1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: XP taking forever to do the simplest tasks

Discussion in 'Virus & Other Malware Removal' started by Phisk, Jul 11, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Phisk

    Phisk Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    20
    I have a lot of malware affecting my computer, but I can't find it.
    Virus and Spyware scanners don't work, and when I delete suspicious looking processes in the C A D box, they always come back.
    I've had the cmd box come up, I've had notifications of new programs being installed that are random, programs that I always used are also being mimicked by these programs.
    I don't know why, and I've run out of ideas that normally work.
    what should I do?

    Also, my sound just stopped working.
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!


    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  3. Phisk

    Phisk Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    20
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:11:04 PM, on 7/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Zone Labs\Integrity Client\iclient.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\mgrs.exe
    C:\WINDOWS\TEMP\winFF.tmp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe"
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winFF.tmp.exe
    O4 - HKLM\..\Run: [icq.com] "rundll32.exe" "C:\WINDOWS\system32\jidnihee.dll",forkonce
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Aquarius Soft PC Keyboard Hotkey Pro.lnk = C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\phil\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 7490 bytes



    Known problems:

    mgrs.exe

    ophcrack-livecd-1.1.4 keeps downloading to my desktop when I start Firefox
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.


    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  5. Phisk

    Phisk Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    20
    "phil" - 2007-07-11 23:14:39 - ComboFix 07-07-12.3 - Service Pack 2

    /wow section - STAGE #8

    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\jidnihee.dll
    C:\WINDOWS\system32\mfoixehh.dll
    C:\WINDOWS\system32\lsctfhfk.exe
    C:\WINDOWS\system32\winjks32.dll
    C:\WINDOWS\system32\eehindij.ini
    C:\WINDOWS\system32\ggjlm.bak1
    C:\WINDOWS\system32\ggjlm.bak2
    C:\WINDOWS\system32\ggjlm.ini
    C:\WINDOWS\system32\ggjlm.bak1
    C:\WINDOWS\system32\ggjlm.bak2
    C:\WINDOWS\system32\ggjlm.ini
    C:\WINDOWS\system32\mljgg.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12 )))))))))))))))))))))))))))))))


