files\Services\lpt8.exe


    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

    1. Please download Combofix to your desktop from Here or Here:
    2. Double click combofix.exe and follow the prompts.
    3. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  3. keane

    keane Thread Starter

    Joined:
    Nov 5, 2006
    Messages:
    13
    Hello JSntgRvr :)

    Thank you for your reply.

    I ran all the tasks you mentioned... the only things different to what you explained where that I did not have VSToolbar in the Add/Remove Progams section, and in explorer I only had to delete C:\Program Files\VSAdd-in folder. (I removed something called OCI from the Add/Remove Progams section if i remember correctly)

    Also I did not recieve the PendingFileRenameOperations prompt while running Killbox.

    I will post the Combofix and new HiJackThis reports below.

    Johnny - 06-11-06 14:55:17.78 Service Pack 2
    ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Johnny\Desktop"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\ishost.exe
    C:\WINDOWS\system32\ismini.exe
    C:\WINDOWS\system32\components
    C:\Program Files\Common Files\{50F1BF12-089A-1033-0803-040712040001}

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    Folders Quarantined:

    C:\QooBox\Purity\Program Files\Common Files\WNSXS~1
    C:\QooBox\Purity\Program Files\Common Files\YMBOLS~1
    C:\QooBox\Purity\Program Files\Common Files\WNSXS~1\W?nSxS
    C:\QooBox\Purity\Program Files\Common Files\YMBOLS~1\n?tdde.exe


    ((((((((((((((((((((((((((((((( Files Created from 2006-10-06 to 2006-11-06 ))))))))))))))))))))))))))))))))))


