Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Over 400 Infected Items / Trojans / Key-Loggers!

Started by BMS9347 , Mar 29 2007 06:17 AM

  • Please log in to reply
11 replies to this topic

#1 BMS9347

BMS9347

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 29 March 2007 - 06:17 AM

I just spent about 6 days on and off with Dan12 (good work Dano!) cleaning up my BOSS's :unsure: workstation. Now he has brought his completely infected system from home for me to deal with.

Really total infection here. All kinds of Hijackers, Adware, Spyware, Keyloggers, Downloaders, Dialers,
Trojans, and Dust. (Ok, you can't help with the dust)

Anyway, this machine was close to not even running it was so bogged down, so I did some of the things I did to the other system to at least get it so it would boot up in less than 3 days and connect to the Internet pages I needed!

I've run HaxFix, VundoFix, ATF Cleaner, Kaspersky Online scan, installed and scanned with AVG-Anti Spyware, HJT, Updated the JRE to V.6, did a complete Windows Update, etc.

But it needs your professional help to finish cleaning it up and getting it to run like it is a P4 3.0 GHz and not a 60 MHz MMX! (remember them?) It is running better, but on bootup I get an rundll popup message that reads: "Error loading KMVXUQGN.DLL The specified module could not be found."

I'm ready to start over with your instruction to get this really cleaned properly.

See HJT log from this morning for a start point:

Logfile of HijackThis v1.99.1
Scan saved at 7:16:14 AM, on 3/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\MXOALDR.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HijackThis\hjtscan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Gep] C:\documents and settings\laura\local settings\temp\Gep.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Wrfbgz] C:\Program Files\Stsfvv\Qqsmd.exe
O4 - HKLM\..\Run: [Hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\kmvxuqgn.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\file.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.c...lient/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn....FreeInstall.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://cdn.downloadc...tector-Free.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Remote Event Viewer (REVSTG) - Unknown owner - C:\WINDOWS\system32\vtmsvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Print Spooler Service (x7gfyegtol) - Unknown owner - C:\WINDOWS\system32\dior4f4662081.exe (file missing)

******************************************************************************
******************************************************************************


Earlier HJT Log as a reference only:

Logfile of HijackThis v1.99.1
Scan saved at 12:18:02 PM, on 3/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HijackThis\hjtscan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: (no name) - {054E03E1-2F16-4A5D-8B92-ED6E48CFBD1a} - C:\WINDOWS\system32\joxemqla.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {1424DAEF-37ED-441C-9C9C-C011D9989BA9} - C:\WINDOWS\system32\vtuts.dll
O2 - BHO: (no name) - {1DF86A0A-ED32-25C9-D052-60557E87294A} - C:\WINDOWS\System32\kqt.dll (file missing)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {425D2599-AF6A-4CDD-8E27-0FAD21EA6749} - C:\WINDOWS\system32\hgggfgf.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\cpyvwurc.dll (file missing)
O2 - BHO: (no name) - {5907337E-DC5C-47B5-A0E2-1D3559B3174f} - C:\WINDOWS\system32\joxemqla.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {7034CE69-A41C-468F-8024-AF74C18A3E3e} - C:\WINDOWS\system32\joxemqla.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{306CF~1\Bar888.dll (file missing)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {F920494A-9F23-4366-8701-0C20FE1A7B0a} - C:\WINDOWS\system32\joxemqla.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{306CF~1\Bar888.dll (file missing)
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Gep] C:\documents and settings\laura\local settings\temp\Gep.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Wrfbgz] C:\Program Files\Stsfvv\Qqsmd.exe
O4 - HKLM\..\Run: [Hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\kmvxuqgn.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\file.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.c...lient/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn....FreeInstall.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://cdn.downloadc...tector-Free.cab
O20 - Winlogon Notify: hgggfgf - C:\WINDOWS\SYSTEM32\hgggfgf.dll
O20 - Winlogon Notify: mllmn - mllmn.dll (file missing)
O20 - Winlogon Notify: p4reg - p432.dll (file missing)
O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wvuustr - C:\WINDOWS\SYSTEM32\wvuustr.dll
O23 - Service: Access Task Manager - Unknown owner - C:\WINDOWS\system32\spoolcs.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000501 (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Remote Event Viewer (REVSTG) - Unknown owner - C:\WINDOWS\system32\vtmsvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Print Spooler Service (x7gfyegtol) - Unknown owner - C:\WINDOWS\system32\dior4f4662081.exe (file missing)

    Advertisements

Register to Remove

#2 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 29 March 2007 - 06:33 AM

Hi, BMS9347, nice to see you again and welcome to Tom Coyote forums

I am currently looking over your log. As I am an Undergraduate, everything that I post to you must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long. I will post back shortly with a potential fix.

Thanks for your patience!
dan

#3 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 29 March 2007 - 10:35 AM

Hi BMS9347

Not seeing any evidence of a firewall on this system!
These programs are essential to prevent you from getting reinfected:
Here is a couple of free one's there are many more out there.

* Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check http://www.bleepingc...ial60.html]This[/url] webpage out. 2 free ones available for personal use:

o Kerio Personal Firewall
o ZoneAlarm

Without these programs, you will be quickly reinfected, and we would just be wasting our time trying to clean your computer.

The main difference between the Windows firewall and the others is that the Windows firewall only blocks incomming traffic. It does not block outgoing traffic from the pc. This, of course, is better than having no firewall at all but, some types of malware install programs that, once on the computer, call out to update themselves, to download other malware, or to send your personal data to someone. This is when the Windows firewall is not enough. What is needed in that case is a bidirectional firewall -- one that will check outgoing traffic as well as incomming. That's the reason for the third party firewall recommendations.

