Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

trojan win32


  • Please log in to reply
20 replies to this topic

#1 starwood

starwood

    Authentic Member

  • Authentic Member
  • PipPip
  • 129 posts

Posted 26 September 2007 - 06:17 AM

It seems my son has again managed to get a virus on his computer.

Here is his hijack this

Logfile of HijackThis v1.99.1
Scan saved at 7:30:02 AM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Common Files\AOL\1159657102\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeride.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159657102\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\taatosws.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: WebPod Studio - {193B17B0-7C9F-4D5B-AEAB-8D3605EFAAA} - C:\PROGRA~1\WEBPOD~1\wpc.exe
O9 - Extra 'Tools' menuitem: Launch WebPod Studio - {193B17B0-7C9F-4D5B-AEAB-8D3605EFAAA} - C:\PROGRA~1\WEBPOD~1\wpc.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20364.www2....DataManager.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1171625044000
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)

    Advertisements

Register to Remove


#2 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 26 September 2007 - 06:20 AM

Hi and welcome to the forums. :) I'm Markka and I will be helping you with your malware issues. I'll check your HijackThis log. Right now I'm MRU Undergrad, everything that I post to you must be checked by teachers of Malware Removal University. Please be patient. :)

#3 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 26 September 2007 - 08:37 AM

Hello :)

WeatherBug is a system tray icon that offers weather information and includes built-in ads. WeatherBug is controlled by AWS Convergence Technologies (weatherbugmedia.com). There is some controversy over whether WeatherBug should be targeted by anti-parasite software. AWS strongly deny their software is ‘spyware’, and by the definition used here, it is not, as it does not leak information back to its controlling servers. However, WeatherBug has in the past been silently installed by the FavoriteMan parasite and Freeze.com screensavers, and more recently has been bundled by software such as AIM and Blubster. This makes it ‘unsolicited’, and since it is installed to raise money for its creators through the built-in ads it is certainly ‘commercial’. So it does meet the definition for ‘parasite’: unsolicited commercial software. It is nonetheless listed as a borderline case because it is not overtly harmful and many people do install it deliberately. WeatherBug bundles the MySearch parasite in its standalone distribution and has in the past, installed Gator and SVAPlayer.

I recommend that you uninstall WeatherBug and choose one of these alternatives:
Weather Pulse
Weather Watcher
or
Get mozilla Firefox and then get FORECASTFOX!!!
or check the weather at these websites:
Weather Street: US Weather
Intellicast
To uninstall WeatherBug:
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight WeatherBug, click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.
___________________

Rename HijackThis.exe to Scanner.exe by doing the following;
  • Navigate to here; C:\Program Files\Hijackthis
  • Right-click on the HijackThis.exe
  • Choose from the pull-down menu; "Rename"
  • And now Rename HijackThis.exe to Scanner.exe
  • When you've renamed HijackThis, then open it..
  • Take a fresh HijackThis log (Do a system scan and save a log file)
  • Post the fresh HijackThis log to here.


#4 starwood

starwood

    Authentic Member

  • Authentic Member
  • PipPip
  • 129 posts

Posted 26 September 2007 - 09:48 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:42:33 AM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\AOL\1159657102\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeride.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {632AB9DB-EE1E-43B0-AA06-4DD209EE33BF} - C:\WINDOWS\system32\hggeccd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8AE91C58-4AEA-48E5-B667-8FA3C2764FAD} - C:\WINDOWS\system32\mlljh.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\jboyyplu.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159657102\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ttsromri.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: WebPod Studio - {193B17B0-7C9F-4D5B-AEAB-8D3605EFAAA} - C:\PROGRA~1\WEBPOD~1\wpc.exe
O9 - Extra 'Tools' menuitem: Launch WebPod Studio - {193B17B0-7C9F-4D5B-AEAB-8D3605EFAAA} - C:\PROGRA~1\WEBPOD~1\wpc.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20364.www2....DataManager.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1171625044000
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: hggeccd - C:\WINDOWS\SYSTEM32\hggeccd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)

Another problem he seems to be having is with spybot. It says there is an error when we try to run it and we can't delete it from the computer to reinstall.