    2007-07-11 23:13 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-11 18:10 <DIR> d-------- C:\Program Files\Trend Micro
    2007-07-11 16:22 66,112 --a------ C:\WINDOWS\system32\awdqrkrb.exe
    2007-07-11 06:10 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-07-11 06:09 <DIR> d-------- C:\DOCUME~1\phil\APPLIC~1\Winamp
    2007-07-11 04:26 <DIR> d-------- C:\WINDOWS\system32\msmq
    2007-07-11 03:02 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
    2007-07-11 03:02 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
    2007-07-11 03:02 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
    2007-07-11 03:02 144,448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
    2007-07-11 03:02 <DIR> d-------- C:\Program Files\Webroot
    2007-07-11 03:02 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
    2007-07-11 03:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
    2007-07-11 02:59 <DIR> d-------- C:\DOCUME~1\phil\APPLIC~1\Webroot
    2007-07-11 01:36 31,254 --a------ C:\WINDOWS\system32\rqrrpnk.dll
    2007-07-09 19:56 <DIR> d-------- C:\ATARI
    2007-07-09 19:55 <DIR> d-------- C:\MAME
    2007-07-08 20:27 <DIR> d-------- C:\N64
    2007-07-08 20:26 <DIR> d-------- C:\snes9x
    2007-07-08 20:23 <DIR> d-------- C:\Sega Genesis
    2007-07-08 20:23 <DIR> d-------- C:\PJ64
    2007-07-08 20:21 <DIR> d-------- C:\zSNES
    2007-07-08 19:19 31,254 --a------ C:\WINDOWS\system32\byxwvsq.dll
    2007-07-04 02:51 <DIR> d-------- C:\LEMMINGS
    2007-07-02 15:13 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2007-07-01 20:09 <DIR> d-------- C:\Program Files\Symantec AntiVirus
    2007-06-30 22:05 <DIR> d-------- C:\Program Files\Aquarius Soft
    2007-06-30 22:05 <DIR> d-------- C:\DOCUME~1\phil\APPLIC~1\Aquarius Soft
    2007-06-30 22:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aquarius Soft
    2007-06-29 22:58 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll
    2007-06-29 22:58 <DIR> d-------- C:\Program Files\PIXresizer
    2007-06-29 16:53 12,288 --a------ C:\WINDOWS\mgrs.exe
    2007-06-29 15:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN Messenger 6.1.0207
    2007-06-29 15:17 <DIR> d-------- C:\Program Files\MSN Messenger
    2007-06-27 22:05 <DIR> d-------- C:\Program Files\DosBox
    2007-06-27 22:04 <DIR> d-------- C:\Program Files\Tyrian
    2007-06-23 19:17 <DIR> d-------- C:\Program Files\Lavasoft
    2007-06-23 19:16 <DIR> d-------- C:\WINDOWS\Video to iPod MP4 PSP 3GP Converter
    2007-06-23 19:16 <DIR> d-------- C:\Program Files\Video to iPod MP4 PSP 3GP Converter
    2007-06-23 00:07 <DIR> d-------- C:\WINDOWS\Replay Media Catcher
    2007-06-23 00:07 <DIR> d-------- C:\Program Files\Replay Media Catcher
    2007-06-22 14:04 <DIR> d-------- C:\Program Files\FLVPlayer
    2007-06-22 02:27 <DIR> d-------- C:\DOCUME~1\phil\APPLIC~1\SWF.max
    2007-06-22 02:26 <DIR> d-------- C:\Program Files\SWF.max
    2007-06-22 00:08 <DIR> d-------- C:\Program Files\Sony
    2007-06-21 19:07 <DIR> d-------- C:\Program Files\iPod
    2007-06-20 01:14 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
    2007-06-20 00:52 <DIR> d-------- C:\Program Files\Publisher XP
    2007-06-20 00:12 476,576 -ra------ C:\Program Files\SETUP.EXE
    2007-06-19 23:59 1,499,904 -ra------ C:\Program Files\INSTMSIW.EXE
    2007-06-19 23:59 1,489,152 -ra------ C:\Program Files\INSTMSI.EXE
    2007-06-19 23:54 <DIR> d-------- C:\Program Files\FILES
    2007-06-19 23:53 <DIR> d-------- C:\Program Files\SHAREPT
    2007-06-19 23:51 <DIR> d-------- C:\Program Files\ORK
    2007-06-19 23:51 <DIR> d-------- C:\Program Files\MSDE2000
    2007-06-18 17:36 <DIR> d-------- C:\Program Files\BitTorrent
    2007-06-18 17:36 <DIR> d-------- C:\DOCUME~1\phil\APPLIC~1\BitTorrent
    2007-06-17 22:16 <DIR> d-------- C:\Downloads
    2007-06-17 22:15 <DIR> d-------- C:\Program Files\BitComet
    2007-06-16 09:33 <DIR> d-------- C:\Program Files\System
    2007-06-16 09:24 <DIR> d-------- C:\Program Files\iTunes
    2007-06-16 09:21 <DIR> d-------- C:\Program Files\Library
    2007-06-16 09:21 <DIR> d-------- C:\Program Files\Developer
    2007-06-16 05:19 7,852 --a------ C:\WINDOWS\system32\mcdmsg7.dll
    2007-06-16 04:38 <DIR> d-------- C:\Program Files\TGTSoft
    2007-06-15 17:16 <DIR> d-------- C:\Program Files\Common Files\Stardock
    2007-06-13 17:55 <DIR> d-------- C:\DOCUME~1\phil\APPLIC~1\uTorrent