_____________________

I would like some people to take a look at some files.
Upload these files .. to uploadmalware or to http://www.thespykil...H...5&board=1.0
Start yourself a new topic
Put in topic title "Request by dan12"
Put in body of messege the link to our thread here.
then press the browse button and then navigate and select the files,
press Post to upload the files


C:\WINDOWS\system32\kmvxuqgn.dll
C:\Program Files\Stsfvv\Qqsmd.exe


Double-click VundoFix.exe to run it again.
Right Click inside the listbox (white box) and click add more files
Copy&Paste the entries below into the open boxes

C:\WINDOWS\system32\kmvxuqgn.dll

Click Add Files and Click Close Window
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot,allow the computer to reboot and VundoFix to load.
Just add the very same files as before and Click Remove Vundo.
_________________

I'd like you to upload another file to be checked out.

Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath,browse and find the file click open which will place it in the field.
You may want to print these instructions for reference

We have a few malware processes and files which we need to get rid of.
Please be patient, and follow all of the instructions as given. Please do not reboot unless it is part
of the fix, or you have no other choice. While you are following the fix, you will find it helpful to have
a pen and paper handy to take any notes, so you can let me know what happens.
Typical information that will be helpful will be:
  • Files or folders that will not delete properly
  • Any errors that occur when following a fix or during bootup
  • Notes on your system's operation (sluggish internet, popups, etc)
  • The more information we have, the better our chances to clean your system!
C:\Program Files\Stsfvv\Qqsmd.exe

Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustota...l/index_en.html


Post me the results of jotti's and a fresh HJT log
Thanks dan

#4 BMS9347

BMS9347

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 29 March 2007 - 11:27 AM

Dan,
The 2 files you wanted me to upload to the spykiller are no longer on my system. VundoFix removed the C:\WINDOWS\system32\kmvxuqgn.dll file on the first pass. The Stsfvv folder is still on my system, but the folder is empty and the file C:\Program Files\Stsfvv\Qqsmd.exe is not there.

I will attach the VundoFix logs (it has 3 passes logged) and a fresh HJT log.

Am I to install a firewall product now, or wait until we are done?




VundoFix V6.3.18

Checking Java version...