#5 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 27 September 2007 - 06:20 AM

Hello :)

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

#6 starwood

starwood

    Authentic Member

  • Authentic Member
  • PipPip
  • 129 posts

Posted 27 September 2007 - 06:46 AM

vundofix log


VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Scan started at 8:25:09 AM 9/27/2007

Listing files found while scanning....

C:\windows\system32\hggeccd.dll
C:\windows\system32\hjllm.bak2
C:\windows\system32\hjllm.ini
C:\windows\system32\hjllm.ini2
C:\WINDOWS\system32\jboyyplu.dll
C:\windows\system32\mlljh.dll
C:\windows\system32\mtygknyr.ini
C:\windows\system32\pmnonki.dll
C:\windows\system32\rynkgytm.dll
C:\WINDOWS\system32\ttsromri.dll

Beginning removal...

Attempting to delete C:\windows\system32\hggeccd.dll
C:\windows\system32\hggeccd.dll Could not be deleted.

Attempting to delete C:\windows\system32\hjllm.bak2
C:\windows\system32\hjllm.bak2 Has been deleted!

Attempting to delete C:\windows\system32\hjllm.ini
C:\windows\system32\hjllm.ini Has been deleted!

Attempting to delete C:\windows\system32\hjllm.ini2
C:\windows\system32\hjllm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jboyyplu.dll
C:\WINDOWS\system32\jboyyplu.dll Has been deleted!

Attempting to delete C:\windows\system32\mlljh.dll
C:\windows\system32\mlljh.dll Could not be deleted.

Attempting to delete C:\windows\system32\mtygknyr.ini
C:\windows\system32\mtygknyr.ini Has been deleted!

Attempting to delete C:\windows\system32\pmnonki.dll
C:\windows\system32\pmnonki.dll Has been deleted!

Attempting to delete C:\windows\system32\rynkgytm.dll
C:\windows\system32\rynkgytm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttsromri.dll
C:\WINDOWS\system32\ttsromri.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\hggeccd.dll
C:\windows\system32\hggeccd.dll Could not be deleted.

Attempting to delete C:\windows\system32\hjllm.ini
C:\windows\system32\hjllm.ini Has been deleted!

Attempting to delete C:\windows\system32\mlljh.dll
C:\windows\system32\mlljh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ttsromri.dll
C:\WINDOWS\system32\ttsromri.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 8:41:51 AM, on 9/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\AOL\1159657102\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Hijackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeride.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {632AB9DB-EE1E-43B0-AA06-4DD209EE33BF} - C:\WINDOWS\system32\hggeccd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\ahidsxla.dll
O2 - BHO: (no name) - {FD42ADD3-1928-497E-870F-09E5D2E4C94A} - C:\WINDOWS\system32\mlljh.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159657102\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: WebPod Studio - {193B17B0-7C9F-4D5B-AEAB-8D3605EFAAA} - C:\PROGRA~1\WEBPOD~1\wpc.exe
O9 - Extra 'Tools' menuitem: Launch WebPod Studio - {193B17B0-7C9F-4D5B-AEAB-8D3605EFAAA} - C:\PROGRA~1\WEBPOD~1\wpc.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20364.www2....DataManager.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1171625044000
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: hggeccd - C:\WINDOWS\SYSTEM32\hggeccd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)

#7 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 27 September 2007 - 11:40 AM

Hello :)
  • Double-click VundoFix.exe to run it.
  • Click Scan for Vundo button.
  • Once the scan is complete, Right Click inside the listbox (white box) and click add more files
  • Copy&Paste the 3 entries below into the top 3 box

    • C:\WINDOWS\system32\hggeccd.dll
    • C:\WINDOWS\system32\mlljh.dll
    • C:\WINDOWS\system32\ahidsxla.dll
  • Click Add Files and Click Close Window
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.


#8 starwood

starwood

    Authentic Member

  • Authentic Member
  • PipPip
  • 129 posts

Posted 27 September 2007 - 12:34 PM

It said it could not delete hggeccd.dll and mlljh.dll twice. It then rebooted each time and the last time the box was empty.


VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Scan started at 8:25:09 AM 9/27/2007

Listing files found while scanning....