    2006-11-06 01:57 72,704 --a------ C:\WINDOWS\system32\irlxtkb.dll
    2006-11-06 01:57 40,973 ---hs---- C:\WINDOWS\system32\qomlmnn.dll
    2006-11-06 01:57 2 --a------ C:\WINDOWS\system32\wnstssv.exe
    2006-11-06 01:38 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2006-11-05 22:21 60,436 --a------ C:\WINDOWS\system32\yrwmitjg.dll
    2006-11-05 22:20 692,276 ---hs---- C:\WINDOWS\system32\ddayx.dll
    2006-11-05 22:20 602,228 ---hs---- C:\WINDOWS\system32\xyadd.bak1
    2006-11-05 22:20 110,612 --a------ C:\WINDOWS\system32\wdepfcdu.exe
    2006-11-05 21:48 72,192 --a------ C:\WINDOWS\system32\kzfqhqh.dll
    2006-11-05 21:46 59,392 --a------ C:\WINDOWS\system32\drvgun.dll
    2006-11-05 21:46 40,973 ---hs---- C:\WINDOWS\system32\iifgecy.dll
    2006-11-04 03:46 71,680 --a------ C:\WINDOWS\system32\rpqwjmi.dll
    2006-11-04 03:44 59,392 --a------ C:\WINDOWS\system32\drvres.dll
    2006-11-04 03:44 15,872 --a------ C:\WINDOWS\system32\winrvc32.dll
    2006-11-01 17:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2006-11-01 17:36 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2006-11-01 17:36 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2006-10-08 17:40 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2006-10-08 17:39 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-06 14:56 -------- d-------- C:\Program Files\Common Files
    2006-11-06 01:37 -------- d-------- C:\Program Files\Grisoft
    2006-11-06 00:00 -------- d-------- C:\Program Files\PokerStars
    2006-11-05 21:17 -------- d-------- C:\Documents and Settings\Johnny\Application Data\TrojanHunter
    2006-11-05 21:15 -------- d-------- C:\Program Files\TrojanHunter 4.6
    2006-11-04 03:43 -------- d-------- C:\Program Files\WinRAR
    2006-11-01 12:59 -------- d-------- C:\Program Files\Apple Software Update
    2006-10-31 10:03 -------- d-------- C:\Documents and Settings\Johnny\Application Data\Help
    2006-10-28 16:22 -------- d-------- C:\Program Files\TVAnts
    2006-10-28 16:16 -------- d-------- C:\Documents and Settings\Johnny\Application Data\SopCast
    2006-10-28 16:15 -------- d-------- C:\Program Files\SopCast
    2006-10-17 02:37 -------- d-------- C:\Documents and Settings\Johnny\Application Data\Mozilla
    2006-10-12 15:25 -------- d-------- C:\Documents and Settings\Johnny\Application Data\Sun
    2006-10-08 17:37 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-10-08 17:35 -------- d-------- C:\Program Files\KONAMI
    2006-10-03 01:05 -------- d-------- C:\Program Files\BitComet
    2006-10-01 13:34 -------- d-------- C:\Documents and Settings\Johnny\Application Data\Google
    2006-09-30 22:34 -------- d-------- C:\Program Files\Google
    2006-09-29 18:32 -------- d-------- C:\Documents and Settings\Johnny\Application Data\InterVideo
    2006-09-29 16:03 -------- d-------- C:\Documents and Settings\Johnny\Application Data\AdobeUM
    2006-09-28 20:53 -------- d-------- C:\Program Files\InterVideo
    2006-09-28 20:53 -------- d-------- C:\Program Files\Creative
    2006-09-28 20:53 -------- d-------- C:\Program Files\Common Files\InterVideo
    2006-09-28 15:17 -------- d---s---- C:\Documents and Settings\Johnny\Application Data\Microsoft
    2006-09-28 09:56 -------- d-------- C:\Documents and Settings\Johnny\Application Data\Macromedia
    2006-09-28 00:59 -------- d-------- C:\Program Files\Macromedia
    2006-09-28 00:58 -------- d-------- C:\Program Files\Common Files\Macromedia
    2006-09-26 02:29 -------- d-------- C:\Program Files\OfficeUpdate11
    2006-09-26 02:18 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
    2006-09-26 00:45 -------- d-------- C:\Program Files\Microsoft ActiveSync
    2006-09-26 00:44 -------- d-------- C:\Program Files\Microsoft Office
    2006-09-26 00:44 -------- d-------- C:\Program Files\Common Files\System
    2006-09-26 00:44 -------- d-------- C:\Program Files\Common Files\DESIGNER
    2006-09-25 19:15 -------- d-------- C:\Documents and Settings\Johnny\Application Data\Ahead
    2006-09-25 13:37 -------- d-------- C:\Program Files\Windows Media Player
    2006-09-25 13:17 81920 --a------ C:\Documents and Settings\Johnny\Application Data\ezpinst.exe
    2006-09-25 13:17 7176 --a------ C:\Documents and Settings\Johnny\Application Data\pcouffin.cat
    2006-09-25 13:17 55 --a------ C:\Documents and Settings\Johnny\Application Data\pcouffin.log
    2006-09-25 13:17 47360 --a------ C:\Documents and Settings\Johnny\Application Data\pcouffin.sys
    2006-09-25 13:17 1144 --a------ C:\Documents and Settings\Johnny\Application Data\pcouffin.inf
    2006-09-25 13:17 -------- d-------- C:\Program Files\VSO
    2006-09-25 13:17 -------- d-------- C:\Documents and Settings\Johnny\Application Data\Vso
    2006-09-25 11:22 -------- d-------- C:\Program Files\Nero
    2006-09-25 11:22 -------- d-------- C:\Program Files\Common Files\Ahead
    2006-09-25 02:04 -------- d-------- C:\Documents and Settings\Johnny\Application Data\1ClickDVDCopy
    2006-09-25 01:43 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
    2006-09-23 14:09 -------- d-------- C:\Program Files\GameSpy Arcade
    2006-09-23 14:03 -------- d-------- C:\Program Files\EA GAMES
    2006-09-23 03:10 -------- d-------- C:\Program Files\Common Files\Logitech
    2006-09-23 03:03 -------- d-------- C:\Program Files\Logitech
    2006-09-23 02:51 -------- d-------- C:\Program Files\Common Files\FotoWire
    2006-09-23 02:51 -------- d-------- C:\Documents and Settings\Johnny\Application Data\FotoWire
    2006-09-23 02:49 81920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
    2006-09-23 01:54 -------- dr-h----- C:\Documents and Settings\Johnny\Application Data\yahoo!
    2006-09-22 18:53 -------- d-------- C:\Program Files\Yahoo!