Scan started at 9:53:01 AM 3/28/2007

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\aapdjyxh.exe
C:\WINDOWS\SYSTEM32\abphfsde.dll
C:\WINDOWS\SYSTEM32\aedutulh.exe
C:\WINDOWS\SYSTEM32\aehucyni.exe
C:\WINDOWS\SYSTEM32\agsyibfd.exe
C:\WINDOWS\SYSTEM32\ajmfdumf.exe
C:\WINDOWS\SYSTEM32\amhlnwyw.dll
C:\WINDOWS\system32\atnfhrcu.dll
C:\WINDOWS\SYSTEM32\awtroom.dll
C:\WINDOWS\SYSTEM32\awttrpp.dll
C:\WINDOWS\SYSTEM32\bawjdvce.exe
C:\WINDOWS\SYSTEM32\bcujvygw.dll
C:\WINDOWS\SYSTEM32\bhynywit.exe
C:\WINDOWS\SYSTEM32\bjwhukgo.dll
C:\WINDOWS\SYSTEM32\blgcdbcv.exe
C:\WINDOWS\SYSTEM32\bywkmrwx.dll
C:\WINDOWS\SYSTEM32\byxxvvs.dll
C:\WINDOWS\SYSTEM32\cbxwwxw.dll
C:\WINDOWS\SYSTEM32\cbxxuts.dll
C:\WINDOWS\SYSTEM32\cciqvgyt.exe
C:\WINDOWS\SYSTEM32\ccmwvskf.dll
C:\WINDOWS\SYSTEM32\cesqlayg.exe
C:\WINDOWS\SYSTEM32\cjniyriq.dll
C:\WINDOWS\SYSTEM32\cjrqfvlm.dll
C:\WINDOWS\SYSTEM32\cjtbncax.exe
C:\WINDOWS\SYSTEM32\cmqqjunw.exe
C:\WINDOWS\SYSTEM32\cnpudtss.exe
C:\WINDOWS\SYSTEM32\cpgahool.dll
C:\WINDOWS\SYSTEM32\cpyvwurc.dll
C:\WINDOWS\SYSTEM32\cqxjxrra.exe
C:\WINDOWS\SYSTEM32\crfejynj.dll
C:\WINDOWS\SYSTEM32\cyevkthh.exe
C:\WINDOWS\SYSTEM32\dckrdaxt.dll
C:\WINDOWS\SYSTEM32\delkywtp.dll
C:\WINDOWS\SYSTEM32\dierltrd.exe
C:\WINDOWS\SYSTEM32\diokbxfl.dll
C:\WINDOWS\SYSTEM32\dirghqul.exe
C:\WINDOWS\SYSTEM32\dqaoopnw.exe
C:\WINDOWS\SYSTEM32\drblsgrf.exe
C:\WINDOWS\SYSTEM32\drgvevuq.dll
C:\WINDOWS\SYSTEM32\eacvhern.dll
C:\WINDOWS\SYSTEM32\ebmlhrqv.exe
C:\WINDOWS\SYSTEM32\efcdcax.dll
C:\WINDOWS\SYSTEM32\emguuhhl.exe
C:\WINDOWS\SYSTEM32\enhlkfqe.exe
C:\WINDOWS\SYSTEM32\eoaaswfl.dll
C:\WINDOWS\SYSTEM32\epqyvjjy.dll
C:\WINDOWS\SYSTEM32\ewydrjnc.exe
C:\WINDOWS\SYSTEM32\fbpqrrrx.exe
C:\WINDOWS\SYSTEM32\fciaydeg.dll
C:\WINDOWS\SYSTEM32\fgqikejj.exe
C:\WINDOWS\SYSTEM32\fjxhmnjk.exe
C:\WINDOWS\SYSTEM32\fseqkvsq.dll
C:\WINDOWS\SYSTEM32\fynqlyfn.dll
C:\WINDOWS\SYSTEM32\gdbdvgfx.exe
C:\WINDOWS\SYSTEM32\glmyvjpo.dll
C:\WINDOWS\SYSTEM32\gngldodm.exe
C:\WINDOWS\SYSTEM32\gnybvdis.dll
C:\WINDOWS\SYSTEM32\goqwjdxq.exe
C:\WINDOWS\SYSTEM32\greaxbgr.exe
C:\WINDOWS\SYSTEM32\gtooaepn.exe
C:\WINDOWS\SYSTEM32\gvagqwuc.dll
C:\WINDOWS\SYSTEM32\gwnwdkxn.dll
C:\WINDOWS\SYSTEM32\hahcdknl.exe
C:\WINDOWS\SYSTEM32\hbdjgcyu.exe
C:\WINDOWS\SYSTEM32\heutgbkd.dll
C:\WINDOWS\SYSTEM32\hggdeeb.dll
C:\WINDOWS\SYSTEM32\hgpbnhms.exe
C:\WINDOWS\SYSTEM32\himlmwsg.exe
C:\WINDOWS\SYSTEM32\hkhmikug.dll
C:\WINDOWS\SYSTEM32\hserswia.exe
C:\WINDOWS\SYSTEM32\htwavwwv.exe
C:\WINDOWS\SYSTEM32\hurvrsyp.exe
C:\WINDOWS\SYSTEM32\ihofcalr.dll
C:\WINDOWS\SYSTEM32\ijeeeugb.dll
C:\WINDOWS\SYSTEM32\iktgfoxf.exe
C:\WINDOWS\SYSTEM32\ishtdfct.exe
C:\WINDOWS\SYSTEM32\ivebarqq.exe
C:\WINDOWS\SYSTEM32\jdekxipa.exe
C:\WINDOWS\SYSTEM32\jiknewlm.exe
C:\WINDOWS\SYSTEM32\jtoborxp.dll
C:\WINDOWS\system32\jymkhqjw.dll
C:\WINDOWS\SYSTEM32\keckplpm.dll
C:\WINDOWS\SYSTEM32\khfiasmk.dll
C:\WINDOWS\SYSTEM32\kkcoaykx.exe
C:\WINDOWS\SYSTEM32\kmvxuqgn.dll
C:\WINDOWS\SYSTEM32\kuldpugy.exe