C:\windows\system32\hggeccd.dll
C:\windows\system32\hjllm.bak2
C:\windows\system32\hjllm.ini
C:\windows\system32\hjllm.ini2
C:\WINDOWS\system32\jboyyplu.dll
C:\windows\system32\mlljh.dll
C:\windows\system32\mtygknyr.ini
C:\windows\system32\pmnonki.dll
C:\windows\system32\rynkgytm.dll
C:\WINDOWS\system32\ttsromri.dll

Beginning removal...

Attempting to delete C:\windows\system32\hggeccd.dll
C:\windows\system32\hggeccd.dll Could not be deleted.

Attempting to delete C:\windows\system32\hjllm.bak2
C:\windows\system32\hjllm.bak2 Has been deleted!

Attempting to delete C:\windows\system32\hjllm.ini
C:\windows\system32\hjllm.ini Has been deleted!

Attempting to delete C:\windows\system32\hjllm.ini2
C:\windows\system32\hjllm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jboyyplu.dll
C:\WINDOWS\system32\jboyyplu.dll Has been deleted!

Attempting to delete C:\windows\system32\mlljh.dll
C:\windows\system32\mlljh.dll Could not be deleted.

Attempting to delete C:\windows\system32\mtygknyr.ini
C:\windows\system32\mtygknyr.ini Has been deleted!

Attempting to delete C:\windows\system32\pmnonki.dll
C:\windows\system32\pmnonki.dll Has been deleted!

Attempting to delete C:\windows\system32\rynkgytm.dll
C:\windows\system32\rynkgytm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttsromri.dll
C:\WINDOWS\system32\ttsromri.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\hggeccd.dll
C:\windows\system32\hggeccd.dll Could not be deleted.

Attempting to delete C:\windows\system32\hjllm.ini
C:\windows\system32\hjllm.ini Has been deleted!

Attempting to delete C:\windows\system32\mlljh.dll
C:\windows\system32\mlljh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ttsromri.dll
C:\WINDOWS\system32\ttsromri.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Scan started at 2:08:17 PM 9/27/2007

Listing files found while scanning....

C:\windows\system32\ahidsxla.dll
C:\WINDOWS\system32\hggeccd.dll
C:\windows\system32\hjllm.bak2
C:\windows\system32\hjllm.ini
C:\windows\system32\hjllm.tmp
C:\windows\system32\mlljh.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ahidsxla.dll
C:\WINDOWS\system32\ahidsxla.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggeccd.dll
C:\WINDOWS\system32\hggeccd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\hggeccd.dll
C:\WINDOWS\system32\hggeccd.dll Could not be deleted.

Attempting to delete C:\windows\system32\hjllm.bak2
C:\windows\system32\hjllm.bak2 Has been deleted!

Attempting to delete C:\windows\system32\hjllm.ini
C:\windows\system32\hjllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mlljh.dll Could not be deleted.

Attempting to delete C:\windows\system32\mlljh.dll
C:\windows\system32\mlljh.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hggeccd.dll
C:\WINDOWS\system32\hggeccd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\hggeccd.dll
C:\WINDOWS\system32\hggeccd.dll Could not be deleted.

Attempting to delete C:\windows\system32\hjllm.ini
C:\windows\system32\hjllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mlljh.dll Could not be deleted.

Attempting to delete C:\windows\system32\mlljh.dll
C:\windows\system32\mlljh.dll Could not be deleted.

Performing Repairs to the registry.
Done!


Hijack this

Logfile of HijackThis v1.99.1
Scan saved at 2:25:11 PM, on 9/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\AOL\1159657102\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Hijackthis\scanner.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeride.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {632AB9DB-EE1E-43B0-AA06-4DD209EE33BF} - C:\WINDOWS\system32\hggeccd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7CB18982-F620-4EDA-9A60-73885D20559C} - C:\WINDOWS\system32\mlljh.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159657102\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: WebPod Studio - {193B17B0-7C9F-4D5B-AEAB-8D3605EFAAA} - C:\PROGRA~1\WEBPOD~1\wpc.exe
O9 - Extra 'Tools' menuitem: Launch WebPod Studio - {193B17B0-7C9F-4D5B-AEAB-8D3605EFAAA} - C:\PROGRA~1\WEBPOD~1\wpc.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20364.www2....DataManager.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1171625044000
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: hggeccd - C:\WINDOWS\SYSTEM32\hggeccd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)

