Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

What's Wrong With My Pc?

Started by blublow , Sep 08 2007 06:04 PM

  • Please log in to reply
7 replies to this topic

#1 blublow

blublow

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 08 September 2007 - 06:04 PM

I keep getting pop-ups and computer is running a lot slower than usual. When I use IE , my sites don't even load they just freeze up. If someone has the time, please tell me how to fix it. Thanks :wavey:

Logfile of HijackThis v1.99.1
Scan saved at 7:50:38 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\fscagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\WINDOWS\system32\rlcthfvs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.2.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 255.255.0.0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {4D6890A9-9C07-4313-B4A6-81062D145F7D} - C:\WINDOWS\system32\ddayx.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\wokmuyro.dll
O2 - BHO: (no name) - {DCD53738-C4F9-414A-A03C-C7405A4AC844} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\hfxihlkw.dll",forkonce
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1185244973671
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\rlcthfvs.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

    Advertisements

Register to Remove

#2 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 09 September 2007 - 12:22 AM

Hi and welcome to the forums. :) I'm Markka and I will be helping you with your malware issues. I'll check your HijackThis log. Right now I'm MRU Undergrad, everything that I post to you must be checked by teachers of Malware Removal University. Please be patient. :)

#3 blublow

blublow

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 09 September 2007 - 10:17 AM

Thank you, Markka for helping. I'll wait :)

#4 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 10 September 2007 - 06:15 AM

Hello :)

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

#5 blublow

blublow

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 12 September 2007 - 08:21 PM

VundoFix V6.5.8

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 9:59:08 PM 9/12/2007

Listing files found while scanning....