C:\WINDOWS\SYSTEM32\lavdypag.exe
C:\WINDOWS\SYSTEM32\lrboitpg.exe
C:\WINDOWS\SYSTEM32\ltrmpccr.dll
C:\WINDOWS\SYSTEM32\luvpdayy.exe
C:\WINDOWS\SYSTEM32\lvocpfve.exe
C:\WINDOWS\SYSTEM32\lwdfcsxw.exe
C:\WINDOWS\SYSTEM32\lycvpoei.exe
C:\WINDOWS\SYSTEM32\mgijepiy.exe
C:\WINDOWS\SYSTEM32\mjrvkoln.exe
C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\SYSTEM32\mxektghu.exe
C:\WINDOWS\SYSTEM32\ndeqjruc.exe
C:\WINDOWS\SYSTEM32\ndykvltg.exe
C:\WINDOWS\system32\newxtarx.dll
C:\WINDOWS\SYSTEM32\neycaujc.exe
C:\WINDOWS\SYSTEM32\ngquxvmk.ini
C:\WINDOWS\SYSTEM32\nkdenqgs.exe
C:\WINDOWS\SYSTEM32\nowxwidc.exe
C:\WINDOWS\SYSTEM32\nskqodqr.exe
C:\WINDOWS\SYSTEM32\nthbuxco.exe
C:\WINDOWS\SYSTEM32\ohvcgxlp.dll
C:\WINDOWS\SYSTEM32\ojaphkcd.exe
C:\WINDOWS\SYSTEM32\okdaiwxl.exe
C:\WINDOWS\SYSTEM32\olwfuqfs.dll
C:\WINDOWS\SYSTEM32\olxbldwj.exe
C:\WINDOWS\SYSTEM32\oxahdosx.exe
C:\WINDOWS\SYSTEM32\pktoetip.exe
C:\WINDOWS\SYSTEM32\pppvdxuc.dll
C:\WINDOWS\SYSTEM32\pqimgdal.exe
C:\WINDOWS\SYSTEM32\prebkyxg.exe
C:\WINDOWS\SYSTEM32\pupilhyi.dll
C:\WINDOWS\SYSTEM32\qgtfwsux.dll
C:\WINDOWS\system32\qjsdvjdp.dll
C:\WINDOWS\SYSTEM32\qmxlcgpq.exe
C:\WINDOWS\SYSTEM32\qomkjgh.dll
C:\WINDOWS\system32\qqiogumn.dll
C:\WINDOWS\SYSTEM32\rkhbyell.dll
C:\WINDOWS\SYSTEM32\rsiargvu.exe
C:\WINDOWS\SYSTEM32\rulhtxxf.dll
C:\WINDOWS\SYSTEM32\rxiiutho.exe
C:\WINDOWS\SYSTEM32\ryndtnoa.exe
C:\WINDOWS\SYSTEM32\sbslocah.exe
C:\WINDOWS\SYSTEM32\sduqcuyq.dll
C:\WINDOWS\SYSTEM32\sgurumpy.dll
C:\WINDOWS\SYSTEM32\sliujjgx.dll
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.bak2
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.ini2
C:\WINDOWS\system32\srqss.tmp
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\SYSTEM32\sulskcnw.dll
C:\WINDOWS\SYSTEM32\sunweepv.exe
C:\WINDOWS\SYSTEM32\svpphhuh.exe
C:\WINDOWS\SYSTEM32\tahicrwn.exe
C:\WINDOWS\SYSTEM32\tbtpfqkc.dll
C:\WINDOWS\SYSTEM32\tiqybfun.dll
C:\WINDOWS\SYSTEM32\tjlegplr.exe
C:\WINDOWS\SYSTEM32\tmtjiths.dll
C:\WINDOWS\SYSTEM32\uenhuguu.exe
C:\WINDOWS\SYSTEM32\ufcuginp.exe
C:\WINDOWS\SYSTEM32\ujnrjgcy.dll
C:\WINDOWS\SYSTEM32\unwnkjiq.exe
C:\WINDOWS\SYSTEM32\urqqopm.dll
C:\WINDOWS\SYSTEM32\utchqcuu.exe
C:\WINDOWS\SYSTEM32\uvihxhsw.dll
C:\WINDOWS\SYSTEM32\uwplwamt.exe
C:\WINDOWS\SYSTEM32\vfignxtr.exe
C:\WINDOWS\SYSTEM32\vopvkkvw.exe
C:\WINDOWS\SYSTEM32\vruwhldv.exe
C:\WINDOWS\SYSTEM32\wcuytbjh.exe
C:\WINDOWS\SYSTEM32\wiegnxga.dll
C:\WINDOWS\SYSTEM32\wplvsmid.exe
C:\WINDOWS\SYSTEM32\wrdkalbf.dll
C:\WINDOWS\SYSTEM32\wsnojyhm.exe
C:\WINDOWS\SYSTEM32\wukmdypi.exe
C:\WINDOWS\SYSTEM32\wuloxmpo.dll
C:\WINDOWS\SYSTEM32\xbhvpwua.dll
C:\WINDOWS\SYSTEM32\xcniwcyi.exe
C:\WINDOWS\SYSTEM32\xkphyauf.exe
C:\WINDOWS\SYSTEM32\xswuihyo.exe
C:\WINDOWS\SYSTEM32\ybogtvrn.dll
C:\WINDOWS\SYSTEM32\ydtkrpjk.exe
C:\WINDOWS\SYSTEM32\ydvagihu.exe
C:\WINDOWS\SYSTEM32\yherejbk.dll
C:\WINDOWS\SYSTEM32\yisvklsd.exe
C:\WINDOWS\SYSTEM32\ynuxthuu.exe
C:\WINDOWS\SYSTEM32\yvqiolbf.exe