    2006-09-22 01:54 -------- d-------- C:\Program Files\LimeWire
    2006-09-22 01:54 -------- d-------- C:\Program Files\Java
    2006-09-22 01:52 -------- d-------- C:\Program Files\Common Files\Java
    2006-09-22 01:07 -------- d-------- C:\Documents and Settings\Johnny\Application Data\Adobe
    2006-09-22 01:06 -------- d-------- C:\Program Files\Common Files\Adobe
    2006-09-22 01:05 875 --a------ C:\Documents and Settings\Johnny\Application Data\AdobeDLM.log
    2006-09-22 01:05 0 --a------ C:\Documents and Settings\Johnny\Application Data\dm.ini
    2006-09-22 01:05 -------- d-------- C:\Program Files\Adobe
    2006-09-21 23:45 -------- d-------- C:\Documents and Settings\Johnny\Application Data\Apple Computer
    2006-09-21 22:45 -------- d-------- C:\Program Files\QuickTime
    2006-09-21 22:45 -------- d-------- C:\Program Files\iTunes
    2006-09-21 22:45 -------- d-------- C:\Program Files\iPod
    2006-09-21 19:14 -------- d-------- C:\Program Files\DivX
    2006-09-21 12:07 -------- d-------- C:\Program Files\VIA
    2006-09-21 11:53 44 --a------ C:\WINDOWS\system32\msssc.dll
    2006-09-21 11:48 -------- d-------- C:\Program Files\Common Files\InstallShield
    2006-09-21 11:48 -------- d-------- C:\Program Files\Analog Devices
    2006-09-21 04:41 -------- d-------- C:\Program Files\Messenger
    2006-09-21 04:39 -------- d-------- C:\Program Files\Outlook Express
    2006-09-21 04:37 -------- d-------- C:\Program Files\Windows Media Connect 2
    2006-09-21 04:28 -------- d-------- C:\Program Files\Internet Explorer
    2006-09-21 04:12 -------- d-------- C:\Program Files\MSN Messenger
    2006-09-21 04:03 -------- d-------- C:\Program Files\Movie Maker
    2006-09-21 04:01 -------- d-------- C:\Program Files\Windows NT
    2006-09-21 04:01 -------- d-------- C:\Program Files\NetMeeting
    2006-09-19 12:12 62 --ahs---- C:\Documents and Settings\Johnny\Application Data\desktop.ini
    2006-09-19 12:12 -------- d-------- C:\Program Files\Common Files\SpeechEngines
    2006-09-19 12:12 -------- d-------- C:\Program Files\Common Files\ODBC
    2006-09-19 05:11 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
    2006-09-19 05:11 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
    2006-09-19 05:11 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
    2006-09-19 05:11 620180 --a------ C:\WINDOWS\system32\DivX.dll
    2006-09-19 03:20 12800 --a------ C:\WINDOWS\system32\ddaa.dll
    2006-09-19 03:18 -------- d-------- C:\Program Files\Common Files\Services
    2006-09-19 03:10 -------- d--h----- C:\Program Files\WindowsUpdate
    2006-09-19 02:50 -------- d-------- C:\Program Files\Marvell
    2006-09-19 02:27 -------- d-------- C:\Program Files\Trend Micro
    2006-09-19 02:23 -------- d--h----- C:\Program Files\Uninstall Information
    2006-09-19 02:23 -------- d-------- C:\Documents and Settings\Johnny\Application Data\Identities
    2006-09-19 02:19 0 -rahs---- C:\MSDOS.SYS
    2006-09-19 02:19 0 -rahs---- C:\IO.SYS
    2006-09-19 02:19 0 --a------ C:\CONFIG.SYS
    2006-09-19 02:19 0 --a------ C:\AUTOEXEC.BAT
    2006-09-19 02:19 -------- d-------- C:\Program Files\xerox
    2006-09-19 02:19 -------- d-------- C:\Program Files\microsoft frontpage
    2006-09-19 02:17 -------- d-------- C:\Program Files\Online Services
    2006-09-19 02:17 -------- d-------- C:\Program Files\MSN
    2006-09-19 02:17 -------- d-------- C:\Program Files\ComPlus Applications
    2006-09-19 02:17 -------- d-------- C:\Program Files\Common Files\MSSoap
    2006-09-19 02:16 -------- d-------- C:\Program Files\MSN Gaming Zone
    2006-09-13 16:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
    2006-09-06 21:27 31248 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
    2006-09-06 21:27 197648 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
    2006-09-06 21:09 1051456 --a------ C:\WINDOWS\system32\drivers\VsapiNT.sys
    2006-08-26 02:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
    2006-08-24 21:26 95288 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
    2006-08-24 20:19 316416 --------- C:\WINDOWS\system32\WUDFx.dll
    2006-08-24 20:19 145920 --------- C:\WINDOWS\system32\WudfHost.exe
    2006-08-24 20:18 56320 --------- C:\WINDOWS\system32\WudfSvc.dll
    2006-08-24 20:18 168448 --------- C:\WINDOWS\system32\WudfPlatform.dll
    2006-08-23 01:31 5906432 --------- C:\WINDOWS\system32\ieframe.dll
    2006-08-23 01:31 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
    2006-08-23 01:31 457728 --------- C:\WINDOWS\system32\msfeeds.dll
    2006-08-23 01:31 413696 --a------ C:\WINDOWS\system32\vbscript.dll
    2006-08-23 01:31 225792 --a------ C:\WINDOWS\system32\webcheck.dll
    2006-08-23 01:31 175616 --------- C:\WINDOWS\system32\ieui.dll
    2006-08-23 01:31 152064 --a------ C:\WINDOWS\system32\msls31.dll
    2006-08-23 01:18 78336 --a------ C:\WINDOWS\system32\ieencode.dll
    2006-08-23 01:18 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
    2006-08-23 01:17 40448 --a------ C:\WINDOWS\system32\licmgr10.dll
    2006-08-23 01:17 105472 --a------ C:\WINDOWS\system32\url.dll
    2006-08-23 01:17 100352 --a------ C:\WINDOWS\system32\occache.dll
    2006-08-23 01:16 16896 --a------ C:\WINDOWS\system32\corpol.dll
    2006-08-23 01:14 378368 --a------ C:\WINDOWS\system32\iedkcs32.dll
    2006-08-23 01:14 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
    2006-08-23 01:13 71680 --a------ C:\WINDOWS\system32\admparse.dll
    2006-08-23 01:13 55296 --a------ C:\WINDOWS\system32\iesetup.dll
    2006-08-23 01:13 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
    2006-08-23 01:13 43008 --a------ C:\WINDOWS\system32\iernonce.dll
    2006-08-23 01:13 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