C:\windows\system32\aivaoyxh.ini
C:\windows\system32\ajfnlrtj.ini
C:\windows\system32\ajiswlty.ini
C:\windows\system32\ajvwfmiu.dll
C:\windows\system32\amqsdxte.dll
C:\windows\system32\anmcqfir.ini
C:\windows\system32\atiuebtk.dll
C:\windows\system32\bbnqjbdk.ini
C:\windows\system32\bbplvtoi.dll
C:\windows\system32\bcspvfww.dll
C:\windows\system32\bhikagbg.ini
C:\windows\system32\bjkidild.dll
C:\windows\system32\bkbnookt.ini
C:\windows\system32\bmfwwaaq.dll
C:\windows\system32\bpxjxkrn.ini
C:\windows\system32\bvcdmofu.dll
C:\windows\system32\cgwcksve.dll
C:\windows\system32\chplirwk.dll
C:\windows\system32\ciqxtpno.dll
C:\windows\system32\cnehwukt.ini
C:\windows\system32\cqxysmmu.dll
C:\windows\system32\cxlnvghy.dll
C:\windows\system32\cybdnmyg.ini
C:\WINDOWS\system32\ddayx.dll
C:\windows\system32\ddqkiucq.ini
C:\windows\system32\deddmtyf.ini
C:\windows\system32\dhdieoem.ini
C:\windows\system32\dilrtkdo.ini
C:\windows\system32\dinjxcte.ini
C:\windows\system32\dlidikjb.ini
C:\windows\system32\dnbiiffs.dll
C:\windows\system32\dpevyyat.ini
C:\windows\system32\dtllhmwi.dll
C:\windows\system32\dvgonwug.dll
C:\windows\system32\dxdpwhnq.dll
C:\windows\system32\encrlufr.dll
C:\windows\system32\epfjkpyr.dll
C:\windows\system32\etcxjnid.dll
C:\windows\system32\etxdsqma.ini
C:\windows\system32\evskcwgc.ini
C:\windows\system32\fbclyvhw.dll
C:\windows\system32\fivsmirr.ini
C:\windows\system32\fxleuely.dll
C:\windows\system32\fytmdded.dll
C:\windows\system32\gbgakihb.dll
C:\windows\system32\gfkgewdy.ini
C:\windows\system32\gfrnaaiq.ini
C:\windows\system32\gjubhywu.dll
C:\windows\system32\gpksgpun.ini
C:\windows\system32\gryxawgs.ini
C:\windows\system32\guwnogvd.ini
C:\windows\system32\gymndbyc.dll
C:\windows\system32\heiqirqm.dll
C:\windows\system32\hftsnggk.ini
C:\windows\system32\hhwqaklm.ini
C:\windows\system32\hsdruuhw.ini
C:\windows\system32\hxyoavia.dll
C:\windows\system32\iarpfrkp.ini
C:\windows\system32\ijmjgvvx.dll
C:\windows\system32\ilfomywv.ini
C:\windows\system32\iotvlpbb.ini
C:\windows\system32\isyqrvul.ini
C:\windows\system32\iwmhlltd.ini
C:\windows\system32\ixtcvatw.dll
C:\windows\system32\iyymsjml.ini
C:\windows\system32\jgeftves.dll
C:\windows\system32\jhgoidaw.ini
C:\windows\system32\jlgppqnp.dll
C:\windows\system32\jtrlnfja.dll
C:\WINDOWS\system32\juqpusbk.dll
C:\windows\system32\jwlqiysp.dll
C:\windows\system32\kbsupquj.ini
C:\windows\system32\kdbjqnbb.dll
C:\windows\system32\kggnstfh.dll
C:\windows\system32\ktbeuita.ini
C:\windows\system32\kvnigosq.ini
C:\windows\system32\kwrilphc.ini
C:\windows\system32\kyvlkwiv.ini
C:\windows\system32\ldhdoymq.dll
C:\windows\system32\lmjsmyyi.dll
C:\windows\system32\lpccrrfs.ini
C:\windows\system32\luvrqysi.dll
C:\windows\system32\lwggclvq.ini
C:\windows\system32\mcvnkhcr.dll
C:\windows\system32\meoeidhd.dll
C:\windows\system32\mioddlmy.ini
C:\windows\system32\mlkaqwhh.dll
C:\windows\system32\mmovrpdy.dll
C:\windows\system32\mnoxkyxt.dll
C:\windows\system32\mpudeugn.ini
C:\windows\system32\mqriqieh.ini
C:\windows\system32\mvcsamfp.ini
C:\windows\system32\nguedupm.dll
C:\windows\system32\nhkeamky.ini
C:\windows\system32\nkiqcsap.dll
C:\windows\system32\nrkxjxpb.dll
C:\windows\system32\nupgskpg.dll
C:\windows\system32\odktrlid.dll
C:\windows\system32\ohylokqs.dll
C:\windows\system32\ojgphbwq.dll
C:\windows\system32\onptxqic.ini
C:\windows\system32\onrcyorv.dll
C:\windows\system32\ovaoncby.ini
C:\windows\system32\oykkhmnx.dll
C:\windows\system32\pascqikn.ini
C:\windows\system32\pbitunux.ini
C:\windows\system32\pfmascvm.dll
C:\windows\system32\pkrfprai.dll
C:\windows\system32\pnqppglj.ini
C:\windows\system32\psyiqlwj.ini
C:\windows\system32\pwhrmnmx.dll
C:\windows\system32\qaawwfmb.ini
C:\windows\system32\qcuikqdd.dll
C:\windows\system32\qdsqlarr.ini
C:\windows\system32\qfhbuxws.dll
C:\windows\system32\qiaanrfg.dll
C:\windows\system32\qkxpebjv.dll
C:\windows\system32\qmyodhdl.ini
C:\windows\system32\qnhwpdxd.ini
C:\windows\system32\qsoginvk.dll
C:\windows\system32\qvlcggwl.dll
C:\windows\system32\qwbhpgjo.ini
C:\windows\system32\qxcsqlkw.ini
C:\windows\system32\rchknvcm.ini
C:\windows\system32\renscqcu.ini
C:\windows\system32\rfulrcne.ini
C:\windows\system32\rifqcmna.dll
C:\windows\system32\rralqsdq.dll
C:\windows\system32\rrimsvif.dll
C:\windows\system32\rypkjfpe.ini
C:\windows\system32\sdgrtycw.dll
C:\windows\system32\sevtfegj.ini
C:\windows\system32\sffiibnd.ini
C:\windows\system32\sfrrccpl.dll
C:\windows\system32\sgwaxyrg.dll
C:\WINDOWS\system32\sjdvkhai.dll
C:\windows\system32\swxubhfq.ini
C:\windows\system32\tayyvepd.dll
C:\windows\system32\tkoonbkb.dll
C:\windows\system32\tkuwhenc.dll
C:\windows\system32\tsdnmehy.dll
C:\windows\system32\txykxonm.ini
C:\windows\system32\tyhoexwu.ini
C:\windows\system32\ucqcsner.dll
C:\windows\system32\ufomdcvb.ini
C:\windows\system32\uimfwvja.ini
C:\windows\system32\ummsyxqc.ini
C:\windows\system32\uwxeohyt.dll
C:\windows\system32\uwyhbujg.ini
C:\windows\system32\uynisuxy.dll
C:\windows\system32\vfvwhiex.dll
C:\windows\system32\viwklvyk.dll
C:\windows\system32\vjbepxkq.ini
C:\windows\system32\vroycrno.ini
C:\windows\system32\vwymofli.dll
C:\windows\system32\wadioghj.dll
C:\windows\system32\wcytrgds.ini
C:\windows\system32\whuurdsh.dll
C:\windows\system32\whvylcbf.ini
C:\windows\system32\wklqscxq.dll
C:\WINDOWS\system32\wokmuyro.dll
C:\windows\system32\wtavctxi.ini
C:\windows\system32\wwfvpscb.ini
C:\windows\system32\xeihwvfv.ini
C:\windows\system32\xmnmrhwp.ini
C:\windows\system32\xunutibp.dll
C:\windows\system32\xvvgjmji.ini
C:\WINDOWS\system32\xyadd.bak1
C:\WINDOWS\system32\xyadd.bak2
C:\WINDOWS\system32\xyadd.ini
C:\WINDOWS\system32\xyadd.ini2
C:\WINDOWS\system32\xyadd.tmp
C:\windows\system32\ybcnoavo.dll
C:\windows\system32\ydprvomm.ini
C:\windows\system32\ydwegkfg.dll
C:\windows\system32\yhemndst.ini
C:\windows\system32\yhgvnlxc.ini
C:\windows\system32\ykmaekhn.dll
C:\windows\system32\yleuelxf.ini
C:\windows\system32\ymlddoim.dll
C:\windows\system32\ytlwsija.dll
C:\windows\system32\yxusinyu.ini