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\aapdjyxh.exe
C:\WINDOWS\SYSTEM32\aapdjyxh.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\abphfsde.dll
C:\WINDOWS\SYSTEM32\abphfsde.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\aedutulh.exe
C:\WINDOWS\SYSTEM32\aedutulh.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\aehucyni.exe
C:\WINDOWS\SYSTEM32\aehucyni.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\agsyibfd.exe
C:\WINDOWS\SYSTEM32\agsyibfd.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ajmfdumf.exe
C:\WINDOWS\SYSTEM32\ajmfdumf.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\amhlnwyw.dll
C:\WINDOWS\SYSTEM32\amhlnwyw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\atnfhrcu.dll
C:\WINDOWS\system32\atnfhrcu.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\awtroom.dll
C:\WINDOWS\SYSTEM32\awtroom.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\awttrpp.dll
C:\WINDOWS\SYSTEM32\awttrpp.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\bawjdvce.exe
C:\WINDOWS\SYSTEM32\bawjdvce.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\bcujvygw.dll
C:\WINDOWS\SYSTEM32\bcujvygw.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\bhynywit.exe
C:\WINDOWS\SYSTEM32\bhynywit.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\bjwhukgo.dll
C:\WINDOWS\SYSTEM32\bjwhukgo.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\blgcdbcv.exe
C:\WINDOWS\SYSTEM32\blgcdbcv.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\bywkmrwx.dll
C:\WINDOWS\SYSTEM32\bywkmrwx.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\byxxvvs.dll
C:\WINDOWS\SYSTEM32\byxxvvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cbxwwxw.dll
C:\WINDOWS\SYSTEM32\cbxwwxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cbxxuts.dll
C:\WINDOWS\SYSTEM32\cbxxuts.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cciqvgyt.exe
C:\WINDOWS\SYSTEM32\cciqvgyt.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ccmwvskf.dll
C:\WINDOWS\SYSTEM32\ccmwvskf.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cesqlayg.exe
C:\WINDOWS\SYSTEM32\cesqlayg.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cjniyriq.dll
C:\WINDOWS\SYSTEM32\cjniyriq.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cjrqfvlm.dll
C:\WINDOWS\SYSTEM32\cjrqfvlm.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cjtbncax.exe
C:\WINDOWS\SYSTEM32\cjtbncax.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cmqqjunw.exe
C:\WINDOWS\SYSTEM32\cmqqjunw.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cnpudtss.exe
C:\WINDOWS\SYSTEM32\cnpudtss.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cpgahool.dll
C:\WINDOWS\SYSTEM32\cpgahool.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cpyvwurc.dll
C:\WINDOWS\SYSTEM32\cpyvwurc.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cqxjxrra.exe
C:\WINDOWS\SYSTEM32\cqxjxrra.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\crfejynj.dll
C:\WINDOWS\SYSTEM32\crfejynj.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cyevkthh.exe
C:\WINDOWS\SYSTEM32\cyevkthh.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dckrdaxt.dll
C:\WINDOWS\SYSTEM32\dckrdaxt.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\delkywtp.dll
C:\WINDOWS\SYSTEM32\delkywtp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dierltrd.exe
C:\WINDOWS\SYSTEM32\dierltrd.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\diokbxfl.dll
C:\WINDOWS\SYSTEM32\diokbxfl.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dirghqul.exe
C:\WINDOWS\SYSTEM32\dirghqul.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dqaoopnw.exe
C:\WINDOWS\SYSTEM32\dqaoopnw.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\drblsgrf.exe
C:\WINDOWS\SYSTEM32\drblsgrf.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\drgvevuq.dll
C:\WINDOWS\SYSTEM32\drgvevuq.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\eacvhern.dll
C:\WINDOWS\SYSTEM32\eacvhern.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ebmlhrqv.exe
C:\WINDOWS\SYSTEM32\ebmlhrqv.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\efcdcax.dll
C:\WINDOWS\SYSTEM32\efcdcax.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\emguuhhl.exe
C:\WINDOWS\SYSTEM32\emguuhhl.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\enhlkfqe.exe
C:\WINDOWS\SYSTEM32\enhlkfqe.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\eoaaswfl.dll
C:\WINDOWS\SYSTEM32\eoaaswfl.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\epqyvjjy.dll
C:\WINDOWS\SYSTEM32\epqyvjjy.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ewydrjnc.exe
C:\WINDOWS\SYSTEM32\ewydrjnc.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fbpqrrrx.exe
C:\WINDOWS\SYSTEM32\fbpqrrrx.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fciaydeg.dll
C:\WINDOWS\SYSTEM32\fciaydeg.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fgqikejj.exe
C:\WINDOWS\SYSTEM32\fgqikejj.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fjxhmnjk.exe
C:\WINDOWS\SYSTEM32\fjxhmnjk.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fseqkvsq.dll
C:\WINDOWS\SYSTEM32\fseqkvsq.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fynqlyfn.dll
C:\WINDOWS\SYSTEM32\fynqlyfn.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\gdbdvgfx.exe
C:\WINDOWS\SYSTEM32\gdbdvgfx.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\glmyvjpo.dll
C:\WINDOWS\SYSTEM32\glmyvjpo.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\gngldodm.exe
C:\WINDOWS\SYSTEM32\gngldodm.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\gnybvdis.dll
C:\WINDOWS\SYSTEM32\gnybvdis.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\goqwjdxq.exe
C:\WINDOWS\SYSTEM32\goqwjdxq.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\greaxbgr.exe
C:\WINDOWS\SYSTEM32\greaxbgr.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\gtooaepn.exe
C:\WINDOWS\SYSTEM32\gtooaepn.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\gvagqwuc.dll
C:\WINDOWS\SYSTEM32\gvagqwuc.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\gwnwdkxn.dll
C:\WINDOWS\SYSTEM32\gwnwdkxn.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\hahcdknl.exe
C:\WINDOWS\SYSTEM32\hahcdknl.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\hbdjgcyu.exe
C:\WINDOWS\SYSTEM32\hbdjgcyu.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\heutgbkd.dll
C:\WINDOWS\SYSTEM32\heutgbkd.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\hggdeeb.dll
C:\WINDOWS\SYSTEM32\hggdeeb.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\hgpbnhms.exe
C:\WINDOWS\SYSTEM32\hgpbnhms.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\himlmwsg.exe
C:\WINDOWS\SYSTEM32\himlmwsg.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\hkhmikug.dll
C:\WINDOWS\SYSTEM32\hkhmikug.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\hserswia.exe
C:\WINDOWS\SYSTEM32\hserswia.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\htwavwwv.exe
C:\WINDOWS\SYSTEM32\htwavwwv.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\hurvrsyp.exe
C:\WINDOWS\SYSTEM32\hurvrsyp.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ihofcalr.dll
C:\WINDOWS\SYSTEM32\ihofcalr.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ijeeeugb.dll
C:\WINDOWS\SYSTEM32\ijeeeugb.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iktgfoxf.exe
C:\WINDOWS\SYSTEM32\iktgfoxf.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ishtdfct.exe
C:\WINDOWS\SYSTEM32\ishtdfct.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ivebarqq.exe
C:\WINDOWS\SYSTEM32\ivebarqq.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jdekxipa.exe
C:\WINDOWS\SYSTEM32\jdekxipa.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jiknewlm.exe
C:\WINDOWS\SYSTEM32\jiknewlm.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jtoborxp.dll
C:\WINDOWS\SYSTEM32\jtoborxp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jymkhqjw.dll
C:\WINDOWS\system32\jymkhqjw.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\keckplpm.dll
C:\WINDOWS\SYSTEM32\keckplpm.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\khfiasmk.dll
C:\WINDOWS\SYSTEM32\khfiasmk.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\kkcoaykx.exe
C:\WINDOWS\SYSTEM32\kkcoaykx.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\kmvxuqgn.dll
C:\WINDOWS\SYSTEM32\kmvxuqgn.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\kuldpugy.exe