    2006-08-23 01:13 122880 --a------ C:\WINDOWS\system32\advpack.dll
    2006-08-23 01:13 11776 --a------ C:\WINDOWS\system32\ieudinit.exe
    2006-08-23 01:11 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
    2006-08-23 01:10 61440 --------- C:\WINDOWS\system32\icardie.dll
    2006-08-23 01:10 35328 --a------ C:\WINDOWS\system32\imgutil.dll
    2006-08-23 01:09 262656 --------- C:\WINDOWS\system32\iertutil.dll
    2006-08-23 01:07 45568 --a------ C:\WINDOWS\system32\mshta.exe
    2006-08-23 00:37 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
    2006-08-23 00:36 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
    2006-08-23 00:30 161792 --a------ C:\WINDOWS\system32\ieakui.dll
    2006-08-21 23:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
    2006-08-21 20:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
    2006-08-16 22:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
    2006-08-16 18:55 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2006-08-12 04:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
    2006-08-12 04:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2006-08-12 04:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2006-08-12 04:35 109568 --------- C:\WINDOWS\system32\pxinsi64.exe
    2006-08-12 04:35 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2006-08-12 04:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
    2006-08-12 04:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
    2006-08-12 04:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
    2006-08-12 04:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
    2006-08-12 04:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
    2006-08-12 04:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
    2006-08-12 04:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
    2006-08-12 04:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
    2006-08-12 04:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
    2006-08-12 04:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2006-08-12 04:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2006-08-11 22:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
    2006-08-11 22:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
    2006-08-11 22:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
    2006-08-11 22:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
    2006-08-11 22:42 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
    2006-08-11 22:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
    2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
    2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
    2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
    2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
    2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
    2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
    2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
    2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
    2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
    2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
    2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
    2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
    2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
    2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
    2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
    2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
    2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
    2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
    2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
    2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
    2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
    2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
    2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
    2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
    2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
    2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
    2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
    2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
    2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
    2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
    2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
    2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
    "Ptipbmf"="rundll32.exe ptipbmf.dll,SetWriteCacheMode"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
    "zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
    "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
    "{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{234872CE-5649-4C54-994E-09DB662C1CA9}"=""
    "{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispAppearancePage"=dword:00000000
    "NoColorChoice"=dword:00000000
    "NoSizeChoice"=dword:00000000
    "NoDispBackgroundPage"=dword:00000000
    "NoDispScrSavPage"=dword:00000000
    "NoDispCPL"=dword:00000000
    "NoVisualStyleChoice"=dword:00000000
    "NoDispSettingsPage"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "NoActiveDesktop"=dword:00000000
    "NoSaveSettings"=dword:00000000
    "ClassicShell"=dword:00000000
    "NoThemesTab"=dword:00000000
    "ForceActiveDesktopOn"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001
    "DisableTaskMgr"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoActiveDesktopChanges"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "ishost.exe"="ishost.exe"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayx
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgecy
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrvc32