Beginning removal...

Attempting to delete C:\windows\system32\aivaoyxh.ini
C:\windows\system32\aivaoyxh.ini Has been deleted!

Attempting to delete C:\windows\system32\ajfnlrtj.ini
C:\windows\system32\ajfnlrtj.ini Has been deleted!

Attempting to delete C:\windows\system32\ajiswlty.ini
C:\windows\system32\ajiswlty.ini Has been deleted!

Attempting to delete C:\windows\system32\ajvwfmiu.dll
C:\windows\system32\ajvwfmiu.dll Has been deleted!

Attempting to delete C:\windows\system32\amqsdxte.dll
C:\windows\system32\amqsdxte.dll Has been deleted!

Attempting to delete C:\windows\system32\anmcqfir.ini
C:\windows\system32\anmcqfir.ini Has been deleted!

Attempting to delete C:\windows\system32\atiuebtk.dll
C:\windows\system32\atiuebtk.dll Has been deleted!

Attempting to delete C:\windows\system32\bbnqjbdk.ini
C:\windows\system32\bbnqjbdk.ini Has been deleted!

Attempting to delete C:\windows\system32\bbplvtoi.dll
C:\windows\system32\bbplvtoi.dll Has been deleted!

Attempting to delete C:\windows\system32\bcspvfww.dll
C:\windows\system32\bcspvfww.dll Has been deleted!

Attempting to delete C:\windows\system32\bhikagbg.ini
C:\windows\system32\bhikagbg.ini Has been deleted!

Attempting to delete C:\windows\system32\bjkidild.dll
C:\windows\system32\bjkidild.dll Has been deleted!

Attempting to delete C:\windows\system32\bkbnookt.ini
C:\windows\system32\bkbnookt.ini Has been deleted!

Attempting to delete C:\windows\system32\bmfwwaaq.dll
C:\windows\system32\bmfwwaaq.dll Has been deleted!

Attempting to delete C:\windows\system32\bpxjxkrn.ini
C:\windows\system32\bpxjxkrn.ini Has been deleted!

Attempting to delete C:\windows\system32\bvcdmofu.dll
C:\windows\system32\bvcdmofu.dll Has been deleted!

Attempting to delete C:\windows\system32\cgwcksve.dll
C:\windows\system32\cgwcksve.dll Has been deleted!

Attempting to delete C:\windows\system32\chplirwk.dll
C:\windows\system32\chplirwk.dll Has been deleted!

Attempting to delete C:\windows\system32\ciqxtpno.dll
C:\windows\system32\ciqxtpno.dll Has been deleted!

Attempting to delete C:\windows\system32\cnehwukt.ini
C:\windows\system32\cnehwukt.ini Has been deleted!

Attempting to delete C:\windows\system32\cqxysmmu.dll
C:\windows\system32\cqxysmmu.dll Has been deleted!

Attempting to delete C:\windows\system32\cxlnvghy.dll
C:\windows\system32\cxlnvghy.dll Has been deleted!

Attempting to delete C:\windows\system32\cybdnmyg.ini
C:\windows\system32\cybdnmyg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\ddayx.dll Has been deleted!