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-11 10:13:50 -------- d-----w C:\Program Files\Winamp
    2007-07-11 08:57:48 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-07-11 08:51:35 -------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-07-11 08:51:30 -------- d-----w C:\Program Files\Symantec
    2007-07-11 08:46:21 -------- d-----w C:\Program Files\LimeWire
    2007-07-11 08:42:45 -------- d-----w C:\Program Files\Common Files\Corel
    2007-07-11 08:26:45 -------- d-----w C:\Program Files\Windows NT
    2007-07-11 03:37:17 -------- d-----w C:\Program Files\Common Files\Intuit
    2007-07-11 03:29:26 -------- d-----w C:\Program Files\Stardock
    2007-07-11 02:41:28 -------- d-----w C:\Program Files\DivX
    2007-07-08 22:50:24 -------- d-----w C:\DOCUME~1\phil\APPLIC~1\OpenOffice.org2
    2007-07-02 00:43:20 -------- d-----w C:\Program Files\Symantec_Client_Security
    2007-06-23 23:11:47 -------- d-----w C:\Program Files\Common Files\AOL
    2007-06-19 06:15:09 -------- d-----w C:\Program Files\Google
    2007-06-16 08:13:50 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-06-16 08:13:30 56 --sh--r C:\WINDOWS\system32\01003E142A.sys
    2007-06-01 01:32:03 -------- d-----w C:\Program Files\Mozilla Firefox 2 Beta 2
    2007-05-29 01:15:52 -------- d-----w C:\DOCUME~1\phil\APPLIC~1\AdobeUM
    2007-05-20 04:32:27 -------- d-----w C:\DOCUME~1\phil\APPLIC~1\Ambient Design
    2007-05-20 04:07:02 -------- d-----w C:\Program Files\Ambient Design
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-30 20:02:15 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-13 07:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
    2006-02-17 03:15:26 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
    2004-01-15 06:34:18 259,539,966 ----a-w C:\Program Files\Microsoft Office XP Publisher 2003.zip
    2001-04-04 22:11:28 184 ---ha-r C:\Program Files\AUTORUN.INF
    2001-04-03 00:50:14 29 ----a-r C:\Program Files\cd-key.txt
    2001-03-02 04:38:12 3,485,184 ----a-r C:\Program Files\PROPLUS.MSI
    2001-03-02 04:35:58 306,688 ----a-r C:\Program Files\OWC10.MSI
    2001-03-01 19:35:26 224,771,818 ---ha-r C:\Program Files\OFFICE1.CAB
    2001-02-21 17:18:24 7,929 ----a-r C:\Program Files\README.HTM


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2004-12-14 01:56 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}]
    2005-06-14 15:56 86016 --a------ C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    2004-12-06 03:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2006-12-15 03:23 440056 --a------ C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB40D31A-B1F8-47EA-BC54-D27DDB475978}]
    C:\WINDOWS\system32\oppnljh.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F}]
    2007-07-08 19:19 31254 --a------ C:\WINDOWS\system32\byxwvsq.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 02:20 C:\WINDOWS\stsystra.exe]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44]
    "@"="" []
    "Zone Labs Client"="C:\Program Files\Zone Labs\Integrity Client\iclient.exe" [2004-06-28 05:34]
    "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 21:05]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-26 17:54]
    "HostManager"="C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe" [2006-05-24 07:15]
    "IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" []
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-19 02:15]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
    "MsmqIntCert"="regsvr32 /s mqrt.dll" []
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 18:22]
    "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-01-25 21:58]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim6"="" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
    "@"="" []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{FB40D31A-B1F8-47EA-BC54-D27DDB475978}"="C:\WINDOWS\system32\oppnljh.dll" []
    "{FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F}"="C:\WINDOWS\system32\byxwvsq.dll" [2007-07-08 19:19]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwvsq]
    byxwvsq.dll --a------ 2007-07-08 19:19 31254 C:\WINDOWS\system32\byxwvsq.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\oppnljh]
    oppnljh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll --a------ 2005-11-28 15:52 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    AutoRun\command- E:\setup.exe


    Contents of the 'Scheduled Tasks' folder
    2007-07-05 14:51:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-11 23:22:00
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-11 23:27:34 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-11 23:27

    --- E O F ---
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:31:11 PM, on 7/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Zone Labs\Integrity Client\iclient.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe"
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Aquarius Soft PC Keyboard Hotkey Pro.lnk = C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\phil\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 6661 bytes
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
     
  7. Phisk

    Phisk Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    20
    SDFix: Version 1.90

    Run by phil on Thu 07/12/2007 at 08:05 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\DOCUME~1\phil\Desktop\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Missing SharedAccess Service

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\Program Files\Setup.exe - Deleted
    C:\WINDOWS\mgrs.exe - Deleted