#9 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 27 September 2007 - 10:14 PM

Hello :)

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall!
_________________

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Posted Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
________________

Post:
- A fresh HijackThis log
- Contents of C:\ComboFix.txt
- Uninstall list

#10 starwood

starwood

    Authentic Member

  • Authentic Member
  • PipPip
  • 129 posts

Posted 28 September 2007 - 05:24 AM

ComboFix 07-09-21.2 - "HP_Owner" 2007-09-28 6:51:46.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.64 [GMT -4:00]
Script execution time was exceeded on script "C:\ComboFix\restore_pt.vbs".
Script execution was terminated.
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\hggeccd.dll
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\wblwjnex.ini
C:\WINDOWS\system32\xdgbnqis.dll
C:\WINDOWS\system32\xenjwlbw.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-28 )))))))))))))))))))))))))))))))
.

2007-09-27 14:28 84,544 --a------ C:\WINDOWS\system32\lnauwwlv.dll
2007-09-27 14:12 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-09-27 08:25 <DIR> d-------- C:\VundoFix Backups
2007-09-24 16:40 85,056 --a------ C:\WINDOWS\system32\gsoqxgxw.dll
2007-09-21 19:10 91,648 --a------ C:\WINDOWS\system32\vorbisenc.dll
2007-09-21 19:10 57,344 --a------ C:\WINDOWS\system32\ogg.dll
2007-09-21 19:10 52,736 --a------ C:\WINDOWS\system32\videocaptext.dll
2007-09-21 19:10 33,792 --a------ C:\WINDOWS\system32\vorbisfile.dll
2007-09-21 19:10 228,352 --a------ C:\WINDOWS\system32\vorbis.dll
2007-09-21 19:10 <DIR> d-------- C:\Program Files\WebPod Studio
2007-09-14 15:13 <DIR> d-------- C:\Program Files\Belkin
2007-09-12 20:21 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-09-12 20:14 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-09-12 19:52 <DIR> d-------- C:\Program Files\MSBuild
2007-09-12 19:49 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-09-12 19:38 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-09-12 19:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-09-12 19:31 <DIR> dr-h----- C:\MSOCache
2007-09-11 19:47 92,160 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2007-09-11 19:47 <DIR> d-------- C:\Program Files\MagicDisc
2007-09-03 16:37 <DIR> d-------- C:\Program Files\Viewpoint
2007-09-02 17:32 <DIR> d-------- C:\Program Files\MSECache
2007-09-01 19:50 12,208 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-01 19:45 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\AVS4YOU
2007-09-01 19:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
2007-09-01 19:43 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-09-01 19:43 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-09-01 19:43 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-09-01 19:43 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-09-01 19:43 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-09-01 19:43 <DIR> d-------- C:\Program Files\AVS4YOU
2007-09-01 12:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
2007-09-01 10:18 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-09-01 10:18 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-09-01 10:18 176,165 --a------ C:\WINDOWS\system32\drv23260.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-28 06:28 --------- d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-09-27 20:12 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-09-26 11:41 --------- d-------- C:\Program Files\AWS
2007-09-26 08:28 --------- d-------- C:\Program Files\SpywareBlaster
2007-09-25 17:25 --------- d-------- C:\Program Files\disneytime15