Attempting to delete C:\windows\system32\ddqkiucq.ini
C:\windows\system32\ddqkiucq.ini Has been deleted!

Attempting to delete C:\windows\system32\deddmtyf.ini
C:\windows\system32\deddmtyf.ini Has been deleted!

Attempting to delete C:\windows\system32\dhdieoem.ini
C:\windows\system32\dhdieoem.ini Has been deleted!

Attempting to delete C:\windows\system32\dilrtkdo.ini
C:\windows\system32\dilrtkdo.ini Has been deleted!

Attempting to delete C:\windows\system32\dinjxcte.ini
C:\windows\system32\dinjxcte.ini Has been deleted!

Attempting to delete C:\windows\system32\dlidikjb.ini
C:\windows\system32\dlidikjb.ini Has been deleted!

Attempting to delete C:\windows\system32\dnbiiffs.dll
C:\windows\system32\dnbiiffs.dll Has been deleted!

Attempting to delete C:\windows\system32\dpevyyat.ini
C:\windows\system32\dpevyyat.ini Has been deleted!

Attempting to delete C:\windows\system32\dtllhmwi.dll
C:\windows\system32\dtllhmwi.dll Has been deleted!

Attempting to delete C:\windows\system32\dvgonwug.dll
C:\windows\system32\dvgonwug.dll Has been deleted!

Attempting to delete C:\windows\system32\dxdpwhnq.dll
C:\windows\system32\dxdpwhnq.dll Has been deleted!

Attempting to delete C:\windows\system32\encrlufr.dll
C:\windows\system32\encrlufr.dll Has been deleted!

Attempting to delete C:\windows\system32\epfjkpyr.dll
C:\windows\system32\epfjkpyr.dll Has been deleted!

Attempting to delete C:\windows\system32\etcxjnid.dll
C:\windows\system32\etcxjnid.dll Has been deleted!

Attempting to delete C:\windows\system32\etxdsqma.ini
C:\windows\system32\etxdsqma.ini Has been deleted!

Attempting to delete C:\windows\system32\evskcwgc.ini
C:\windows\system32\evskcwgc.ini Has been deleted!

Attempting to delete C:\windows\system32\fbclyvhw.dll
C:\windows\system32\fbclyvhw.dll Has been deleted!

Attempting to delete C:\windows\system32\fivsmirr.ini
C:\windows\system32\fivsmirr.ini Has been deleted!

Attempting to delete C:\windows\system32\fxleuely.dll
C:\windows\system32\fxleuely.dll Has been deleted!

Attempting to delete C:\windows\system32\fytmdded.dll
C:\windows\system32\fytmdded.dll Has been deleted!

Attempting to delete C:\windows\system32\gbgakihb.dll
C:\windows\system32\gbgakihb.dll Has been deleted!

Attempting to delete C:\windows\system32\gfkgewdy.ini
C:\windows\system32\gfkgewdy.ini Has been deleted!

Attempting to delete C:\windows\system32\gfrnaaiq.ini
C:\windows\system32\gfrnaaiq.ini Has been deleted!

Attempting to delete C:\windows\system32\gjubhywu.dll
C:\windows\system32\gjubhywu.dll Has been deleted!

Attempting to delete C:\windows\system32\gpksgpun.ini
C:\windows\system32\gpksgpun.ini Has been deleted!

Attempting to delete C:\windows\system32\gryxawgs.ini
C:\windows\system32\gryxawgs.ini Has been deleted!

Attempting to delete C:\windows\system32\guwnogvd.ini
C:\windows\system32\guwnogvd.ini Has been deleted!

Attempting to delete C:\windows\system32\gymndbyc.dll
C:\windows\system32\gymndbyc.dll Has been deleted!

Attempting to delete C:\windows\system32\heiqirqm.dll
C:\windows\system32\heiqirqm.dll Has been deleted!

Attempting to delete C:\windows\system32\hftsnggk.ini
C:\windows\system32\hftsnggk.ini Has been deleted!

Attempting to delete C:\windows\system32\hhwqaklm.ini
C:\windows\system32\hhwqaklm.ini Has been deleted!

Attempting to delete C:\windows\system32\hsdruuhw.ini
C:\windows\system32\hsdruuhw.ini Has been deleted!

Attempting to delete C:\windows\system32\hxyoavia.dll
C:\windows\system32\hxyoavia.dll Has been deleted!

Attempting to delete C:\windows\system32\iarpfrkp.ini
C:\windows\system32\iarpfrkp.ini Has been deleted!