    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:bittorrent"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

    Remaining Files:
    ---------------

    Backups Folder: - C:\DOCUME~1\phil\Desktop\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\desktop.ini
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1989 - Pretty Hate Machine\AlbumArtSmall.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1989 - Pretty Hate Machine\AlbumArt_{FB781784-9054-4827-A52B-BA1409BF690A}_Large.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1989 - Pretty Hate Machine\AlbumArt_{FB781784-9054-4827-A52B-BA1409BF690A}_Small.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1989 - Pretty Hate Machine\desktop.ini
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1989 - Pretty Hate Machine\Folder.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1989 - Pretty Hate Machine\Thumbs.db
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1992 - Broken\Thumbs.db
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1994 - The Downward Spiral\AlbumArtSmall.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1994 - The Downward Spiral\AlbumArt_{3ABB36F1-5C4E-461A-8D2C-A35C0A6E1863}_Large.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1994 - The Downward Spiral\AlbumArt_{3ABB36F1-5C4E-461A-8D2C-A35C0A6E1863}_Small.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1994 - The Downward Spiral\desktop.ini
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1994 - The Downward Spiral\Folder.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1994 - The Downward Spiral\Thumbs.db
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1995 - Further Down The Spiral\AlbumArtSmall.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1995 - Further Down The Spiral\AlbumArt_{2701F16C-E894-442E-8796-29DEC1A0D2E9}_Large.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1995 - Further Down The Spiral\AlbumArt_{2701F16C-E894-442E-8796-29DEC1A0D2E9}_Small.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1995 - Further Down The Spiral\desktop.ini
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1995 - Further Down The Spiral\Folder.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1995 - Further Down The Spiral\Thumbs.db
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\desktop.ini
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\Thumbs.db
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Left)\AlbumArtSmall.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Left)\AlbumArt_{69D96A47-7006-472A-BB48-CCD7150CCA16}_Large.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Left)\AlbumArt_{69D96A47-7006-472A-BB48-CCD7150CCA16}_Small.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Left)\desktop.ini
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Left)\Folder.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Right)\AlbumArtSmall.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Right)\AlbumArt_{8A446AA7-728D-4CD0-95D7-E8B145B3B9D4}_Large.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Right)\AlbumArt_{8A446AA7-728D-4CD0-95D7-E8B145B3B9D4}_Small.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Right)\desktop.ini
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Right)\Folder.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2002 - And All That Could Have Been\AlbumArtSmall.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2002 - And All That Could Have Been\AlbumArt_{2094EBE5-C60A-484E-8B5B-3C8C2932F4EF}_Large.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2002 - And All That Could Have Been\AlbumArt_{2094EBE5-C60A-484E-8B5B-3C8C2932F4EF}_Small.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2002 - And All That Could Have Been\desktop.ini
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2002 - And All That Could Have Been\Folder.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2002 - And All That Could Have Been\Thumbs.db
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2005 - With Teeth\AlbumArtSmall.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2005 - With Teeth\AlbumArt_{99B39C73-54FB-4AB9-A3F7-AAB9886B610F}_Large.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2005 - With Teeth\AlbumArt_{99B39C73-54FB-4AB9-A3F7-AAB9886B610F}_Small.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2005 - With Teeth\desktop.ini
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2005 - With Teeth\Folder.jpg
    C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2005 - With Teeth\Thumbs.db
    C:\Program Files\MSDE2000\SQLRESLD.DLL
    C:\i386\01003E142A.sys
    C:\i386\KGyGaAvL.sys
    C:\WINDOWS\system32\01003E142A.sys
    C:\WINDOWS\system32\KGyGaAvL.sys
    C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
    C:\Program Files\Google\Google Desktop Search\BIT284.tmp
    C:\School\ehighschool\~WRL0004.tmp
    C:\School\ehighschool\~WRL1808.tmp
    C:\School\ehighschool\~WRL3225.tmp

    Finished
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:24:29 PM, on 7/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe"
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\khytpjtk.dll",forkonce
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Aquarius Soft PC Keyboard Hotkey Pro.lnk = C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\phil\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 5413 bytes
     
  8. Phisk

    Phisk Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    20
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:24:29 PM, on 7/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe"
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\khytpjtk.dll",forkonce
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Aquarius Soft PC Keyboard Hotkey Pro.lnk = C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\phil\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 5413 bytes
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Click Here and download Killbox and save it to your desktop.