C:\WINDOWS\SYSTEM32\kuldpugy.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lavdypag.exe
C:\WINDOWS\SYSTEM32\lavdypag.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lrboitpg.exe
C:\WINDOWS\SYSTEM32\lrboitpg.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ltrmpccr.dll
C:\WINDOWS\SYSTEM32\ltrmpccr.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\luvpdayy.exe
C:\WINDOWS\SYSTEM32\luvpdayy.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lvocpfve.exe
C:\WINDOWS\SYSTEM32\lvocpfve.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lwdfcsxw.exe
C:\WINDOWS\SYSTEM32\lwdfcsxw.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lycvpoei.exe
C:\WINDOWS\SYSTEM32\lycvpoei.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\mgijepiy.exe
C:\WINDOWS\SYSTEM32\mgijepiy.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\mjrvkoln.exe
C:\WINDOWS\SYSTEM32\mjrvkoln.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\mxektghu.exe
C:\WINDOWS\SYSTEM32\mxektghu.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ndeqjruc.exe
C:\WINDOWS\SYSTEM32\ndeqjruc.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ndykvltg.exe
C:\WINDOWS\SYSTEM32\ndykvltg.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\newxtarx.dll
C:\WINDOWS\system32\newxtarx.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\neycaujc.exe
C:\WINDOWS\SYSTEM32\neycaujc.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ngquxvmk.ini
C:\WINDOWS\SYSTEM32\ngquxvmk.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\nkdenqgs.exe
C:\WINDOWS\SYSTEM32\nkdenqgs.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\nowxwidc.exe
C:\WINDOWS\SYSTEM32\nowxwidc.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\nskqodqr.exe
C:\WINDOWS\SYSTEM32\nskqodqr.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\nthbuxco.exe
C:\WINDOWS\SYSTEM32\nthbuxco.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ohvcgxlp.dll
C:\WINDOWS\SYSTEM32\ohvcgxlp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ojaphkcd.exe
C:\WINDOWS\SYSTEM32\ojaphkcd.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\okdaiwxl.exe
C:\WINDOWS\SYSTEM32\okdaiwxl.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\olwfuqfs.dll
C:\WINDOWS\SYSTEM32\olwfuqfs.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\olxbldwj.exe
C:\WINDOWS\SYSTEM32\olxbldwj.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\oxahdosx.exe
C:\WINDOWS\SYSTEM32\oxahdosx.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\pktoetip.exe
C:\WINDOWS\SYSTEM32\pktoetip.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\pppvdxuc.dll
C:\WINDOWS\SYSTEM32\pppvdxuc.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\pqimgdal.exe
C:\WINDOWS\SYSTEM32\pqimgdal.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\prebkyxg.exe
C:\WINDOWS\SYSTEM32\prebkyxg.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\pupilhyi.dll
C:\WINDOWS\SYSTEM32\pupilhyi.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qgtfwsux.dll
C:\WINDOWS\SYSTEM32\qgtfwsux.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qjsdvjdp.dll
C:\WINDOWS\system32\qjsdvjdp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qmxlcgpq.exe
C:\WINDOWS\SYSTEM32\qmxlcgpq.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qomkjgh.dll
C:\WINDOWS\SYSTEM32\qomkjgh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqiogumn.dll
C:\WINDOWS\system32\qqiogumn.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rkhbyell.dll
C:\WINDOWS\SYSTEM32\rkhbyell.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rsiargvu.exe
C:\WINDOWS\SYSTEM32\rsiargvu.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rulhtxxf.dll
C:\WINDOWS\SYSTEM32\rulhtxxf.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rxiiutho.exe
C:\WINDOWS\SYSTEM32\rxiiutho.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ryndtnoa.exe
C:\WINDOWS\SYSTEM32\ryndtnoa.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\sbslocah.exe
C:\WINDOWS\SYSTEM32\sbslocah.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\sduqcuyq.dll
C:\WINDOWS\SYSTEM32\sduqcuyq.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\sgurumpy.dll
C:\WINDOWS\SYSTEM32\sgurumpy.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\sliujjgx.dll
C:\WINDOWS\SYSTEM32\sliujjgx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\srqss.bak2
C:\WINDOWS\system32\srqss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\srqss.ini2
C:\WINDOWS\system32\srqss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\srqss.tmp
C:\WINDOWS\system32\srqss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\ssqrs.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\sulskcnw.dll
C:\WINDOWS\SYSTEM32\sulskcnw.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\sunweepv.exe
C:\WINDOWS\SYSTEM32\sunweepv.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\svpphhuh.exe
C:\WINDOWS\SYSTEM32\svpphhuh.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\tahicrwn.exe
C:\WINDOWS\SYSTEM32\tahicrwn.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\tbtpfqkc.dll
C:\WINDOWS\SYSTEM32\tbtpfqkc.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\tiqybfun.dll
C:\WINDOWS\SYSTEM32\tiqybfun.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\tjlegplr.exe
C:\WINDOWS\SYSTEM32\tjlegplr.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\tmtjiths.dll
C:\WINDOWS\SYSTEM32\tmtjiths.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\uenhuguu.exe
C:\WINDOWS\SYSTEM32\uenhuguu.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ufcuginp.exe
C:\WINDOWS\SYSTEM32\ufcuginp.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ujnrjgcy.dll
C:\WINDOWS\SYSTEM32\ujnrjgcy.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\unwnkjiq.exe
C:\WINDOWS\SYSTEM32\unwnkjiq.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\urqqopm.dll
C:\WINDOWS\SYSTEM32\urqqopm.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\utchqcuu.exe
C:\WINDOWS\SYSTEM32\utchqcuu.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\uvihxhsw.dll
C:\WINDOWS\SYSTEM32\uvihxhsw.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\uwplwamt.exe
C:\WINDOWS\SYSTEM32\uwplwamt.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\vfignxtr.exe
C:\WINDOWS\SYSTEM32\vfignxtr.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\vopvkkvw.exe
C:\WINDOWS\SYSTEM32\vopvkkvw.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\vruwhldv.exe
C:\WINDOWS\SYSTEM32\vruwhldv.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wcuytbjh.exe
C:\WINDOWS\SYSTEM32\wcuytbjh.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wiegnxga.dll
C:\WINDOWS\SYSTEM32\wiegnxga.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wplvsmid.exe
C:\WINDOWS\SYSTEM32\wplvsmid.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wrdkalbf.dll
C:\WINDOWS\SYSTEM32\wrdkalbf.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wsnojyhm.exe
C:\WINDOWS\SYSTEM32\wsnojyhm.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wukmdypi.exe
C:\WINDOWS\SYSTEM32\wukmdypi.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wuloxmpo.dll
C:\WINDOWS\SYSTEM32\wuloxmpo.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\xbhvpwua.dll
C:\WINDOWS\SYSTEM32\xbhvpwua.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\xcniwcyi.exe
C:\WINDOWS\SYSTEM32\xcniwcyi.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\xkphyauf.exe
C:\WINDOWS\SYSTEM32\xkphyauf.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\xswuihyo.exe
C:\WINDOWS\SYSTEM32\xswuihyo.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ybogtvrn.dll
C:\WINDOWS\SYSTEM32\ybogtvrn.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ydtkrpjk.exe
C:\WINDOWS\SYSTEM32\ydtkrpjk.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ydvagihu.exe
C:\WINDOWS\SYSTEM32\ydvagihu.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yherejbk.dll
C:\WINDOWS\SYSTEM32\yherejbk.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yisvklsd.exe
C:\WINDOWS\SYSTEM32\yisvklsd.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ynuxthuu.exe
C:\WINDOWS\SYSTEM32\ynuxthuu.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yvqiolbf.exe
C:\WINDOWS\SYSTEM32\yvqiolbf.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\awttrpp.dll
C:\WINDOWS\SYSTEM32\awttrpp.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.18