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll"


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    Completion time: 06-11-06 14:57:05.68
    C:\ComboFix.txt ... 06-11-06 14:57



    Thanks.
     
  4. keane

    keane Thread Starter

    Joined:
    Nov 5, 2006
    Messages:
    13
    HiJackThis Report.


    Logfile of HijackThis v1.99.1
    Scan saved at 3:00:00 PM, on 11/6/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Johnny\Desktop\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158770414312
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

    Thanks.
     
  5. keane

    keane Thread Starter

    Joined:
    Nov 5, 2006
    Messages:
    13
    Bump.
     
  6. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Hi, keane. :)

    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
    • When VundoFix re-opens, click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will shutdown your computer, click OK.
    • Turn your computer back on.
    • Please post the contents of C:\vundofix.txt.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.
     
  7. keane

    keane Thread Starter

    Joined:
    Nov 5, 2006
    Messages:
    13
    Hello JSntgRvr, :)

    Once again, thank you for your help. Here is the contents of vundofix.txt


    VundoFix V6.2.7

    Checking Java version...

    Java version is 1.5.0.8

    Scan started at 10:05:59 AM 11/7/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\irlxtkb.dll
    C:\WINDOWS\system32\kzfqhqh.dll
    C:\WINDOWS\system32\winrvc32.dll
    C:\WINDOWS\system32\ddayx.dll
    C:\WINDOWS\system32\xyadd.ini
    C:\WINDOWS\system32\xyadd.bak1

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\irlxtkb.dll
    C:\WINDOWS\system32\irlxtkb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kzfqhqh.dll
    C:\WINDOWS\system32\kzfqhqh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\winrvc32.dll
    C:\WINDOWS\system32\winrvc32.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ddayx.dll
    C:\WINDOWS\system32\ddayx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xyadd.ini
    C:\WINDOWS\system32\xyadd.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xyadd.bak1
    C:\WINDOWS\system32\xyadd.bak1 Has been deleted!

    Performing Repairs to the registry.
    Done!


    There is also a problem with windows update, as it tries to update everyday but fails on...Security Update for Windows Media Player 10 for Windows XP (KB917734). As a result, no updates occur at all as, windows update shuts down when this happens. Could any of this be related? Also is this the right place to be asking about that type of problem?

    Thank you.
     
  8. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Hi, keane. :)

    • Please double-click Killbox.exe to run it.
    • Select:
      • Delete on Reboot
      • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\system32\qomlmnn.dll
      C:\WINDOWS\system32\wnstssv.exe
      C:\WINDOWS\system32\yrwmitjg.dll
      C:\WINDOWS\system32\wdepfcdu.exe
      C:\WINDOWS\system32\drvgun.dll
      C:\WINDOWS\system32\iifgecy.dll
      C:\WINDOWS\system32\rpqwjmi.dll



    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please navigate to the C:\Windows folder. Locate the WindowsUpdate.log file and open it in Notepad. Copy and paste the last ten (10) lines of this log into a reply along with a Hjackthis log.
     