    Run HJT again and put a check in the following:

    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\khytpjtk.dll",forkonce

    Close all applications and browser windows before you click "fix checked".

    Close Hijackthis.


    Double-click on Killbox.exe to run it.
    Put a tick by Delete on Reboot.
    In the "Full Path of File to Delete" box, copy and paste the following line.

    C:\WINDOWS\system32\khytpjtk.dll

    Click on the button that has the red circle with the X in the middle after you enter the file name.
    It will ask for confimation to delete the file.
    Click Yes.
    It will ask for confimation to reboot now.
    Click Yes.

    Note: It is possible that Killbox will tell you that the file does not exist.
    If your computer does not restart automatically then please restart it manually.
    If you get an error message "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

    After reboot please post your hijackthis log in Normal Mode.
     
  10. Phisk

    Phisk Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    20
    I can't access the internet in normal mode.
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    What is it that you can't do? :confused: You are on the internet right now, download killbox.
     
  12. Phisk

    Phisk Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    20
    I'm using safe mode right now, in normal mode my internet is paralyzed.
    but this log is from normal mode as far as I know.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:52:21 PM, on 7/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Zone Labs\Integrity Client\iclient.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe"
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\ksjrmlrd.dll",forkonce
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Aquarius Soft PC Keyboard Hotkey Pro.lnk = C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\phil\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 6412 bytes
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    I don't see any anti-virus software running.
    Load AVG http://free.grisoft.com/freeweb.php/doc/2/ it's free.


    Click here to download Dr.Web CureIt and save it to your desktop.
    • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
    • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, mark the drives that you want to scan.
    • Select all drives. A red dot shows which drives have been chosen.
    • Click the green arrow at the right, and the scan will start.
    • Click 'Yes to all' if it asks if you want to cure/move the file.
    • When the scan has finished, look if you can click next icon next to the files found: [​IMG]
    • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
      [​IMG]
      This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
    • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
    • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new Hijack This log.
     
