Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijack This Log

Started by FredVegas , Apr 28 2007 09:10 AM

  • This topic is locked This topic is locked
14 replies to this topic

#1 FredVegas

FredVegas

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 28 April 2007 - 09:10 AM

Been having problems for about a month. Downloaded AVG, Ad-Aware, and Spybot while doin the self help fixes for Outerinfo, Adware and Smitfraud. Anyway, here's my hijack this log:


Logfile of HijackThis v1.99.1
Scan saved at 11:03:21 AM, on 4/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AIM\aim.exe
C:\DOCUME~1\Bob\APPLIC~1\WNSXS~1\wowexec.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bob\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [w01d62ed.dll] RUNDLL32.EXE w01d62ed.dll,I2 0004426f001d62ed
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\abtovrnp.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mwtd] "C:\PROGRA~1\SCURIT~1\svchost.exe" -vt ndrv
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Hsreif] C:\DOCUME~1\Bob\APPLIC~1\ASKS~1\WCRTUP~1.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Iddni] C:\DOCUME~1\Bob\APPLIC~1\ASKS~1\WCRTUP~1.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Iurn] "C:\DOCUME~1\Bob\APPLIC~1\WNSXS~1\wowexec.exe" -vt yazb
O4 - HKCU\..\Run: [] C:\DOCUME~1\Bob\APPLIC~1\ASKS~1\WCRTUP~1.EXE
O4 - HKCU\..\Run: [Muhl] "C:\Documents and Settings\Bob\My Documents\s?stem\w?nlogon.exe"
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [Mvc] "C:\Documents and Settings\Bob\Application Data\??stem\w?nspool.exe"
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O20 - AppInit_DLLs: winspool.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Advertisements

Register to Remove

#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 28 April 2007 - 10:47 AM

Hello and welcome to the forums

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#3 FredVegas

FredVegas

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 28 April 2007 - 11:14 AM

*edit = just wanted to add that i dl'ed zone alarm while waiting for a response to my original post.

Thanks for responding to my issue.
Here's the Combofix log:

"Bob" - 07-04-28 13:03:31 Service Pack 2
ComboFix 07-04-16.2.V - Running from: C:\Documents and Settings\Bob\Desktop\desktopstuff\


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\axrsasmv.dll
C:\WINDOWS\system32\hlgdmjkf.dll
C:\WINDOWS\system32\qqwkowng.dll
C:\WINDOWS\system32\wqdhksak.dll
C:\WINDOWS\system32\opqss.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\ipwindows\ipwins.exe
C:\Program Files\oin search\OINSearch.dll
C:\Program Files\oin search\Uninstall.exe
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\ipwindows
C:\Program Files\oin search
C:\Program Files\outerinfo
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\Bob
C:\qoobox\purity\C\DOCUME~1\Bob\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\Bob\MYDOCU~1
C:\qoobox\purity\C\DOCUME~1\Bob\APPLIC~1\DOBE~1
C:\qoobox\purity\C\DOCUME~1\Bob\APPLIC~1\STEM~1
C:\qoobox\purity\C\DOCUME~1\Bob\APPLIC~1\WNSXS~1
C:\qoobox\purity\C\DOCUME~1\Bob\APPLIC~1\WNSXS~1\wowexec.exe
C:\qoobox\purity\C\DOCUME~1\Bob\APPLIC~1\WNSXS~1\W?nSxS
C:\qoobox\purity\C\DOCUME~1\Bob\MYDOCU~1\TSKS~1
C:\qoobox\purity\C\WINDOWS\FNTS~1
C:\qoobox\purity\C\WINDOWS\SCURIT~1
C:\qoobox\purity\C\WINDOWS\system32\ICROSO~1.NET


((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-28 ))))))))))))))))))))))))))))))))))


2007-04-28 12:47 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-04-28 12:47 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-28 12:46 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-04-28 12:46 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-28 12:46 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-04-28 10:06 132,660 --a------ C:\WINDOWS\system32\abtovrnp.dll
2007-04-28 10:05 49,204 --a------ C:\WINDOWS\system32\xaonkcul.dll
2007-04-22 14:10 1,880 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-21 22:42 1,431,135 ---hs---- C:\WINDOWS\system32\fgjlm.bak2
2007-04-20 22:42 281,172 ---hs---- C:\WINDOWS\system32\mljgf.dll
2007-04-20 22:42 1,400,168 ---hs---- C:\WINDOWS\system32\fgjlm.bak1
2007-04-20 22:41 281,172 ---hs---- C:\WINDOWS\system32\awvts.dll
2007-04-20 22:32 <DIR> d-------- C:\Program Files\xloadnet
2007-04-16 10:41 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-16 09:40 <DIR> d-------- C:\Hosts
2007-04-16 00:38 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-08 19:27 <DIR> d-------- C:\Tiff's pics
2007-04-08 18:44 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2007-04-08 18:44 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2007-04-08 18:44 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2007-04-08 18:44 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2007-04-08 18:44 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
2007-04-08 18:44 <DIR> d-------- C:\Program Files\REGSHAVE
2007-04-03 03:43 <DIR> d-------- C:\Program Files\MySpace
2007-04-03 03:43 <DIR> d-------- C:\DOCUME~1\Bob\APPLIC~1\MySpace


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-28 12:53 -------- d-------- C:\Program Files\steam
2007-04-27 04:22 -------- d-------- C:\Program Files\soulseek
2007-04-16 00:37 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-04-10 15:39 -------- d-------- C:\Program Files\world of warcraft
2007-04-08 18:44 -------- d--h----- C:\Program Files\installshield installation information
2007-04-03 11:34 -------- d-------- C:\Program Files\Common Files\real
2007-04-03 11:34 -------- d-------- C:\DOCUME~1\Bob\APPLIC~1\real
2007-02-22 09:18 43520 --a------ C:\WINDOWS\system32\cmdlineext03.dll
2007-02-21 20:17 36387 --a------ C:\WINDOWS\diiunin.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1193A134-1787-6653-A548-1EE34BE1FFE1} C:\WINDOWS\system32\wstkt.dll [x]
{1391A737-1680-3105-AB48-1EE34BE1F2EF} C:\WINDOWS\system32\zul.dll [x]
{15C6F560-4183-3150-AB48-1EE34BEEAAEF} C:\WINDOWS\system32\usvn.dll [x]
{1EC0AF31-4186-3106-A348-1EE34BE1F3B9} C:\WINDOWS\system32\mqyn.dll [x]
{3F9D0C61-737D-44D1-BD80-91AF857061CC} C:\WINDOWS\system32\qomlljk.dll [x]
{4244FE67-4AD2-6656-F5AA-1043C064A0EC} C:\WINDOWS\system32\qojcm.dll [x]
{4396F664-1AF3-1505-A341-19E34D94FBEC} C:\WINDOWS\system32\zcwiivmp.dll [x]
{45C4A265-40A2-1550-F241-19E34D94F8BC} C:\WINDOWS\system32\ymmvyj.dll [x]
{469DF460-47D5-6454-A748-1EE34BE1FCEB} C:\WINDOWS\system32\mwcrbp.dll [x]
{549928B5-9F00-E38F-7950-CFCE19BDEAB9} C:\WINDOWS\system32\qcat.dll [x]
{577E857B-5031-4B6B-8D2C-921FF65B49F8} C:\WINDOWS\system32\mljgf.dll
{82B73048-D2AC-AD2D-DBCF-86DA69CF6AE3} C:\WINDOWS\system32\iks.dll [x]
{83C2650A-DFEC-FF36-CFFB-85FA4ADB6BB6} C:\WINDOWS\system32\iwctgg.dll [x]
{83DAC0D8-7735-52ED-1C00-2FF00BC86BB5} C:\WINDOWS\system32\tsutinx.dll [x]
{903682E6-330C-1286-7310-6B74E3D479E6} C:\WINDOWS\system32\ssqje.dll [x]
{B85B2AEC-965F-EC8D-29E5-C49E8D625FBC} C:\WINDOWS\system32\yhbma.dll [x]
{BCADCFA8-2D48-5994-3BEC-24807C3F50E0} C:\WINDOWS\system32\udplobp.dll [x]
{BDA9C8FA-7D19-0AC2-6AEC-24807C3F57B5} C:\WINDOWS\system32\rvoqyr.dll [x]
{D651AFF4-9590-424d-BD1E-8E33E090DFB3} C:\WINDOWS\system32\xaonkcul.dll
{EBFEC8A8-7F4F-0AC0-3FEC-24807C3F02B5} C:\WINDOWS\system32\qyv.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WINDVDPatch"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"DVDTray"="C:\\Program Files\\Ahead\\ODD Toolkit\\DVDTray.exe"
"w01d62ed.dll"="RUNDLL32.EXE w01d62ed.dll,I2 0004426f001d62ed"
"lxamsp32.exe"="lxamsp32.exe"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"AtiPTA"="atiptaxx.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\abtovrnp.dll\",realset"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Mwtd"="\"C:\\PROGRA~1\\SCURIT~1\\svchost.exe\" -vt ndrv"
"Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
"Hsreif"="C:\\DOCUME~1\\Bob\\APPLIC~1\\ASKS~1\\WCRTUP~1.EXE"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Iddni"="C:\\DOCUME~1\\Bob\\APPLIC~1\\ASKS~1\\WCRTUP~1.EXE"
"AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
"Iurn"="\"C:\\DOCUME~1\\Bob\\APPLIC~1\\WNSXS~1\\wowexec.exe\" -vt yazb"
@="C:\\DOCUME~1\\Bob\\APPLIC~1\\ASKS~1\\WCRTUP~1.EXE"
"Muhl"="\"C:\\Documents and Settings\\Bob\\My Documents\\s?stem\\w?nlogon.exe\""
"Mvc"="\"C:\\Documents and Settings\\Bob\\Application Data\\??stem\\w?nspool.exe\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Iurn"="\"C:\\PROGRA~1\\CROSOF~2.NET\\fast.exe\" -vt ndrv"
@="C:\\WINDOWS\\FNTS~1\\UERINI~1.EXE"
"Yvw"="C:\\Program Files\\Common Files\\s?curity\\r?gedit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{3F9D0C61-737D-44D1-BD80-91AF857061CC}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgf
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomlljk

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="winspool.dll "

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
HTTPFilter REG_MULTI_SZ HTTPFilter\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SRESCAN
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_VSMON

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-28 13:09:38
C:\ComboFix-quarantined-files.txt ... 07-04-28 13:09
C:\ComboFix2.txt ... 07-04-16 10:23



and here's my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:12:39 PM, on 4/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\DOCUME~1\Bob\APPLIC~1\WNSXS~1\wowexec.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Bob\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O3 - Toolbar: (no name) - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - (no file)
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [w01d62ed.dll] RUNDLL32.EXE w01d62ed.dll,I2 0004426f001d62ed
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\abtovrnp.dll",realset
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mwtd] "C:\PROGRA~1\SCURIT~1\svchost.exe" -vt ndrv
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Hsreif] C:\DOCUME~1\Bob\APPLIC~1\ASKS~1\WCRTUP~1.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Iddni] C:\DOCUME~1\Bob\APPLIC~1\ASKS~1\WCRTUP~1.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Iurn] "C:\DOCUME~1\Bob\APPLIC~1\WNSXS~1\wowexec.exe" -vt yazb
O4 - HKCU\..\Run: [] C:\DOCUME~1\Bob\APPLIC~1\ASKS~1\WCRTUP~1.EXE
O4 - HKCU\..\Run: [Muhl] "C:\Documents and Settings\Bob\My Documents\s?stem\w?nlogon.exe"
O4 - HKCU\..\Run: [Mvc] "C:\Documents and Settings\Bob\Application Data\??stem\w?nspool.exe"
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O20 - AppInit_DLLs: winspool.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by FredVegas, 28 April 2007 - 11:19 AM.

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 28 April 2007 - 11:48 AM

Launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Mwtd"=-
"Hsreif"=-
"Iddni"=-
"Iurn"=-
"Muhl"=-
"Mvc"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Iurn"=-
"Yvw"=-

[-HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\mljgf]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\qomlljk]


On the desktop, doubleclick fix.reg and allow it to run. Let it merge.


1.Click Start > Settings > Control Panel.
2.Next, open Add/Remove Programs and remove if listed:
Viewpoint Manager

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O3 - Toolbar: (no name) - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [w01d62ed.dll] RUNDLL32.EXE w01d62ed.dll,I2 0004426f001d62ed
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\abtovrnp.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mwtd] "C:\PROGRA~1\SCURIT~1\svchost.exe" -vt ndrv
O4 - HKCU\..\Run: [Hsreif] C:\DOCUME~1\Bob\APPLIC~1\ASKS~1\WCRTUP~1.EXE
O4 - HKCU\..\Run: [Iddni] C:\DOCUME~1\Bob\APPLIC~1\ASKS~1\WCRTUP~1.EXE
O4 - HKCU\..\Run: [Iurn] "C:\DOCUME~1\Bob\APPLIC~1\WNSXS~1\wowexec.exe" -vt yazb
O4 - HKCU\..\Run: [] C:\DOCUME~1\Bob\APPLIC~1\ASKS~1\WCRTUP~1.EXE
O4 - HKCU\..\Run: [Muhl] "C:\Documents and Settings\Bob\My Documents\s?stem\w?nlogon.exe"
O4 - HKCU\..\Run: [Mvc] "C:\Documents and Settings\Bob\Application Data\??stem\w?nspool.exe"
Close ALL windows and browsers except HijackThis and click "Fix checked"

Download Avenger by Swandog, and unzip it to your desktop or somewhere you can find it. (Do not run it yet).
http://swandog46.gee...com/avenger.zip

Note: The Avenger must be run from a user account with administrator privileges,

and ONLY works on Windows 2000 and XP, and only on 32-bit versions!
If yours is a 64 bit version, do not use it, let me know.


Open a Notepad file by clicking Start > Run and typing Notepad.exe in the box, click OK.

Click Format, and ensure Word Wrap is unchecked.

Copy and Paste all the text inside the box below into Notepad.

Now save the file as RemoveFiles.txt in a location where you can find it.



Files to delete:
C:\WINDOWS\system32\abtovrnp.dll
C:\WINDOWS\system32\xaonkcul.dll
C:\WINDOWS\system32\fgjlm.bak2
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\wstkt.dll
C:\WINDOWS\system32\zul.dll
C:\WINDOWS\system32\usvn.dll
C:\WINDOWS\system32\mqyn.dll
C:\WINDOWS\system32\qomlljk.dll
C:\WINDOWS\system32\qojcm.dll
C:\WINDOWS\system32\zcwiivmp.dll
C:\WINDOWS\system32\ymmvyj.dll
C:\WINDOWS\system32\mwcrbp.dll
C:\WINDOWS\system32\qcat.dll
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\iks.dll
C:\WINDOWS\system32\iwctgg.dll
C:\WINDOWS\system32\tsutinx.dll
C:\WINDOWS\system32\ssqje.dll
C:\WINDOWS\system32\yhbma.dll
C:\WINDOWS\system32\udplobp.dll
C:\WINDOWS\system32\rvoqyr.dll
C:\WINDOWS\system32\xaonkcul.dll
C:\WINDOWS\system32\qyv.dll

Folders to delete:
C:\Program Files\xloadnet


Start Avenger by double clicking on Avenger.exe.

Check Load script from file:

Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.

Double click it to enter it into Avenger.

Click the green traffic light symbol.

You will be asked if you want to execute the script, answer Yes.

At this point you may get prompts from your protection systems, allow them please.

Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.

Answer Yes, and allow your computer to re-boot.

Upon re-boot a command window will briefly appear on screen (this is normal).

A Notepad text file will be created C:\avenger.txt.

Copy and Paste it into your next post please, along with a new HJT log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#5 FredVegas

FredVegas

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 28 April 2007 - 12:32 PM

Did as requested, but had a problem when running the scan only of HJT. Some of the items you had listed to put checks next to weren't in the list that HJT created. I'll list them for ya:
O4 - HKCU\..\Run: [Mwtd] "C:\PROGRA~1\SCURIT~1\svchost.exe" -vt ndrv
O4 - HKCU\..\Run: [Hsreif] C:\DOCUME~1\Bob\APPLIC~1\ASKS~1\WCRTUP~1.EXE
O4 - HKCU\..\Run: [Iddni] C:\DOCUME~1\Bob\APPLIC~1\ASKS~1\WCRTUP~1.EXE
O4 - HKCU\..\Run: [Iurn] "C:\DOCUME~1\Bob\APPLIC~1\WNSXS~1\wowexec.exe" -vt yazb
O4 - HKCU\..\Run: [Muhl] "C:\Documents and Settings\Bob\My Documents\s?stem\w?nlogon.exe"
O4 - HKCU\..\Run: [Mvc] "C:\Documents and Settings\Bob\Application Data\??stem\w?nspool.exe"