  9. keane

    keane Thread Starter

    Joined:
    Nov 5, 2006
    Messages:
    13
    Hello JSntgRvr,

    Here are the reports you asked for...

    WindowsUpdate.log

    2006-11-07 12:46:13 1072 440 DnldMgr * All files for update were already downloaded and are valid.
    2006-11-07 12:46:13 3064 c0c DtaStor Update service properties: service registered with AU is {7971F918-A847-4430-9279-4A52D1EFE18D}
    2006-11-07 12:46:13 1072 578 AU >>## RESUMED ## AU: Download update [UpdateId = {AEB1A4FF-32D5-4060-A066-0018410F5A7C}, succeeded]
    2006-11-07 12:46:13 1072 440 Agent *********
    2006-11-07 12:46:13 1072 440 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]
    2006-11-07 12:46:13 1072 440 Agent *************
    2006-11-07 12:46:18 1072 5fc Report REPORT EVENT: {6C9085DD-1223-4A19-81E3-0E1F88E0DB31} 2006-11-07 12:46:13+1100 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 08, 2006 at 3:00 AM: - Security Update for Windows Media Player 10 for Windows XP (KB917734)



    HijackThis log...

    Logfile of HijackThis v1.99.1
    Scan saved at 12:44:07 PM, on 11/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\TrojanHunter 4.6\THGuard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Johnny\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soccernet.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {079E20EF-9827-C88F-7922-B7CE6DCBBE9F} - C:\WINDOWS\system32\jjr.dll (file missing)
    O2 - BHO: (no name) - {0E4D9E93-DD6A-555F-9B8A-02AAFD066422} - C:\WINDOWS\system32\rpqwjmi.dll
    O2 - BHO: (no name) - {234872CE-5649-4C54-994E-09DB662C1CA9} - C:\WINDOWS\system32\mljgeec.dll (file missing)
    O2 - BHO: (no name) - {2878BB6E-E12B-80DD-5DEB-031888085CDB} - C:\WINDOWS\system32\irlxtkb.dll (file missing)
    O2 - BHO: (no name) - {33F2FD11-4756-9A4B-D496-06A0E945CE20} - C:\WINDOWS\system32\kzfqhqh.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: (no name) - {A0F7AAD2-C435-43DF-9375-714134193001} - C:\WINDOWS\system32\ddayx.dll (file missing)
    O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\yrwmitjg.dll
    O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\iifgecy.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158770414312
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: iifgecy - C:\WINDOWS\SYSTEM32\iifgecy.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe


    Thank You.
     
  10. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Hi, keane :)

    No errors are logged, which are good news.

    You can download this update and save it to the desktop. Once downloaded, close the download window, go to the desktop and doubleclick on the downloaded file. The installation should begin.

    Here is the link:

    http://www.microsoft.com/downloads/...72-74fd-4281-953f-6f2f12e001e0&displaylang=en


    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    O2 - BHO: (no name) - {079E20EF-9827-C88F-7922-B7CE6DCBBE9F} - C:\WINDOWS\system32\jjr.dll (file missing)
    O2 - BHO: (no name) - {0E4D9E93-DD6A-555F-9B8A-02AAFD066422} - C:\WINDOWS\system32\rpqwjmi.dll
    O2 - BHO: (no name) - {234872CE-5649-4C54-994E-09DB662C1CA9} - C:\WINDOWS\system32\mljgeec.dll (file missing)
    O2 - BHO: (no name) - {2878BB6E-E12B-80DD-5DEB-031888085CDB} - C:\WINDOWS\system32\irlxtkb.dll (file missing)
    O2 - BHO: (no name) - {33F2FD11-4756-9A4B-D496-06A0E945CE20} - C:\WINDOWS\system32\kzfqhqh.dll (file missing)
    O2 - BHO: (no name) - {A0F7AAD2-C435-43DF-9375-714134193001} - C:\WINDOWS\system32\ddayx.dll (file missing)
    O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\yrwmitjg.dll
    O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\iifgecy.dll


    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis.

    Run Killbox.exe. Paste the following locations into Killbox one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click no...and proceed with the next file. Once you get to the last one click YES and it will reboot.

    C:\WINDOWS\system32\rpqwjmi.dll
    C:\WINDOWS\system32\yrwmitjg.dll
    C:\WINDOWS\system32\iifgecy.dll


    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure not to miss any.