Checking Java version...

Scan started at 12:37:41 PM 3/28/2007

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\efccyab.dll
C:\WINDOWS\SYSTEM32\hgggfgf.dll
C:\WINDOWS\SYSTEM32\sjuuyuje.dll
C:\WINDOWS\system32\stutv.bak1
C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\SYSTEM32\vtgwsesx.exe
C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\SYSTEM32\wsbqbmqf.dll
C:\WINDOWS\SYSTEM32\wvuustr.dll

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\efccyab.dll
C:\WINDOWS\SYSTEM32\efccyab.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\hgggfgf.dll
C:\WINDOWS\SYSTEM32\hgggfgf.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\sjuuyuje.dll
C:\WINDOWS\SYSTEM32\sjuuyuje.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\stutv.bak1
C:\WINDOWS\system32\stutv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\stutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\vtgwsesx.exe
C:\WINDOWS\SYSTEM32\vtgwsesx.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\vtuts.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wsbqbmqf.dll
C:\WINDOWS\SYSTEM32\wsbqbmqf.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wvuustr.dll
C:\WINDOWS\SYSTEM32\wvuustr.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.18

Checking Java version...

Scan started at 12:49:19 PM 3/29/2007

Listing files found while scanning....

No infected files were found.








Logfile of HijackThis v1.99.1
Scan saved at 1:25:48 PM, on 3/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\MXOALDR.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\hjtscan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Gep] C:\documents and settings\laura\local settings\temp\Gep.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Wrfbgz] C:\Program Files\Stsfvv\Qqsmd.exe
O4 - HKLM\..\Run: [Hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\kmvxuqgn.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\file.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.c...lient/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn....FreeInstall.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://cdn.downloadc...tector-Free.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Remote Event Viewer (REVSTG) - Unknown owner - C:\WINDOWS\system32\vtmsvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Print Spooler Service (x7gfyegtol) - Unknown owner - C:\WINDOWS\system32\dior4f4662081.exe (file missing)

#5 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 29 March 2007 - 01:14 PM

I think you should be able to get a Firewall installed now. just putting something together for you, hope to be back with you soon. dan

#6 BMS9347

BMS9347

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 29 March 2007 - 01:30 PM

Good deal Dan, but I'm outa here for the day! See you in the AM......I guess. Just where are you sitting?

#7 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 29 March 2007 - 01:34 PM

Catch you tomorrow. In the uk ;)

#8 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 29 March 2007 - 04:27 PM

Hi BMS9347

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Posted Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

First you need to disable a few realtime protections. These may interfere with our cleaning process.
We'll enable these when you're clean...

Disable AVG Anti-Spyware guard.
  • Open AVG Anti-Spyware
  • Click Shield
  • Click under "resident shield is"
  • Change it to inactive
  • Close the program
_______________

Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath,browse and find the file click open which will place it in the field.

C:\WINDOWS\system32\vtmsvc.exe
C:\WINDOWS\system32\dior4f4662081.exe

Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustota...l/index_en.html

_____________________________

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Please include new HJT log,uninstal list,and the jotti's or virustotal reports
in your next post
Thanks dan

#9 BMS9347

BMS9347

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 30 March 2007 - 06:38 AM

Hello Dan,
I hope you Brits get your sailors back from Iran :rant2: soon. Then you guys can start sinking everything that floats around there!

Ok back to business: The 2 files you requested be submitted to Jotti are not here anymore. The last HJT log shows them as missing. I have not done a complete system search for these 2 files, but can if needed.



Uninstall list from HJT as of 3/30/07 0820 hours

Adobe Flash Player 9 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
America Online (Choose which version to remove)
AOL Instant Messenger
AVG Anti-Spyware 7.5
BHA B's Recorder GOLD 3.18
Dell Digital Jukebox Driver
Dell Media Experience
Dell Solution Center
Dell Support 5.0.0 (766)
DVDSentry
Encyclopaedia Britannica Deluxe Edition 2004 CD-ROM
Google Toolbar for Internet Explorer
HaxFix 4.39
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP PrecisionScan
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Intellisync Lite
Internet Explorer Default Page
iPod for Windows 2006-06-28
iTunes
Java™ SE Runtime Environment 6
Kaspersky Online Scanner
Marble Blast Gold Demo (remove only)
Maxtor OneTouch
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Encarta 98 Encyclopedia
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
MSXML 4.0 SP2 (KB927978)
NVIDIA Windows 2000/XP Display Drivers
Palm Desktop
QuickTime
RealPlayer Basic
Retrospect 6.0
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Tiger Woods PGA TOUR 2004
Tiger Woods PGA TOUR 2005
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
USB Storage Adapter FX (MXO)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WordPerfect Office 11
Z Steel Soldiers