2007-09-25 07:15 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\uTorrent
2007-09-23 07:59 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Apple Computer
2007-09-22 16:28 --------- d-------- C:\Program Files\Pyware 3D Performer's Practice Tools
2007-09-15 15:47 --------- d-------- C:\Program Files\Apple Software Update
2007-09-14 15:32 --------- d-------- C:\Program Files\Google
2007-09-14 14:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-13 07:46 --------- d-------- C:\Program Files\Amadis DVD Ripper
2007-09-12 20:12 --------- d-------- C:\Program Files\Common Files\Real
2007-09-12 19:53 --------- d-------- C:\Program Files\Microsoft Works
2007-09-08 15:59 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Vso
2007-09-03 16:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-09-02 08:15 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Atari
2007-09-01 20:32 --------- d-------- C:\Program Files\Atari
2007-08-27 16:46 --------- d--h----- C:\Program Files\Zero G Registry
2007-08-25 11:16 14566808 --a------ C:\Program Files\jre-6u2-windows-i586-p.exe
2007-08-24 14:46 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-24 14:43 50688 --a------ C:\Program Files\ATF-Cleaner.exe
2007-08-23 12:32 --------- d-------- C:\Program Files\music_now
2007-08-23 10:08 12413440 --a------ C:\Program Files\avgas-setup-7.5.1.43.exe
2007-08-23 09:37 488144 --a------ C:\Program Files\HJTsetup.exe
2007-08-19 18:38 --------- d-------- C:\Program Files\Nick Arcade
2007-08-19 18:38 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\PlayFirst
2007-08-19 18:38 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
2007-08-04 15:39 --------- d-------- C:\Program Files\iTunes
2007-08-04 15:39 --------- d-------- C:\Program Files\iPod
2007-07-10 08:44 231873 --a------ C:\WINDOWS\EasyGifAnimator_Toolbar_Uninstaller_1625.exe
2007-07-09 13:05 50468 --a------ C:\Program Files\Uninstalppt2flash.exe
2007-02-18 18:51 14489 --a--c--- C:\Program Files\WDW_Today_Video_Loop.torrent
2007-02-16 09:57 120925 --a--c--- C:\Program Files\CleanUp452.exe
2007-01-16 16:33 87608 --a--c--- C:\DOCUME~1\HP_Owner\APPLIC~1\ezpinst.exe
2007-01-16 16:33 47360 --a--c--- C:\DOCUME~1\HP_Owner\APPLIC~1\pcouffin.sys
2006-12-15 08:53 10503520 --a--c--- C:\Program Files\sdsetup.exe
2006-07-18 16:26 22438 --a--c--- C:\Program Files\Disneyland Anniversary[1].iso.torrent
2006-07-18 15:43 7084856 --a--c--- C:\Program Files\en_spongebobsssey_nick.exe
2006-07-18 15:43 26730602 --a--c--- C:\Program Files\en_nickvideojwjam_nick.exe
2006-07-15 18:30 3848006 --a--c--- C:\Program Files\Wheel_of_Fortune_Setup.exe
2006-06-30 13:59 169285 --a--c--- C:\Program Files\disneytime15.zip
2006-06-30 13:56 3992215 --a--c--- C:\Program Files\DVC-PlannerZIP.exe
2006-05-21 15:10 899414 --a--c--- C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 18:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 13:29]
"_SetRes"="c:\hp\bin\cloaker c:\hp\bin\res.bat" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 02:12]
"HostManager"="C:\Program Files\Common Files\AOL\1159657102\ee\AOLSoftware.exe" [2006-09-25 20:52]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 17:42]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-08-01 15:06]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 01:26]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 17:33]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-23 06:53 C:\WINDOWS\RTHDCPL.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-12 20:05]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"SearchIndexer"="C:\WINDOWS\system32\lnauwwlv.dll" [2007-09-27 14:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" []