Attempting to delete C:\windows\system32\ijmjgvvx.dll
C:\windows\system32\ijmjgvvx.dll Has been deleted!

Attempting to delete C:\windows\system32\ilfomywv.ini
C:\windows\system32\ilfomywv.ini Has been deleted!

Attempting to delete C:\windows\system32\iotvlpbb.ini
C:\windows\system32\iotvlpbb.ini Has been deleted!

Attempting to delete C:\windows\system32\isyqrvul.ini
C:\windows\system32\isyqrvul.ini Has been deleted!

Attempting to delete C:\windows\system32\iwmhlltd.ini
C:\windows\system32\iwmhlltd.ini Has been deleted!

Attempting to delete C:\windows\system32\ixtcvatw.dll
C:\windows\system32\ixtcvatw.dll Has been deleted!

Attempting to delete C:\windows\system32\iyymsjml.ini
C:\windows\system32\iyymsjml.ini Has been deleted!

Attempting to delete C:\windows\system32\jgeftves.dll
C:\windows\system32\jgeftves.dll Has been deleted!

Attempting to delete C:\windows\system32\jhgoidaw.ini
C:\windows\system32\jhgoidaw.ini Has been deleted!

Attempting to delete C:\windows\system32\jlgppqnp.dll
C:\windows\system32\jlgppqnp.dll Has been deleted!

Attempting to delete C:\windows\system32\jtrlnfja.dll
C:\windows\system32\jtrlnfja.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\juqpusbk.dll
C:\WINDOWS\system32\juqpusbk.dll Could not be deleted.

Attempting to delete C:\windows\system32\jwlqiysp.dll
C:\windows\system32\jwlqiysp.dll Has been deleted!

Attempting to delete C:\windows\system32\kbsupquj.ini
C:\windows\system32\kbsupquj.ini Has been deleted!

Attempting to delete C:\windows\system32\kdbjqnbb.dll
C:\windows\system32\kdbjqnbb.dll Has been deleted!

Attempting to delete C:\windows\system32\kggnstfh.dll
C:\windows\system32\kggnstfh.dll Has been deleted!

Attempting to delete C:\windows\system32\ktbeuita.ini
C:\windows\system32\ktbeuita.ini Has been deleted!

Attempting to delete C:\windows\system32\kvnigosq.ini
C:\windows\system32\kvnigosq.ini Has been deleted!

Attempting to delete C:\windows\system32\kwrilphc.ini
C:\windows\system32\kwrilphc.ini Has been deleted!

Attempting to delete C:\windows\system32\kyvlkwiv.ini
C:\windows\system32\kyvlkwiv.ini Has been deleted!

Attempting to delete C:\windows\system32\ldhdoymq.dll
C:\windows\system32\ldhdoymq.dll Has been deleted!

Attempting to delete C:\windows\system32\lmjsmyyi.dll
C:\windows\system32\lmjsmyyi.dll Has been deleted!

Attempting to delete C:\windows\system32\lpccrrfs.ini
C:\windows\system32\lpccrrfs.ini Has been deleted!

Attempting to delete C:\windows\system32\luvrqysi.dll
C:\windows\system32\luvrqysi.dll Has been deleted!

Attempting to delete C:\windows\system32\lwggclvq.ini
C:\windows\system32\lwggclvq.ini Has been deleted!

Attempting to delete C:\windows\system32\mcvnkhcr.dll
C:\windows\system32\mcvnkhcr.dll Has been deleted!

Attempting to delete C:\windows\system32\meoeidhd.dll
C:\windows\system32\meoeidhd.dll Has been deleted!

Attempting to delete C:\windows\system32\mioddlmy.ini
C:\windows\system32\mioddlmy.ini Has been deleted!

Attempting to delete C:\windows\system32\mlkaqwhh.dll
C:\windows\system32\mlkaqwhh.dll Has been deleted!

Attempting to delete C:\windows\system32\mmovrpdy.dll
C:\windows\system32\mmovrpdy.dll Has been deleted!

Attempting to delete C:\windows\system32\mnoxkyxt.dll
C:\windows\system32\mnoxkyxt.dll Has been deleted!

Attempting to delete C:\windows\system32\mpudeugn.ini
C:\windows\system32\mpudeugn.ini Has been deleted!

Attempting to delete C:\windows\system32\mqriqieh.ini
C:\windows\system32\mqriqieh.ini Has been deleted!

Attempting to delete C:\windows\system32\mvcsamfp.ini
C:\windows\system32\mvcsamfp.ini Has been deleted!

Attempting to delete C:\windows\system32\nguedupm.dll
C:\windows\system32\nguedupm.dll Has been deleted!