++++++++++++++++++++++++++++++++++++++++++++++++++++++++

SDFix: Version 1.75

Run by Administrator - Fri 03/30/2007 - 8:10:36.18

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Client IP-IPX
x7gfyegtol

ImagePath:
"C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000501
C:\WINDOWS\system32\dior4f4662081.exe /service

Client IP-IPX Deleted
x7gfyegtol Deleted


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\-21403~1 - Deleted
C:\x.bat - Deleted
C:\b2_log.txt - Deleted
C:\WINDOWS\smss.exe - Deleted
C:\WINDOWS\system32\unsvchosts.exe - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\Program Files\Common Files\aolshare\shell\us\shellext.dll
C:\WINDOWS\dobcars.dll
C:\WINDOWS\AppPatch\natism.dll
C:\WINDOWS\Config\ekysm.dll
C:\WINDOWS\Fonts\rdvc.dll
C:\WINDOWS\Help\SBSI\wbd.dll
C:\WINDOWS\MSAGENT\nifomws.dll
C:\WINDOWS\SECURITY\cacolg.dll
C:\WINDOWS\SYSTEM32\1037\ctpmig.dll
C:\Program Files\America Online 9.0\aolphx.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\America Online 9.0\RBM.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp
C:\Documents and Settings\Andrew\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\Andrew\Application Data\Microsoft\Word\~WRL0005.tmp
C:\Documents and Settings\Andrew\Application Data\Microsoft\Word\~WRL0241.tmp
C:\Documents and Settings\Andrew\Application Data\Microsoft\Word\~WRL0290.tmp
C:\Documents and Settings\Andrew\Application Data\Microsoft\Word\~WRL0337.tmp
C:\Documents and Settings\Andrew\Application Data\Microsoft\Word\~WRL0571.tmp
C:\Documents and Settings\Andrew\Application Data\Microsoft\Word\~WRL0658.tmp
C:\Documents and Settings\Andrew\Application Data\Microsoft\Word\~WRL1474.tmp
C:\Documents and Settings\Andrew\Application Data\Microsoft\Word\~WRL3065.tmp
C:\Documents and Settings\Andrew\My Documents\~WRL0001.tmp
C:\Documents and Settings\Jan\My Documents\~WRL0524.tmp
C:\Documents and Settings\Jan\My Documents\~WRL0885.tmp
C:\Documents and Settings\Jan\My Documents\~WRL1224.tmp
C:\Documents and Settings\Jan\My Documents\~WRL1766.tmp
C:\Documents and Settings\Jan\My Documents\~WRL1810.tmp
C:\Documents and Settings\Jan\My Documents\~WRL2002.tmp
C:\Documents and Settings\Jan\My Documents\~WRL2051.tmp
C:\Documents and Settings\Jan\My Documents\~WRL2085.tmp
C:\Documents and Settings\Jan\My Documents\~WRL2135.tmp
C:\Documents and Settings\Jan\My Documents\~WRL2162.tmp
C:\Documents and Settings\Jan\My Documents\~WRL2280.tmp
C:\Documents and Settings\Jan\My Documents\~WRL2599.tmp
C:\Documents and Settings\Jan\My Documents\~WRL2772.tmp
C:\Documents and Settings\Jan\My Documents\~WRL3546.tmp
C:\Documents and Settings\Jan\My Documents\~WRL4094.tmp

Finished


++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Logfile of HijackThis v1.99.1
Scan saved at 8:33:27 AM, on 3/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\hjtscan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Gep] C:\documents and settings\laura\local settings\temp\Gep.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Wrfbgz] C:\Program Files\Stsfvv\Qqsmd.exe
O4 - HKLM\..\Run: [Hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\kmvxuqgn.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\file.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.c...lient/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn....FreeInstall.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://cdn.downloadc...tector-Free.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Remote Event Viewer (REVSTG) - Unknown owner - C:\WINDOWS\system32\vtmsvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#10 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 30 March 2007 - 10:47 PM

Hi BMS9347
Sorry for short delay I'm working this weekend.
Yes troubled times over there, have a son and a daughter in the armed forces serving out there at the moment.
_________________

Need to check some files out
Submit some files to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath,browse and find the file click open which will place it in the field.
C:\WINDOWS\dobcars.dll
C:\WINDOWS\AppPatch\natism.dll
C:\WINDOWS\Config\ekysm.dll
C:\WINDOWS\Fonts\rdvc.dll
C:\WINDOWS\Help\SBSI\wbd.dll
C:\WINDOWS\MSAGENT\nifomws.dll
C:\WINDOWS\SECURITY\cacolg.dll
C:\WINDOWS\SYSTEM32\1037\ctpmig.dll

Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustota...l/index_en.html

post me the results
thanks dan

#11 BMS9347

BMS9347

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 02 April 2007 - 07:10 AM

Dan, Hope your kids return safe and sound and a big :thumbup: for what they are doing for ALL of us. Because this machine was so completely infected and I am starting to notice other things that don't work right (such as I cannot burn a CD using the native XP bruning Wizard) and some other minor issues) I have decided it would be best to just NUKE it and start over. I apologize for wasting your time, but I thought we could get this cleaned up without having to go this route. Anyway, I have learned a great deal soing this and I may be back as I have to transfer tons of photos, movies, music files, and documents back into this thing after I reload the OS and may just put the problems right back in. I will install all the anti virus, anti spyware, and firewall before I transfer their files back. Have a good day Sir, Bryan

#12 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 02 April 2007 - 09:40 AM

Hi BMS9347

Thanks for your kind words.
______

This Tutorial may give you assistance Here

Read this article by TonyKlein
So how did I get infected in the first place?

All the best dan

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·