    Post a fresh Hijackthis and let me know how it went. Let me also know how is the computer doing.
     
  11. keane

    keane Thread Starter

    Joined:
    Nov 5, 2006
    Messages:
    13
    Hello JSntgRvr, :)

    I downloaded that update from the Microsoft site but when I tried running it, it stopped and the displayed the following error message. "KB917734_WMP10 setup cancelled"

    Other than that my computer is running alot better, Internet Explorer is no longer crashing, that red icon has dissapeared from the task bar, and I used to get messages from PC-Cillin saying a virus was detected (And it would not be able to delete or quarantine them) but I have not had that message recently. :)

    Thank you for you all your help, it is much appreciated.


    Here is the new HijackThis log.


    Logfile of HijackThis v1.99.1
    Scan saved at 1:21:42 PM, on 11/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\TrojanHunter 4.6\THGuard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Documents and Settings\Johnny\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soccernet.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\iifgecy.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158770414312
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: iifgecy - C:\WINDOWS\SYSTEM32\iifgecy.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe



    Thank you.
     
  12. keane

    keane Thread Starter

    Joined:
    Nov 5, 2006
    Messages:
    13
    Also I forgot to mention a few posts ago...when I put these files into killbox...

    C:\WINDOWS\system32\qomlmnn.dll
    C:\WINDOWS\system32\wnstssv.exe
    C:\WINDOWS\system32\yrwmitjg.dll
    C:\WINDOWS\system32\wdepfcdu.exe
    C:\WINDOWS\system32\drvgun.dll
    C:\WINDOWS\system32\iifgecy.dll
    C:\WINDOWS\system32\rpqwjmi.dll


    I got the promtp "PendingFileRenameOperations Registry data has been removed by external process"
     
  13. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Hi, keane :)
    • Download the attached file, unzip it and save it to your C:\ drive.
    • When having saved it, the file path should be C:\remove.txt
    • Download and unzip Avenger to your desktop.
    • Open the Avenger.
    • Check Load Script from File and then click the folder Icon on the right side of that section.
    • Then browse to C:\remove.txt and click open to load it.
      [​IMG]
    • Then click the “green light” icon.
    • This will begin the execution of the script currently in memory.
    • After you have clicked on the “green light” to begin execution of a script, the Avenger will set itself up to run the next time you reboot your computer, and then will prompt you to restart immediately.
    • After your system restarts, a log file should open with the results of Avenger’s actions. This log file is located at C:\avenger.txt. The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backups.zip.
    Post the contents of the C:\avenger.txt file and a fresh Hijackthis log.

    Let me snoop around about this error message.
     

    Attached Files:

  14. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Hi, keane :)

    I will have someone to take a look at this error.
     
  15. keane

    keane Thread Starter

    Joined:
    Nov 5, 2006
    Messages:
    13
    Hello,

    Ok thanks for that.


    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\ojfpyoim

    *******************

    Script file located at: \??\C:\WINDOWS\system32\iewbkksp.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\system32\qomlmnn.dll deleted successfully.
    File C:\WINDOWS\system32\wnstssv.exe deleted successfully.


    File C:\WINDOWS\system32\yrwmitjg.dll not found!
    Deletion of file C:\WINDOWS\system32\yrwmitjg.dll failed!

    Could not process line:
    C:\WINDOWS\system32\yrwmitjg.dll
    Status: 0xc0000034

    File C:\WINDOWS\system32\wdepfcdu.exe deleted successfully.
    File C:\WINDOWS\system32\drvgun.dll deleted successfully.
    File C:\WINDOWS\system32\iifgecy.dll deleted successfully.


    File C:\WINDOWS\system32\rpqwjmi.dll not found!
    Deletion of file C:\WINDOWS\system32\rpqwjmi.dll failed!

    Could not process line:
    C:\WINDOWS\system32\rpqwjmi.dll
    Status: 0xc0000034


    Completed script processing.

    *******************

    Finished! Terminate.





    Logfile of HijackThis v1.99.1
    Scan saved at 2:48:37 PM, on 11/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\TrojanHunter 4.6\THGuard.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Documents and Settings\Johnny\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soccernet.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158770414312
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/515871

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice