Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Malware Attack - Vundo, Outerinfo


  • Please log in to reply
7 replies to this topic

#1 born

born

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 11 August 2007 - 11:36 AM

Ouch! Have been infected for 5 days and the machine is spiraling downhill!
I believe it is a Vundo virus, also Outerinfo. Tried the 2 Vundo removal tools - 1 file can't be removed by this - called hgghifd.dll. Machine restarts periodically, pop-up windows whenever mail or explorer is open, and frequently reports that it has recovered from a serious system error. Here is my Hijack log - greatly appreciate this forum - makes me feel like I'm not alone.....

Logfile of HijackThis v1.99.1
Scan saved at 10:32:16 AM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\qwerty12.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Owner\My Documents\s?mbols\?poolsv.exe
C:\DOCUME~1\Owner\MYDOCU~1\YSTEM~1\logonui.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FD9AECC-470E-49FD-2902-3AB60F4BF09A} - C:\WINDOWS\system32\fpmsbmt.dll
O2 - BHO: (no name) - {416378D5-8FEF-43F9-A381-20592E06B09C} - C:\WINDOWS\Microsoft.NET\barva.dll (file missing)
O2 - BHO: (no name) - {794E75F1-B50D-4729-AD64-46D735F483F5} - C:\WINDOWS\system32\awtrs.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSEvents Object - {bf81cf9b-818f-415c-9dec-fab5f4d598f4} - C:\WINDOWS\system32\mid_US.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp17.tmp.dll
O2 - BHO: (no name) - {E5B11CFE-21A3-4CCE-AA44-FA1863A41759} - C:\Program Files\MSN\hokeroxo83122.dll (file missing)
O2 - BHO: (no name) - {EF23D0B1-B9AF-4D15-B391-FB4FB5C9D4B0} - C:\Program Files\MSN\hokeroxo4444.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\byvwvu.dll",forkonce
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Vxevt] "C:\Documents and Settings\Owner\My Documents\s?mbols\?poolsv.exe"
O4 - HKCU\..\Run: [Cpue] "C:\DOCUME~1\Owner\MYDOCU~1\YSTEM~1\logonui.exe" -vt ndrv
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O20 - AppInit_DLLs: c:\windows\system32\hgghifd.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mid_US - C:\WINDOWS\SYSTEM32\mid_US.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\tatakcc.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    Advertisements

Register to Remove


#2 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 11 August 2007 - 12:36 PM

Hi and welcome to the forums. :) I'm Markka and I will be helping you with your malware issues. I'll check your HijackThis log. Right now I'm MRU Undergrad, everything that I post to you must be checked by teachers of Malware Removal University. Please be patient. :)

#3 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 12 August 2007 - 04:26 AM

Hello :)

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
_____________________

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall!
_____________________


Post:
- A fresh HijackThis log
- Contents of C:\vundofix.txt
- Contents of C:\ComboFix.txt

#4 born

born

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 12 August 2007 - 09:59 AM

Hi Markka -

Thanks for the response:

Here is the Vundofix.txt file: Please Note that I have run this multiple times and the txt file saves a log of each event. The last one I ran this am. I inlcuded them all so you can see what seems to be coming back:

I will post the Vundo and HT file first, then the results of the combofix.txt

VundoFix V6.5.7

Checking Java version...

Scan started at 11:19:11 PM 8/8/2007

Listing files found while scanning....

C:\WINDOWS\Microsoft.NET\barva.dll
C:\WINDOWS\ooooqr.ini
C:\WINDOWS\rqoooo.dll
C:\windows\system32\aufvecvc.dll
C:\WINDOWS\system32\awtrs.dll
C:\windows\system32\cvcevfua.ini
C:\windows\system32\euayiiob.exe
C:\windows\system32\gsexuhmc.exe
C:\windows\system32\hgghifd.dll
C:\windows\system32\kjnfgabi.exe
C:\windows\system32\klsbfqil.exe
C:\windows\system32\lthsrwsy.ini
C:\windows\system32\otuyyjwo.dll
C:\windows\system32\owjyyuto.ini
C:\windows\system32\sdqpohip.exe
C:\windows\system32\syymmwew.exe
C:\WINDOWS\system32\tmp94.tmp.dll
C:\windows\system32\yswrshtl.dll

Beginning removal...

Attempting to delete C:\WINDOWS\Microsoft.NET\barva.dll
C:\WINDOWS\Microsoft.NET\barva.dll Has been deleted!

Attempting to delete C:\WINDOWS\ooooqr.ini
C:\WINDOWS\ooooqr.ini Has been deleted!

Attempting to delete C:\WINDOWS\rqoooo.dll
C:\WINDOWS\rqoooo.dll Has been deleted!

Attempting to delete C:\windows\system32\aufvecvc.dll
C:\windows\system32\aufvecvc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtrs.dll
C:\WINDOWS\system32\awtrs.dll Has been deleted!

Attempting to delete C:\windows\system32\cvcevfua.ini
C:\windows\system32\cvcevfua.ini Has been deleted!

Attempting to delete C:\windows\system32\euayiiob.exe
C:\windows\system32\euayiiob.exe Has been deleted!

Attempting to delete C:\windows\system32\gsexuhmc.exe
C:\windows\system32\gsexuhmc.exe Has been deleted!

Attempting to delete C:\windows\system32\hgghifd.dll
C:\windows\system32\hgghifd.dll Could not be deleted.

Attempting to delete C:\windows\system32\kjnfgabi.exe
C:\windows\system32\kjnfgabi.exe Has been deleted!

Attempting to delete C:\windows\system32\klsbfqil.exe
C:\windows\system32\klsbfqil.exe Has been deleted!

Attempting to delete C:\windows\system32\lthsrwsy.ini
C:\windows\system32\lthsrwsy.ini Has been deleted!

Attempting to delete C:\windows\system32\otuyyjwo.dll
C:\windows\system32\otuyyjwo.dll Has been deleted!

Attempting to delete C:\windows\system32\owjyyuto.ini
C:\windows\system32\owjyyuto.ini Has been deleted!

Attempting to delete C:\windows\system32\sdqpohip.exe
C:\windows\system32\sdqpohip.exe Has been deleted!

Attempting to delete C:\windows\system32\syymmwew.exe
C:\windows\system32\syymmwew.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\tmp94.tmp.dll
C:\WINDOWS\system32\tmp94.tmp.dll Has been deleted!

Attempting to delete C:\windows\system32\yswrshtl.dll
C:\windows\system32\yswrshtl.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Scan started at 11:24:37 PM 8/8/2007

Listing files found while scanning....

C:\windows\system32\hgghifd.dll

Beginning removal...

Attempting to delete C:\windows\system32\hgghifd.dll
C:\windows\system32\hgghifd.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\hgghifd.dll
C:\windows\system32\hgghifd.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Scan started at 12:35:16 AM 8/9/2007

Listing files found while scanning....

C:\WINDOWS\jjllmp.ini
C:\WINDOWS\pmlljj.dll
C:\windows\system32\hgghifd.dll
C:\WINDOWS\system32\tmp1C.tmp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\jjllmp.ini
C:\WINDOWS\jjllmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\pmlljj.dll
C:\WINDOWS\pmlljj.dll Has been deleted!

Attempting to delete C:\windows\system32\hgghifd.dll
C:\windows\system32\hgghifd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\tmp1C.tmp.dll
C:\WINDOWS\system32\tmp1C.tmp.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\hgghifd.dll
C:\windows\system32\hgghifd.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Scan started at 2:42:38 AM 8/9/2007

Listing files found while scanning....

C:\WINDOWS\fefghk.ini
C:\WINDOWS\khgfef.dll
C:\windows\system32\hgghifd.dll
C:\WINDOWS\system32\tmp19.tmp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\fefghk.ini
C:\WINDOWS\fefghk.ini Has been deleted!

Attempting to delete C:\WINDOWS\khgfef.dll
C:\WINDOWS\khgfef.dll Has been deleted!

Attempting to delete C:\windows\system32\hgghifd.dll
C:\windows\system32\hgghifd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\tmp19.tmp.dll
C:\WINDOWS\system32\tmp19.tmp.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\hgghifd.dll
C:\windows\system32\hgghifd.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Scan started at 1:21:32 AM 8/11/2007

Listing files found while scanning....

C:\windows\system32\hgghifd.dll

Beginning removal...

Attempting to delete C:\windows\system32\hgghifd.dll
C:\windows\system32\hgghifd.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Scan started at 8:33:41 AM 8/12/2007

Listing files found while scanning....

C:\WINDOWS\byvwvu.dll
C:\windows\system32\hgghifd.dll
C:\WINDOWS\system32\tmp17.tmp.dll
C:\WINDOWS\uvwvyb.ini

Beginning removal...

Attempting to delete C:\WINDOWS\byvwvu.dll
C:\WINDOWS\byvwvu.dll Has been deleted!

Attempting to delete C:\windows\system32\hgghifd.dll
C:\windows\system32\hgghifd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\tmp17.tmp.dll
C:\WINDOWS\system32\tmp17.tmp.dll Has been deleted!

Attempting to delete C:\WINDOWS\uvwvyb.ini
C:\WINDOWS\uvwvyb.ini Has been deleted!

Performing Repairs to the registry.
Done!


Here is the HT Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:42:19 AM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\qwerty12.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Owner\My Documents\s?mbols\?poolsv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\bin\iPodService.exe
C:\DOCUME~1\Owner\MYDOCU~1\YSTEM~1\logonui.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FD9AECC-470E-49FD-2902-3AB60F4BF09A} - C:\WINDOWS\system32\fpmsbmt.dll
O2 - BHO: (no name) - {416378D5-8FEF-43F9-A381-20592E06B09C} - C:\WINDOWS\Microsoft.NET\barva.dll (file missing)
O2 - BHO: (no name) - {794E75F1-B50D-4729-AD64-46D735F483F5} - C:\WINDOWS\system32\awtrs.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSEvents Object - {bf81cf9b-818f-415c-9dec-fab5f4d598f4} - C:\WINDOWS\system32\mid_US.dll
O2 - BHO: (no name) - {E5B11CFE-21A3-4CCE-AA44-FA1863A41759} - C:\Program Files\MSN\hokeroxo83122.dll (file missing)
O2 - BHO: (no name) - {EF23D0B1-B9AF-4D15-B391-FB4FB5C9D4B0} - C:\Program Files\MSN\hokeroxo4444.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Vxevt] "C:\Documents and Settings\Owner\My Documents\s?mbols\?poolsv.exe"
O4 - HKCU\..\Run: [Cpue] "C:\DOCUME~1\Owner\MYDOCU~1\YSTEM~1\logonui.exe" -vt ndrv
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O20 - AppInit_DLLs: c:\windows\system32\hgghifd.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mid_US - C:\WINDOWS\SYSTEM32\mid_US.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\tatakcc.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

#5 born

born

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 12 August 2007 - 11:12 AM

Hi - tried to run combofix, but causes a system crash and the computer re-boots everytime. go into it once, but it could not complete. Is there enough to go on with the latest HT file?

#6 born

born

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 12 August 2007 - 07:57 PM

Hi Markka - pretty much a complete system crash on doing anything - totally unusable and trying to do a complete OS re-install......I think we should close this item.... :-(

#7 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 12 August 2007 - 10:17 PM

Hi Markka -

pretty much a complete system crash on doing anything - totally unusable and trying to do a complete OS re-install......I think we should close this item.... :-(


So you're going to re-install OS? Can I close this topic? Please reply :)

#8 born

born

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 12 August 2007 - 11:32 PM

close the topic - thanks for the help. OS installation going well.....

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users