Not sure if that's as intended or not, just thought you should know. Also, when I removed viewpoint manager, zone alarm said it was trying to access the internet and I denied it access. Should I have allowed it? Again, just lettin ya know. Anyway, here's the avenger file and the new HJT:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\oeulfxcs

*******************

Script file located at: \??\C:\WINDOWS\system32\mffaxlcv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\abtovrnp.dll deleted successfully.
File C:\WINDOWS\system32\xaonkcul.dll deleted successfully.
File C:\WINDOWS\system32\fgjlm.bak2 deleted successfully.
File C:\WINDOWS\system32\mljgf.dll deleted successfully.
File C:\WINDOWS\system32\fgjlm.bak1 deleted successfully.
File C:\WINDOWS\system32\awvts.dll deleted successfully.


File C:\WINDOWS\system32\wstkt.dll not found!
Deletion of file C:\WINDOWS\system32\wstkt.dll failed!

Could not process line:
C:\WINDOWS\system32\wstkt.dll
Status: 0xc0000034



File C:\WINDOWS\system32\zul.dll not found!
Deletion of file C:\WINDOWS\system32\zul.dll failed!

Could not process line:
C:\WINDOWS\system32\zul.dll
Status: 0xc0000034



File C:\WINDOWS\system32\usvn.dll not found!
Deletion of file C:\WINDOWS\system32\usvn.dll failed!

Could not process line:
C:\WINDOWS\system32\usvn.dll
Status: 0xc0000034



File C:\WINDOWS\system32\mqyn.dll not found!
Deletion of file C:\WINDOWS\system32\mqyn.dll failed!

Could not process line:
C:\WINDOWS\system32\mqyn.dll
Status: 0xc0000034



File C:\WINDOWS\system32\qomlljk.dll not found!
Deletion of file C:\WINDOWS\system32\qomlljk.dll failed!

Could not process line:
C:\WINDOWS\system32\qomlljk.dll
Status: 0xc0000034



File C:\WINDOWS\system32\qojcm.dll not found!
Deletion of file C:\WINDOWS\system32\qojcm.dll failed!

Could not process line:
C:\WINDOWS\system32\qojcm.dll
Status: 0xc0000034



File C:\WINDOWS\system32\zcwiivmp.dll not found!
Deletion of file C:\WINDOWS\system32\zcwiivmp.dll failed!

Could not process line:
C:\WINDOWS\system32\zcwiivmp.dll
Status: 0xc0000034



File C:\WINDOWS\system32\ymmvyj.dll not found!
Deletion of file C:\WINDOWS\system32\ymmvyj.dll failed!

Could not process line:
C:\WINDOWS\system32\ymmvyj.dll
Status: 0xc0000034



File C:\WINDOWS\system32\mwcrbp.dll not found!
Deletion of file C:\WINDOWS\system32\mwcrbp.dll failed!

Could not process line:
C:\WINDOWS\system32\mwcrbp.dll
Status: 0xc0000034



File C:\WINDOWS\system32\qcat.dll not found!
Deletion of file C:\WINDOWS\system32\qcat.dll failed!

Could not process line:
C:\WINDOWS\system32\qcat.dll
Status: 0xc0000034



File C:\WINDOWS\system32\mljgf.dll not found!
Deletion of file C:\WINDOWS\system32\mljgf.dll failed!

Could not process line:
C:\WINDOWS\system32\mljgf.dll
Status: 0xc0000034



File C:\WINDOWS\system32\iks.dll not found!
Deletion of file C:\WINDOWS\system32\iks.dll failed!

Could not process line:
C:\WINDOWS\system32\iks.dll
Status: 0xc0000034



File C:\WINDOWS\system32\iwctgg.dll not found!
Deletion of file C:\WINDOWS\system32\iwctgg.dll failed!

Could not process line:
C:\WINDOWS\system32\iwctgg.dll
Status: 0xc0000034



File C:\WINDOWS\system32\tsutinx.dll not found!
Deletion of file C:\WINDOWS\system32\tsutinx.dll failed!

Could not process line:
C:\WINDOWS\system32\tsutinx.dll
Status: 0xc0000034



File C:\WINDOWS\system32\ssqje.dll not found!
Deletion of file C:\WINDOWS\system32\ssqje.dll failed!

Could not process line:
C:\WINDOWS\system32\ssqje.dll
Status: 0xc0000034



File C:\WINDOWS\system32\yhbma.dll not found!
Deletion of file C:\WINDOWS\system32\yhbma.dll failed!

Could not process line:
C:\WINDOWS\system32\yhbma.dll
Status: 0xc0000034



File C:\WINDOWS\system32\udplobp.dll not found!
Deletion of file C:\WINDOWS\system32\udplobp.dll failed!

Could not process line:
C:\WINDOWS\system32\udplobp.dll
Status: 0xc0000034



File C:\WINDOWS\system32\rvoqyr.dll not found!
Deletion of file C:\WINDOWS\system32\rvoqyr.dll failed!

Could not process line:
C:\WINDOWS\system32\rvoqyr.dll
Status: 0xc0000034



File C:\WINDOWS\system32\xaonkcul.dll not found!
Deletion of file C:\WINDOWS\system32\xaonkcul.dll failed!

Could not process line:
C:\WINDOWS\system32\xaonkcul.dll
Status: 0xc0000034



File C:\WINDOWS\system32\qyv.dll not found!
Deletion of file C:\WINDOWS\system32\qyv.dll failed!

Could not process line:
C:\WINDOWS\system32\qyv.dll
Status: 0xc0000034

Folder C:\Program Files\xloadnet deleted successfully.

Completed script processing.

*******************

Finished! Terminate.




Logfile of HijackThis v1.99.1
Scan saved at 2:31:01 PM, on 4/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bob\Desktop\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {1193A134-1787-6653-A548-1EE34BE1FFE1} - C:\WINDOWS\system32\wstkt.dll (file missing)
O2 - BHO: (no name) - {1391A737-1680-3105-AB48-1EE34BE1F2EF} - C:\WINDOWS\system32\zul.dll (file missing)
O2 - BHO: (no name) - {15C6F560-4183-3150-AB48-1EE34BEEAAEF} - C:\WINDOWS\system32\usvn.dll (file missing)
O2 - BHO: (no name) - {1EC0AF31-4186-3106-A348-1EE34BE1F3B9} - C:\WINDOWS\system32\mqyn.dll (file missing)
O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\system32\qomlljk.dll (file missing)
O2 - BHO: (no name) - {4244FE67-4AD2-6656-F5AA-1043C064A0EC} - C:\WINDOWS\system32\qojcm.dll (file missing)
O2 - BHO: (no name) - {4396F664-1AF3-1505-A341-19E34D94FBEC} - C:\WINDOWS\system32\zcwiivmp.dll (file missing)
O2 - BHO: (no name) - {45C4A265-40A2-1550-F241-19E34D94F8BC} - C:\WINDOWS\system32\ymmvyj.dll (file missing)
O2 - BHO: (no name) - {469DF460-47D5-6454-A748-1EE34BE1FCEB} - C:\WINDOWS\system32\mwcrbp.dll (file missing)
O2 - BHO: (no name) - {549928B5-9F00-E38F-7950-CFCE19BDEAB9} - C:\WINDOWS\system32\qcat.dll (file missing)
O2 - BHO: (no name) - {577E857B-5031-4B6B-8D2C-921FF65B49F8} - C:\WINDOWS\system32\mljgf.dll (file missing)
O2 - BHO: (no name) - {82B73048-D2AC-AD2D-DBCF-86DA69CF6AE3} - C:\WINDOWS\system32\iks.dll (file missing)
O2 - BHO: (no name) - {83C2650A-DFEC-FF36-CFFB-85FA4ADB6BB6} - C:\WINDOWS\system32\iwctgg.dll (file missing)
O2 - BHO: (no name) - {83DAC0D8-7735-52ED-1C00-2FF00BC86BB5} - C:\WINDOWS\system32\tsutinx.dll (file missing)
O2 - BHO: (no name) - {903682E6-330C-1286-7310-6B74E3D479E6} - C:\WINDOWS\system32\ssqje.dll (file missing)
O2 - BHO: (no name) - {B85B2AEC-965F-EC8D-29E5-C49E8D625FBC} - C:\WINDOWS\system32\yhbma.dll (file missing)
O2 - BHO: (no name) - {BCADCFA8-2D48-5994-3BEC-24807C3F50E0} - C:\WINDOWS\system32\udplobp.dll (file missing)
O2 - BHO: (no name) - {BDA9C8FA-7D19-0AC2-6AEC-24807C3F57B5} - C:\WINDOWS\system32\rvoqyr.dll (file missing)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\xaonkcul.dll (file missing)
O2 - BHO: (no name) - {EBFEC8A8-7F4F-0AC0-3FEC-24807C3F02B5} - C:\WINDOWS\system32\qyv.dll (file missing)
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O20 - AppInit_DLLs: winspool.dll
O20 - Winlogon Notify: mljgf - C:\WINDOWS\system32\mljgf.dll (file missing)
O20 - Winlogon Notify: qomlljk - qomlljk.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 28 April 2007 - 12:42 PM

No problem with it telling us "file not found" :thumbup:

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O2 - BHO: (no name) - {1193A134-1787-6653-A548-1EE34BE1FFE1} - C:\WINDOWS\system32\wstkt.dll (file missing)
O2 - BHO: (no name) - {1391A737-1680-3105-AB48-1EE34BE1F2EF} - C:\WINDOWS\system32\zul.dll (file missing)
O2 - BHO: (no name) - {15C6F560-4183-3150-AB48-1EE34BEEAAEF} - C:\WINDOWS\system32\usvn.dll (file missing)
O2 - BHO: (no name) - {1EC0AF31-4186-3106-A348-1EE34BE1F3B9} - C:\WINDOWS\system32\mqyn.dll (file missing)
O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\system32\qomlljk.dll (file missing)
O2 - BHO: (no name) - {4244FE67-4AD2-6656-F5AA-1043C064A0EC} - C:\WINDOWS\system32\qojcm.dll (file missing)
O2 - BHO: (no name) - {4396F664-1AF3-1505-A341-19E34D94FBEC} - C:\WINDOWS\system32\zcwiivmp.dll (file missing)
O2 - BHO: (no name) - {45C4A265-40A2-1550-F241-19E34D94F8BC} - C:\WINDOWS\system32\ymmvyj.dll (file missing)
O2 - BHO: (no name) - {469DF460-47D5-6454-A748-1EE34BE1FCEB} - C:\WINDOWS\system32\mwcrbp.dll (file missing)
O2 - BHO: (no name) - {549928B5-9F00-E38F-7950-CFCE19BDEAB9} - C:\WINDOWS\system32\qcat.dll (file missing)
O2 - BHO: (no name) - {577E857B-5031-4B6B-8D2C-921FF65B49F8} - C:\WINDOWS\system32\mljgf.dll (file missing)
O2 - BHO: (no name) - {82B73048-D2AC-AD2D-DBCF-86DA69CF6AE3} - C:\WINDOWS\system32\iks.dll (file missing)
O2 - BHO: (no name) - {83C2650A-DFEC-FF36-CFFB-85FA4ADB6BB6} - C:\WINDOWS\system32\iwctgg.dll (file missing)
O2 - BHO: (no name) - {83DAC0D8-7735-52ED-1C00-2FF00BC86BB5} - C:\WINDOWS\system32\tsutinx.dll (file missing)
O2 - BHO: (no name) - {903682E6-330C-1286-7310-6B74E3D479E6} - C:\WINDOWS\system32\ssqje.dll (file missing)
O2 - BHO: (no name) - {B85B2AEC-965F-EC8D-29E5-C49E8D625FBC} - C:\WINDOWS\system32\yhbma.dll (file missing)
O2 - BHO: (no name) - {BCADCFA8-2D48-5994-3BEC-24807C3F50E0} - C:\WINDOWS\system32\udplobp.dll (file missing)
O2 - BHO: (no name) - {BDA9C8FA-7D19-0AC2-6AEC-24807C3F57B5} - C:\WINDOWS\system32\rvoqyr.dll (file missing)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\xaonkcul.dll (file missing)
O2 - BHO: (no name) - {EBFEC8A8-7F4F-0AC0-3FEC-24807C3F02B5} - C:\WINDOWS\system32\qyv.dll (file missing)
O20 - Winlogon Notify: mljgf - C:\WINDOWS\system32\mljgf.dll (file missing)
O20 - Winlogon Notify: qomlljk - qomlljk.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Close ALL windows and browsers except HijackThis and click "Fix checked"

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#7 FredVegas

FredVegas

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 28 April 2007 - 01:01 PM

Computer is behaving normally.

New HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:55:43 PM, on 4/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bob\Desktop\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O20 - AppInit_DLLs: winspool.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 28 April 2007 - 01:12 PM

You need to update SunJava.
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the Posted Image icon next to it.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on 6-windowsi586-p.exe to install the newest version.
Once installed you can test to see that it is in fact installed
Sun Java Test
http://www.java.com/...d/installed.jsp


You can remove any programs I had you install. Use Add/Remove Programs to remove if listed there otherwise just delete them and empty recycle bin.

Log looks good :D


You need to create a new Clean restore point.

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.



If you dont have any programs like these, I would recommend that you get them.
Spywareblaster,
Spywareguard.


Also get a FREE FIREWALL and FREE ANTI VIRUS if you need one.

Only run one Anti-Virus and Firewall program.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Do not use Ad-aware if you have McAfee's VirusScan and AntiSpyware


Safe Surfing. :D

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#9 FredVegas

FredVegas

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 28 April 2007 - 01:17 PM

I'll be sure to do what you suggest, and thanks a lot for your help. One last question though. I still see Outerinfo and OIN search in my list of programs at Start>Control Panel> Add/Remove Programs. Should I be concerned about them still being there?

#10 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 28 April 2007 - 01:28 PM

I still see Outerinfo and OIN search in my list of programs at Start>Control Panel> Add/Remove Programs. Should I be concerned about them still being there?

Yes:
This is to remove Outerinfo pop-ups (aka as PurityScan - OIN - ad.oinadserver.com) - please start here:

Download and unzip hosts.zip from HERE to a folder (hosts).

Here's a Tutorial on how to install it, but it's installed like this:

Open up the hosts folder and double-click on the mvps.bat file, it will rename your present HOSTS file to HOSTS.MVP, then it will copy the new HOSTS file to the correct location on your machine. It happens very quickly so don't blink!

-------------------

Please note that a large HOSTS file (over 135 kb) may slow down the machine. This only occurs in W2K and XP.

To fix this:Go to Start > Run (type) services.msc > OK
Scroll down to DNS Client, Right-click and select: Properties
Click the drop-down arrow for "Startup type"
Select: Manual, click Apply/Ok and restart.
----------------------

You're done with this step.

Next....

Look in your control panels add/remove programs for any of these and uninstall them:

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.
Zolero
Tizzletalk
MediaTickets
Cowabanga
and any other programs you didn't install or don't recognize - if your not sure please ask first

Next..........

Download and run this uninstaller:
http://www.outerinfo...Uninstaller.exe

Tutorial for the uninstaller if needed

Reboot when done and let me know if they are gone.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#11 FredVegas

FredVegas

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 28 April 2007 - 02:11 PM

When I tried to remove them it gave me an error saying that they could not be found and may have been previously removed. It then asked if I wanted to remove them from the list and I said yes. They were probably still listed from when I ran the uninstaller in the self help forum. At any rate, they're gone now. :thumbup:

#12 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 28 April 2007 - 02:14 PM

Cool...You're good to go :thumbup:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#13 FredVegas

FredVegas

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 28 April 2007 - 02:32 PM

Great, and thanks again for your help. I updated Java and set up a clean restore point as well. Take care, LDT.

Edited by FredVegas, 28 April 2007 - 02:32 PM.

#14 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 28 April 2007 - 02:33 PM

Great job :thumbup: You're more then welcome. Glad we were able to help Peace be with you :wavey:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#15 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 28 April 2007 - 02:33 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·