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 11:23:10]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-11-02 08:32:55]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-05-03 02:33:07]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-06-28 09:59:56]

C:\DOCUME~1\HP_Owner\STARTM~1\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-09-11 19:47:49]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

R1 MSFWHLPR;MSFWHLPR;C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys
R2 MSFWDrv;MSFWDrv;C:\WINDOWS\system32\DRIVERS\msfwdrv.sys
R2 msfwsvc;OneCare Firewall;"C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
R2 OneCareMP;OneCare AntiSpyware and AntiVirus;"C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
R3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys
S3 gel90xne;gel90xne;\??\C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\gel90xne.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 19:47:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-07-30 12:23:07 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-28 07:07:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-28 7:12:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-28 07:12
C:\ComboFix2.txt ... 2007-08-23 16:03
C:\ComboFix3.txt ... 2007-08-23 12:52
.
--- E O F ---



3D Groove Playback Engine
Active@ ISO File Manager v 3.1
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.0
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Spyware Protection
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
AVG Anti-Spyware 7.5
AviSynth 2.5
AVS DVDMenu Editor 1.2.1.19
AVS Video Converter 5.6
AVS4YOU Software Navigator 1.2
Belkin Wireless USB Utility
Blaze Media Pro
BUM
CleanUp!
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 2.2.3.258
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
DiscAPI (Studio 10)
DivX
Dr Watson for Microsoft Windows OneCare Live v1.1.1067.14
DVC-Planner
DVD Decrypter (Remove Only)
Easy GIF Animator 4.1
Easy Gif Animator Extension
Easy Internet Sign-up
Google Earth
Google Toolbar for Firefox
Google Updater
Google Video Player
Google Video Uploader
High Definition Audio Driver Package - KB888111
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
HP Boot Optimizer
HP Deskjet 5900 series
HP Deskjet Printer Preload
HP Document Viewer 5.3
HP DVD Play 1.0
HP Game Console and games
HP Multimedia Keyboard Software
HP Photosmart Cameras 5.0
HP PSC & OfficeJet 5.3.A
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HP Support Overview
HP Web Helper
iTunes
Java™ 6 Update 2
Kaspersky Online Scanner
LiveUpdate 2.7 (Symantec Corporation)
Macromedia Shockwave Player
MagicDisc 2.5.74
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Protection Service
Microsoft SQL Server Desktop Engine (PINNACLESYS)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Live OneCare Resources v1.6.2111.32
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v1.5.1890.16 Idcrl Install
Microsoft Windows OneCare Live v1.6.2111.32
Microsoft Works
Microsoft Works 2005 Setup Launcher
Mozilla Firefox (2.0.0.7)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 4.5
Netflix Movie Viewer
Netscape Browser (remove only)
PC-Doctor 5 for Windows
Pinnacle Instant DVD Recorder
Pinnacle MediaServer
PIXELA ImageMixer
PowerPoint.to.Flash.v2.0.0.622
PSP Video 9 1.74
Pure Networks Port Magic
PX Engine
Quicken 2006
QuickTime
Quivic
RAPID (Studio 10)
RealPlayer
Realtek High Definition Audio Driver
Remove IntelliMover Demo
RideMax for Disneyland 5.1
Roll
RollerCoaster Tycoon 2 Triple Thrill Pack
RollerCoaster Tycoon 3 Platinum
SC Video Converter 4.2.0.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
SmartSound Quicktracks Plugin
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sony USB Driver
SpongeBob SquarePants Diner Dash 2
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Studio 10
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb937833)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Word 2007 (KB934173)
Updates from HP (remove only)
Videora iPod Converter 0.91
Viewpoint Media Player
Virtual Earth 3D (Beta)
WebPod Studio - Standard Edition
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Yahoo! Music Jukebox

    Advertisements

Register to Remove


#11 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 28 September 2007 - 05:31 AM

Hi, Please post a fresh HijackThis log too :thumbup:

#12 starwood

starwood

    Authentic Member

  • Authentic Member
  • PipPip
  • 129 posts

Posted 28 September 2007 - 05:36 AM

Logfile of HijackThis v1.99.1
Scan saved at 7:30:40 AM, on 9/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Common Files\AOL\1159657102\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeride.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159657102\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\lnauwwlv.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: WebPod Studio - {193B17B0-7C9F-4D5B-AEAB-8D3605EFAAA} - C:\PROGRA~1\WEBPOD~1\wpc.exe
O9 - Extra 'Tools' menuitem: Launch WebPod Studio - {193B17B0-7C9F-4D5B-AEAB-8D3605EFAAA} - C:\PROGRA~1\WEBPOD~1\wpc.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20364.www2....DataManager.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1171625044000
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)

#13 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 29 September 2007 - 06:16 AM

Hello :)

Open HijackThis, Click Do a system scan only, checkmark this. Then close all other windows except HijackThis and press fix checked.

O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\lnauwwlv.dll",sitypnow
_____________________

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\lnauwwlv.dll
C:\WINDOWS\system32\VundoFixSVC.exe
C:\WINDOWS\system32\gsoqxgxw.dll

Folder::
C:\VundoFix Backups


Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
_________________

Please download ATF-cleaner and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
____________________

Kaspersky online scanner works only with Internet Explorer!

Please run an online scanner with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
____________________

Post:
- A fresh HijackThis log
- Logfile of ComboFix
- Kaspersky's report

#14 starwood

starwood

    Authentic Member

  • Authentic Member
  • PipPip
  • 129 posts

Posted 29 September 2007 - 07:03 AM

I'll post the rest when the kaspersky scan is done

ComboFix 07-09-21.2 - "HP_Owner" 2007-09-29 8:41:23.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.74 [GMT -4:00]
* Created a new restore point

FILE::
C:\WINDOWS\system32\lnauwwlv.dll
C:\WINDOWS\system32\VundoFixSVC.exe
C:\WINDOWS\system32\gsoqxgxw.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\VundoFix Backups\ahidsxla.dll.bad
C:\VundoFix Backups\hggeccd.dll.bad
C:\VundoFix Backups\hjllm.bak2.bad
C:\VundoFix Backups\hjllm.ini.bad
C:\VundoFix Backups\hjllm.ini2.bad
C:\VundoFix Backups\jboyyplu.dll.bad
C:\VundoFix Backups\mlljh.dll.bad
C:\VundoFix Backups\mtygknyr.ini.bad
C:\VundoFix Backups\pmnonki.dll.bad
C:\VundoFix Backups\rynkgytm.dll.bad
C:\VundoFix Backups\ttsromri.dll.bad
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\gsoqxgxw.dll
C:\WINDOWS\system32\lnauwwlv.dll
C:\WINDOWS\system32\VundoFixSVC.exe

.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-29 )))))))))))))))))))))))))))))))
.

2007-09-21 19:10 91,648 --a------ C:\WINDOWS\system32\vorbisenc.dll
2007-09-21 19:10 57,344 --a------ C:\WINDOWS\system32\ogg.dll
2007-09-21 19:10 52,736 --a------ C:\WINDOWS\system32\videocaptext.dll
2007-09-21 19:10 33,792 --a------ C:\WINDOWS\system32\vorbisfile.dll
2007-09-21 19:10 228,352 --a------ C:\WINDOWS\system32\vorbis.dll
2007-09-21 19:10 <DIR> d-------- C:\Program Files\WebPod Studio
2007-09-14 15:13 <DIR> d-------- C:\Program Files\Belkin
2007-09-12 20:21 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-09-12 20:14 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-09-12 19:52 <DIR> d-------- C:\Program Files\MSBuild
2007-09-12 19:49 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-09-12 19:38 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-09-12 19:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-09-12 19:31 <DIR> dr-h----- C:\MSOCache
2007-09-11 19:47 <DIR> d-------- C:\Program Files\MagicDisc
2007-09-03 16:37 <DIR> d-------- C:\Program Files\Viewpoint
2007-09-02 17:32 <DIR> d-------- C:\Program Files\MSECache
2007-09-01 19:50 12,208 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-01 19:45 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\AVS4YOU
2007-09-01 19:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
2007-09-01 19:43 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-09-01 19:43 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-09-01 19:43 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-09-01 19:43 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-09-01 19:43 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-09-01 19:43 <DIR> d-------- C:\Program Files\AVS4YOU
2007-09-01 12:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
2007-09-01 10:18 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-09-01 10:18 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-09-01 10:18 176,165 --a------ C:\WINDOWS\system32\drv23260.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-29 06:40 --------- d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-09-28 19:20 --------- d-------- C:\Program Files\Pyware 3D Performer's Practice Tools
2007-09-27 20:12 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-09-26 11:41 --------- d-------- C:\Program Files\AWS
2007-09-26 08:28 --------- d-------- C:\Program Files\SpywareBlaster
2007-09-25 17:25 --------- d-------- C:\Program Files\disneytime15
2007-09-25 07:15 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\uTorrent
2007-09-23 07:59 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Apple Computer
2007-09-15 15:47 --------- d-------- C:\Program Files\Apple Software Update
2007-09-14 15:32 --------- d-------- C:\Program Files\Google
2007-09-14 14:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-13 07:46 --------- d-------- C:\Program Files\Amadis DVD Ripper
2007-09-12 20:12 --------- d-------- C:\Program Files\Common Files\Real
2007-09-12 19:53 --------- d-------- C:\Program Files\Microsoft Works
2007-09-08 15:59 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Vso
2007-09-03 16:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-09-02 08:15 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Atari
2007-09-01 20:32 --------- d-------- C:\Program Files\Atari
2007-08-27 16:46 --------- d--h----- C:\Program Files\Zero G Registry
2007-08-25 11:16 14566808 --a------ C:\Program Files\jre-6u2-windows-i586-p.exe
2007-08-24 14:46 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-24 14:43 50688 --a------ C:\Program Files\ATF-Cleaner.exe
2007-08-23 12:32 --------- d-------- C:\Program Files\music_now
2007-08-23 10:08 12413440 --a------ C:\Program Files\avgas-setup-7.5.1.43.exe
2007-08-23 09:37 488144 --a------ C:\Program Files\HJTsetup.exe
2007-08-19 18:38 --------- d-------- C:\Program Files\Nick Arcade
2007-08-19 18:38 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\PlayFirst
2007-08-19 18:38 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
2007-08-04 15:39 --------- d-------- C:\Program Files\iTunes
2007-08-04 15:39 --------- d-------- C:\Program Files\iPod
2007-07-10 08:44 231873 --a------ C:\WINDOWS\EasyGifAnimator_Toolbar_Uninstaller_1625.exe
2007-07-09 13:05 50468 --a------ C:\Program Files\Uninstalppt2flash.exe
2007-02-18 18:51 14489 --a--c--- C:\Program Files\WDW_Today_Video_Loop.torrent
2007-02-16 09:57 120925 --a--c--- C:\Program Files\CleanUp452.exe
2007-01-16 16:33 87608 --a--c--- C:\DOCUME~1\HP_Owner\APPLIC~1\ezpinst.exe
2007-01-16 16:33 47360 --a--c--- C:\DOCUME~1\HP_Owner\APPLIC~1\pcouffin.sys
2006-12-15 08:53 10503520 --a--c--- C:\Program Files\sdsetup.exe
2006-07-18 16:26 22438 --a--c--- C:\Program Files\Disneyland Anniversary[1].iso.torrent
2006-07-18 15:43 7084856 --a--c--- C:\Program Files\en_spongebobsssey_nick.exe
2006-07-18 15:43 26730602 --a--c--- C:\Program Files\en_nickvideojwjam_nick.exe
2006-07-15 18:30 3848006 --a--c--- C:\Program Files\Wheel_of_Fortune_Setup.exe
2006-06-30 13:59 169285 --a--c--- C:\Program Files\disneytime15.zip
2006-06-30 13:56 3992215 --a--c--- C:\Program Files\DVC-PlannerZIP.exe
2006-05-21 15:10 899414 --a--c--- C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe
.

((((((((((((((((((((((((((((( snapshot_2007-09-28_ 71200.15 )))))))))))))))))))))))))))))))))))))))))
.
----atw 16,384 2007-09-29 12:49:18 C:\WINDOWS\temp\Perflib_Perfdata_260.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 18:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 13:29]
"_SetRes"="c:\hp\bin\cloaker c:\hp\bin\res.bat" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 02:12]
"HostManager"="C:\Program Files\Common Files\AOL\1159657102\ee\AOLSoftware.exe" [2006-09-25 20:52]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 17:42]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-08-01 15:06]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 01:26]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 17:33]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-23 06:53 C:\WINDOWS\RTHDCPL.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-12 20:05]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" []

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 11:23:10]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-11-02 08:32:55]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-05-03 02:33:07]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-06-28 09:59:56]

C:\DOCUME~1\HP_Owner\STARTM~1\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-09-11 19:47:49]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

R1 MSFWHLPR;MSFWHLPR;C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys
R2 MSFWDrv;MSFWDrv;C:\WINDOWS\system32\DRIVERS\msfwdrv.sys
R2 msfwsvc;OneCare Firewall;"C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
R2 OneCareMP;OneCare AntiSpyware and AntiVirus;"C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
R3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys
S3 gel90xne;gel90xne;\??\C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\gel90xne.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 19:47:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-07-30 12:23:07 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-29 08:50:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-29 8:55:32 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-29 08:55
C:\ComboFix2.txt ... 2007-09-28 07:12
C:\ComboFix3.txt ... 2007-08-23 16:03
.
--- E O F ---

Edited by starwood, 29 September 2007 - 07:13 AM.


#15 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 29 September 2007 - 10:52 AM

Hi, Okay I'm the report of the Kaspersky. :thumbup:

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users