Attempting to delete C:\windows\system32\nhkeamky.ini
C:\windows\system32\nhkeamky.ini Has been deleted!

Attempting to delete C:\windows\system32\nkiqcsap.dll
C:\windows\system32\nkiqcsap.dll Has been deleted!

Attempting to delete C:\windows\system32\nrkxjxpb.dll
C:\windows\system32\nrkxjxpb.dll Has been deleted!

Attempting to delete C:\windows\system32\nupgskpg.dll
C:\windows\system32\nupgskpg.dll Has been deleted!

Attempting to delete C:\windows\system32\odktrlid.dll
C:\windows\system32\odktrlid.dll Has been deleted!

Attempting to delete C:\windows\system32\ohylokqs.dll
C:\windows\system32\ohylokqs.dll Has been deleted!

Attempting to delete C:\windows\system32\ojgphbwq.dll
C:\windows\system32\ojgphbwq.dll Has been deleted!

Attempting to delete C:\windows\system32\onptxqic.ini
C:\windows\system32\onptxqic.ini Has been deleted!

Attempting to delete C:\windows\system32\onrcyorv.dll
C:\windows\system32\onrcyorv.dll Has been deleted!

Attempting to delete C:\windows\system32\ovaoncby.ini
C:\windows\system32\ovaoncby.ini Has been deleted!

Attempting to delete C:\windows\system32\oykkhmnx.dll
C:\windows\system32\oykkhmnx.dll Has been deleted!

Attempting to delete C:\windows\system32\pascqikn.ini
C:\windows\system32\pascqikn.ini Has been deleted!

Attempting to delete C:\windows\system32\pbitunux.ini
C:\windows\system32\pbitunux.ini Has been deleted!

Attempting to delete C:\windows\system32\pfmascvm.dll
C:\windows\system32\pfmascvm.dll Has been deleted!

Attempting to delete C:\windows\system32\pkrfprai.dll
C:\windows\system32\pkrfprai.dll Has been deleted!

Attempting to delete C:\windows\system32\pnqppglj.ini
C:\windows\system32\pnqppglj.ini Has been deleted!

Attempting to delete C:\windows\system32\psyiqlwj.ini
C:\windows\system32\psyiqlwj.ini Has been deleted!

Attempting to delete C:\windows\system32\pwhrmnmx.dll
C:\windows\system32\pwhrmnmx.dll Has been deleted!

Attempting to delete C:\windows\system32\qaawwfmb.ini
C:\windows\system32\qaawwfmb.ini Has been deleted!

Attempting to delete C:\windows\system32\qcuikqdd.dll
C:\windows\system32\qcuikqdd.dll Has been deleted!

Attempting to delete C:\windows\system32\qdsqlarr.ini
C:\windows\system32\qdsqlarr.ini Has been deleted!

Attempting to delete C:\windows\system32\qfhbuxws.dll
C:\windows\system32\qfhbuxws.dll Has been deleted!

Attempting to delete C:\windows\system32\qiaanrfg.dll
C:\windows\system32\qiaanrfg.dll Has been deleted!

Attempting to delete C:\windows\system32\qkxpebjv.dll
C:\windows\system32\qkxpebjv.dll Has been deleted!

Attempting to delete C:\windows\system32\qmyodhdl.ini
C:\windows\system32\qmyodhdl.ini Has been deleted!

Attempting to delete C:\windows\system32\qnhwpdxd.ini
C:\windows\system32\qnhwpdxd.ini Has been deleted!

Attempting to delete C:\windows\system32\qsoginvk.dll
C:\windows\system32\qsoginvk.dll Has been deleted!

Attempting to delete C:\windows\system32\qvlcggwl.dll
C:\windows\system32\qvlcggwl.dll Has been deleted!

Attempting to delete C:\windows\system32\qwbhpgjo.ini
C:\windows\system32\qwbhpgjo.ini Has been deleted!

Attempting to delete C:\windows\system32\qxcsqlkw.ini
C:\windows\system32\qxcsqlkw.ini Has been deleted!

Attempting to delete C:\windows\system32\rchknvcm.ini
C:\windows\system32\rchknvcm.ini Has been deleted!

Attempting to delete C:\windows\system32\renscqcu.ini
C:\windows\system32\renscqcu.ini Has been deleted!

Attempting to delete C:\windows\system32\rfulrcne.ini
C:\windows\system32\rfulrcne.ini Has been deleted!

Attempting to delete C:\windows\system32\rifqcmna.dll
C:\windows\system32\rifqcmna.dll Has been deleted!

Attempting to delete C:\windows\system32\rralqsdq.dll
C:\windows\system32\rralqsdq.dll Could not be deleted.

Attempting to delete C:\windows\system32\rrimsvif.dll
C:\windows\system32\rrimsvif.dll Has been deleted!

Attempting to delete C:\windows\system32\rypkjfpe.ini
C:\windows\system32\rypkjfpe.ini Has been deleted!

Attempting to delete C:\windows\system32\sdgrtycw.dll
C:\windows\system32\sdgrtycw.dll Has been deleted!

Attempting to delete C:\windows\system32\sevtfegj.ini
C:\windows\system32\sevtfegj.ini Has been deleted!

Attempting to delete C:\windows\system32\sffiibnd.ini
C:\windows\system32\sffiibnd.ini Has been deleted!

Attempting to delete C:\windows\system32\sfrrccpl.dll
C:\windows\system32\sfrrccpl.dll Has been deleted!

Attempting to delete C:\windows\system32\sgwaxyrg.dll
C:\windows\system32\sgwaxyrg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sjdvkhai.dll
C:\WINDOWS\system32\sjdvkhai.dll Has been deleted!

Attempting to delete C:\windows\system32\swxubhfq.ini
C:\windows\system32\swxubhfq.ini Has been deleted!

Attempting to delete C:\windows\system32\tayyvepd.dll
C:\windows\system32\tayyvepd.dll Has been deleted!

Attempting to delete C:\windows\system32\tkoonbkb.dll
C:\windows\system32\tkoonbkb.dll Has been deleted!

Attempting to delete C:\windows\system32\tkuwhenc.dll
C:\windows\system32\tkuwhenc.dll Has been deleted!

Attempting to delete C:\windows\system32\tsdnmehy.dll
C:\windows\system32\tsdnmehy.dll Has been deleted!

Attempting to delete C:\windows\system32\txykxonm.ini
C:\windows\system32\txykxonm.ini Has been deleted!

Attempting to delete C:\windows\system32\tyhoexwu.ini
C:\windows\system32\tyhoexwu.ini Has been deleted!

Attempting to delete C:\windows\system32\ucqcsner.dll
C:\windows\system32\ucqcsner.dll Has been deleted!

Attempting to delete C:\windows\system32\ufomdcvb.ini
C:\windows\system32\ufomdcvb.ini Has been deleted!

Attempting to delete C:\windows\system32\uimfwvja.ini
C:\windows\system32\uimfwvja.ini Has been deleted!

Attempting to delete C:\windows\system32\ummsyxqc.ini
C:\windows\system32\ummsyxqc.ini Has been deleted!

Attempting to delete C:\windows\system32\uwxeohyt.dll
C:\windows\system32\uwxeohyt.dll Has been deleted!

Attempting to delete C:\windows\system32\uwyhbujg.ini
C:\windows\system32\uwyhbujg.ini Has been deleted!

Attempting to delete C:\windows\system32\uynisuxy.dll
C:\windows\system32\uynisuxy.dll Has been deleted!

Attempting to delete C:\windows\system32\vfvwhiex.dll
C:\windows\system32\vfvwhiex.dll Has been deleted!

Attempting to delete C:\windows\system32\viwklvyk.dll
C:\windows\system32\viwklvyk.dll Has been deleted!

Attempting to delete C:\windows\system32\vjbepxkq.ini
C:\windows\system32\vjbepxkq.ini Has been deleted!

Attempting to delete C:\windows\system32\vroycrno.ini
C:\windows\system32\vroycrno.ini Has been deleted!

Attempting to delete C:\windows\system32\vwymofli.dll
C:\windows\system32\vwymofli.dll Has been deleted!

Attempting to delete C:\windows\system32\wadioghj.dll
C:\windows\system32\wadioghj.dll Has been deleted!

Attempting to delete C:\windows\system32\wcytrgds.ini
C:\windows\system32\wcytrgds.ini Has been deleted!

Attempting to delete C:\windows\system32\whuurdsh.dll
C:\windows\system32\whuurdsh.dll Has been deleted!

Attempting to delete C:\windows\system32\whvylcbf.ini
C:\windows\system32\whvylcbf.ini Has been deleted!

Attempting to delete C:\windows\system32\wklqscxq.dll
C:\windows\system32\wklqscxq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wokmuyro.dll
C:\WINDOWS\system32\wokmuyro.dll Has been deleted!

Attempting to delete C:\windows\system32\wtavctxi.ini
C:\windows\system32\wtavctxi.ini Has been deleted!

Attempting to delete C:\windows\system32\wwfvpscb.ini
C:\windows\system32\wwfvpscb.ini Has been deleted!

Attempting to delete C:\windows\system32\xeihwvfv.ini
C:\windows\system32\xeihwvfv.ini Has been deleted!

Attempting to delete C:\windows\system32\xmnmrhwp.ini
C:\windows\system32\xmnmrhwp.ini Has been deleted!

Attempting to delete C:\windows\system32\xunutibp.dll
C:\windows\system32\xunutibp.dll Could not be deleted.

Attempting to delete C:\windows\system32\xvvgjmji.ini
C:\windows\system32\xvvgjmji.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xyadd.bak1
C:\WINDOWS\system32\xyadd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\xyadd.bak2
C:\WINDOWS\system32\xyadd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\xyadd.ini
C:\WINDOWS\system32\xyadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xyadd.ini2
C:\WINDOWS\system32\xyadd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\xyadd.tmp
C:\WINDOWS\system32\xyadd.tmp Has been deleted!

Attempting to delete C:\windows\system32\ybcnoavo.dll
C:\windows\system32\ybcnoavo.dll Has been deleted!

Attempting to delete C:\windows\system32\ydprvomm.ini
C:\windows\system32\ydprvomm.ini Has been deleted!

Attempting to delete C:\windows\system32\ydwegkfg.dll
C:\windows\system32\ydwegkfg.dll Has been deleted!

Attempting to delete C:\windows\system32\yhemndst.ini
C:\windows\system32\yhemndst.ini Has been deleted!

Attempting to delete C:\windows\system32\yhgvnlxc.ini
C:\windows\system32\yhgvnlxc.ini Has been deleted!

Attempting to delete C:\windows\system32\ykmaekhn.dll
C:\windows\system32\ykmaekhn.dll Has been deleted!

Attempting to delete C:\windows\system32\yleuelxf.ini
C:\windows\system32\yleuelxf.ini Has been deleted!

Attempting to delete C:\windows\system32\ymlddoim.dll
C:\windows\system32\ymlddoim.dll Has been deleted!

Attempting to delete C:\windows\system32\ytlwsija.dll
C:\windows\system32\ytlwsija.dll Has been deleted!

Attempting to delete C:\windows\system32\yxusinyu.ini
C:\windows\system32\yxusinyu.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.8

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 10:08:47 PM 9/12/2007

Listing files found while scanning....

C:\windows\system32\juqpusbk.dll

Beginning removal...

Attempting to delete C:\windows\system32\juqpusbk.dll
C:\windows\system32\juqpusbk.dll Has been deleted!

Performing Repairs to the registry.
Done!



Logfile of HijackThis v1.99.1
Scan saved at 10:15:37 PM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\fscagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.2.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 255.255.0.0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {F1E684AE-02EA-450E-8B9E-66E14A59D0E9} - C:\WINDOWS\system32\ddayx.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1185244973671
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rlcthfvs.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

#6 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 13 September 2007 - 11:37 AM

Hello :)

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
_____________________

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows except HijackThis and press fix checked.

O2 - BHO: (no name) - {F1E684AE-02EA-450E-8B9E-66E14A59D0E9} - C:\WINDOWS\system32\ddayx.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rlcthfvs.exe (file missing)
________________

Open Notepad
-> copy the following lines into a new document:

@echo off
sc stop DomainService
sc delete DomainService

Save the document to your desktop as Fix.bat and filetype: All Files
Go to your desktop and run the file Fix.bat and answer yes to any questions.
_________________

Make your hidden files visible:
  • Click start
  • Click my computer
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.
__________________

Please download ATF-cleaner and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
__________________

Please then reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
__________________

Delete this file: (Using Windows Explorer; Windows key + E and if found)

C:\WINDOWS\system32\rlcthfvs.exe
_________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
_____________________

Post:
- A fresh HijackThis log
- AVG Anti-Spyware's report

#7 blublow

blublow

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 16 September 2007 - 09:57 AM

I hope I did it all right..

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:25:13 PM 9/13/2007

+ Scan result:

HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\DealTime_08_09_2007_13_28_43.asq18467 -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\DealTime_08_09_2007_13_28_43.asq41 -> TrackingCookie.Dealtime : Cleaned.

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 11:50:43 AM, on 9/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.2.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 255.255.0.0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1185244973671
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

#8 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 16 September 2007 - 10:53 AM

Hello :)

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
________________

Kaspersky online scanner works only with Internet Explorer!

Please run an online scanner with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
__________________

Post:
- A fresh HijackThis log
- Kaspersky's report

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·