  14. Phisk

    Phisk Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    20
    mgrs.exe;c:\windows;Trojan.DownLoader.25873;Will be cured after reboot.;
    bwasdfst.dll;c:\windows\system32;Trojan.Virtumod;Deleted.;
    byxwvsq.dll;c:\windows\system32;Trojan.Virtumod;Will be cured after reboot.;
    drvvem.dll;c:\windows\system32;Trojan.Fakealert.249;Will be cured after reboot.;
    mljgg.dll;c:\windows\system32;Trojan.Virtumod;Will be cured after reboot.;
    win17.tmp.exe;c:\windows\temp;Trojan.DownLoader.25873;Will be cured after reboot.;
    setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2;Probably BACKDOOR.Trojan;Incurable.Moved.;
    setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\TRITON_UK_2.2.25.1;Probably BACKDOOR.Trojan;Incurable.Moved.;
    3 Months Free NetZero.exe;C:\Documents and Settings\All Users\Start Menu;Trojan.Click.1487;Deleted.;
    47285453.exe;C:\Documents and Settings\phil\Local Settings\Temp;Trojan.DownLoader.25873;Deleted.;
    anti4[1].exe;C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\8EDCYC6T;Trojan.Virtumod;Deleted.;
    _affvm[1];C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\8EDCYC6T;Trojan.Virtumod;Deleted.;
    kcehc_eicooc20070702[1];C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\HB8RYFC0;Trojan.DownLoader.26570;Deleted.;
    masiyxanidi[1];C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\HB8RYFC0;Trojan.Virtumod;Deleted.;
    xc23[1].exe;C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\II21LVSH;Trojan.DownLoader.25873;Deleted.;
    xc42[1].exe;C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\II21LVSH;Adware.ClickSpring;Incurable.Moved.;
    _jnvm[1];C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\II21LVSH;Trojan.Virtumod;Deleted.;
    adfcook[1];C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\MAZP7SOW;Trojan.Click.2799;Deleted.;
    xc29[1].exe;C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\MAZP7SOW;Trojan.Mezzia;Deleted.;
    Process.exe;C:\Documents and Settings\phil\My Documents\SDFix\apps;Tool.Prockill;Incurable.Moved.;
    Yazzle1162OinAdmin.exe;C:\Program Files\Common Files;Adware.ClickSpring;;
    jidnihee.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
    lsctfhfk.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.DownLoader.26570;Deleted.;
    mfoixehh.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Juan;Deleted.;
    mljgg.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
    A0102849.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP528;Adware.TryMedia;Incurable.Moved.;
    A0103118.reg;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP528;Probably SCRIPT.Virus;Incurable.Moved.;
    A0104791.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP528;Trojan.Virtumod;Deleted.;
    A0104792.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP528;Trojan.DownLoader.26570;Deleted.;
    A0104793.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP528;Trojan.Virtumod;Deleted.;
    A0106436.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP535;Trojan.DownLoader.25873;Deleted.;
    A0107680.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP535;Trojan.Virtumod;Deleted.;
    A0107681.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP535;Trojan.Juan;Deleted.;
    A0107682.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP535;Trojan.DownLoader.26570;Deleted.;
    A0107685.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP535;Trojan.Virtumod;Deleted.;
    A0107862.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536;Trojan.DownLoader.25873;Deleted.;
    A0107870.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536;Trojan.DownLoader.25873;Deleted.;
    A0109958.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536;Trojan.Virtumod;Deleted.;
    A0115002.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.Virtumod;Deleted.;
    A0115003.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.DownLoader.26570;Deleted.;
    A0115004.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.Virtumod;Deleted.;
    A0115005.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.Virtumod;Deleted.;
    A0115006.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.Virtumod;Deleted.;
    A0115051.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Tool.Prockill;Incurable.Moved.;
    A0115066.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.DownLoader.26570;Deleted.;
    A0115067.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.Virtumod;Deleted.;
    A0115068.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.Click.2799;Deleted.;
    A0115069.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.Virtumod;Deleted.;
    A0115191.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.Virtumod;Deleted.;
    A0116464.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.DownLoader.26570;Deleted.;
    A0116691.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP540;Trojan.DownLoader.25873;Deleted.;
    A0116692.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP540;Trojan.Virtumod;Deleted.;
    A0116693.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP540;Trojan.Click.1487;Deleted.;
    mgrs.exe;C:\WINDOWS;Trojan.DownLoader.25873;Write error;
    byxwvsq.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
    efcdbby.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
    gebcc.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
    jidnihee.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
    lsctfhfk.exe;C:\WINDOWS\system32;Trojan.DownLoader.26570;Deleted.;
    mfoixehh.dll;C:\WINDOWS\system32;Trojan.Juan;Deleted.;
    mljgg.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
    njbvrxgf.exe;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
    rqrrpnk.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
    xaqrgbqx.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
    20666718.exe;C:\WINDOWS\Temp;Trojan.DownLoader.25873;Deleted.;
    mst1F.tmp;C:\WINDOWS\Temp;Trojan.Fakealert.249;Deleted.;
    win17.tmp.exe;C:\WINDOWS\Temp;Trojan.DownLoader.25873;Deleted.;
    setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2;Probably BACKDOOR.Trojan;;
    setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\TRITON_UK_2.2.25.1;Probably BACKDOOR.Trojan;;
    xc42[1].exe;C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\II21LVSH;Adware.ClickSpring;;
    Process.exe;C:\Documents and Settings\phil\My Documents\SDFix\apps;Tool.Prockill;;



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:21:22 AM, on 7/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Zone Labs\Integrity Client\iclient.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\dumprep.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
    C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\rundll32.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe"
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [icq.com] "rundll32.exe" "C:\WINDOWS\system32\xaqrgbqx.dll",forkonce
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [CTDrive] "rundll32.exe" C:\WINDOWS\system32\drvvem.dll,startup
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\RunOnce: [NetFxUpdate_v1.1.4322] "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 0 v1.1.4322 GAC + NI NID
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Aquarius Soft PC Keyboard Hotkey Pro.lnk = C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\phil\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 8616 bytes
     
  15. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u2.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/594365

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice