Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Popups and Toolbar issue


  • Please log in to reply
13 replies to this topic

#1 DougD0181

DougD0181

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 25 December 2007 - 06:14 PM

I am having issues with extra toolbars (IMSORRYINTERNET speed monitor) and popups of various types. This is the log file from hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:11 PM, on 12/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rsprvhbk.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\COMPAQ~1\APPLIC~1\DOBE~1\netdde.exe
C:\Program Files\QdrModule\QdrModule11.exe
C:\Program Files\QdrPack\QdrPack11.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\system32\?racle\w?nspool.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [JVM0.12] C:\WINDOWS\system32\xofgd.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Smiley District] C:\Program Files\SmileyDistrict\plugin.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\bbhxgiic.dll",sitypnow
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Srro] "C:\DOCUME~1\COMPAQ~1\APPLIC~1\DOBE~1\netdde.exe" -vt yazb
O4 - HKCU\..\Run: [QdrModule11] "C:\Program Files\QdrModule\QdrModule11.exe"
O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe"
O4 - HKCU\..\Run: [Yjzwn] C:\WINDOWS\system32\?racle\w?nspool.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://vram8.vcu.edu/dwa7W.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\rsprvhbk.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9701 bytes


I am hoping someone can help me get my PC running well again.

Thanks.

Doug

    Advertisements

Register to Remove


#2 rigacci

rigacci

    Silver Member

  • Authentic Member
  • PipPipPip
  • 489 posts

Posted 26 December 2007 - 12:32 PM

Hey Doug and welcome to the forum; :wavey: If you are still in need of help, I would like to offer you my services. I have started to analyze your log and will get back to you as soon as I can. All of my fixes are double-checked by experts, just to be certain everything is correct. Please stay with me until the end. It is essential we clean your computer thoroughly before you leave. That said, I shall return. :thumbup: DR

#3 rigacci

rigacci

    Silver Member

  • Authentic Member
  • PipPipPip
  • 489 posts

Posted 27 December 2007 - 01:46 PM

OK, let's start cleaning.

Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.



Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
Do this for each of the following files.

C:\WINDOWS\system32\rsprvhbk.exe
C:\WINDOWS\system32\xofgd.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/


Right Click the file HijackThis and then Left Click - Rename. Rename the file to scanner.exe.


Now Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
More information with a screenshot, can be found here.

Remember to include a new HJT scan along with the VundoFix log, the Jotti results and the Uninstall List.

Thanks.

DR

#4 rigacci

rigacci

    Silver Member

  • Authentic Member
  • PipPipPip
  • 489 posts

Posted 02 January 2008 - 03:43 PM

If you still need help, please respond. Otherwise, this topic will be closed in a couple of days due to inactivity. DR

#5 DougD0181

DougD0181

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 06 January 2008 - 07:43 PM

Thank you for your help. Sorry it has taken me so long to respond, I was on vacation for New Years week. I running VundoFix right now and will post my findings after it has finished. Thank you once again for your assistance. Doug

#6 DougD0181

DougD0181

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 06 January 2008 - 08:10 PM

Here is the VundoFix log: VundoFix V6.7.7 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Java version is 1.5.0.5 Old versions of java are exploitable and should be removed. Scan started at 8:03:17 PM 1/6/2008 Listing files found while scanning.... C:\windows\inf\avjavdr.bak1 C:\WINDOWS\inf\avjavdr.bak2 C:\WINDOWS\inf\avjavdr.ini C:\WINDOWS\inf\avjavdr.ini2 C:\WINDOWS\inf\avjavdr.tmp C:\WINDOWS\inf\rdvajva.dll C:\windows\msagent\eol3mp.bak1 C:\WINDOWS\msagent\pm3loe.dll C:\WINDOWS\system32\aajngccv.exe C:\WINDOWS\system32\ajvndgte.exe C:\windows\system32\akaapsiq.exe C:\WINDOWS\system32\aknmgchw.exe C:\WINDOWS\system32\apxytwqq.exe C:\WINDOWS\system32\bbhxgiic.dll C:\WINDOWS\system32\bdsgbnim.exe C:\WINDOWS\system32\bfoctilf.exe C:\windows\system32\biyjpgkm.ini C:\windows\system32\bkifbcnt.exe C:\WINDOWS\system32\bpimccnv.exe C:\WINDOWS\system32\bqarknqi.exe C:\WINDOWS\system32\brjnjwhx.exe C:\windows\system32\btrobfbd.exe C:\WINDOWS\system32\cbkjkxgh.exe C:\windows\system32\ciigxhbb.ini C:\WINDOWS\system32\cnbweavg.exe C:\WINDOWS\system32\cslprjbt.exe C:\WINDOWS\system32\ddbhqpxl.exe C:\WINDOWS\system32\dfyqipik.exe C:\WINDOWS\system32\dlvtinhn.exe C:\windows\system32\dqrswlyb.exe C:\WINDOWS\system32\duqvflnn.exe C:\WINDOWS\system32\eairygxg.exe C:\windows\system32\eandiayn.exe C:\WINDOWS\system32\eelqqdwt.exe C:\WINDOWS\system32\efbltkcu.exe C:\WINDOWS\system32\efcbayv.dll C:\WINDOWS\system32\egilnnvs.exe C:\WINDOWS\system32\elhtocpn.exe C:\WINDOWS\system32\eoojhyhx.exe C:\WINDOWS\system32\fhvvkeuw.exe C:\windows\system32\fjswlany.exe C:\windows\system32\fmgytxrv.exe C:\WINDOWS\system32\fpqmulfl.exe C:\windows\system32\fqallxvg.exe C:\WINDOWS\system32\fuplvmav.exe C:\WINDOWS\system32\gplnukly.exe C:\WINDOWS\system32\hrjviteg.exe C:\WINDOWS\system32\htowoqta.exe C:\WINDOWS\system32\iaurtfvf.exe C:\windows\system32\ihphsnns.exe C:\WINDOWS\system32\imyldjpg.exe C:\WINDOWS\system32\ipfxqoiq.exe C:\WINDOWS\system32\jbjijxoq.exe C:\windows\system32\jdhknqem.exe C:\WINDOWS\system32\jljfahni.exe C:\WINDOWS\system32\jpxyiowv.exe C:\WINDOWS\system32\kixigewi.exe C:\WINDOWS\system32\kxkoxgqi.exe C:\WINDOWS\system32\lcjkdmnh.exe C:\windows\system32\lkwquhwk.exe C:\WINDOWS\system32\mcietqdf.exe C:\WINDOWS\system32\mewopxdx.exe C:\WINDOWS\system32\mhgxqsni.exe C:\WINDOWS\system32\mkgpjyib.dll C:\WINDOWS\system32\mqiwovuh.exe C:\WINDOWS\system32\mwqnnyxy.exe C:\WINDOWS\system32\namfgvuc.exe C:\WINDOWS\system32\ndkysofq.exe C:\WINDOWS\system32\nhevddob.exe C:\WINDOWS\system32\nnelvuxj.exe C:\WINDOWS\system32\nsysraii.exe C:\windows\system32\nwjcjgyk.exe C:\windows\system32\nwsdsvjw.exe C:\WINDOWS\system32\ocdtblbw.exe C:\WINDOWS\system32\odfocybt.exe C:\WINDOWS\system32\oevvdfmd.exe C:\WINDOWS\system32\oijofaug.exe C:\WINDOWS\system32\omfilajc.exe C:\windows\system32\opafgftr.exe C:\WINDOWS\system32\otyrkfjo.exe C:\WINDOWS\system32\ovbavvqi.exe C:\windows\system32\pgyiffdk.dll C:\WINDOWS\system32\pliecojo.exe C:\WINDOWS\system32\pnaranle.exe C:\WINDOWS\system32\prpatwew.exe C:\WINDOWS\system32\qbqstiek.exe C:\WINDOWS\system32\qeuqrcnk.exe C:\WINDOWS\system32\qhwyayon.exe C:\WINDOWS\system32\qkscxstj.exe C:\WINDOWS\system32\qoimaytm.exe C:\WINDOWS\system32\qshoabfg.exe C:\WINDOWS\system32\qwykjtfv.exe C:\WINDOWS\system32\ravllcmc.exe C:\windows\system32\rdotiycb.exe C:\WINDOWS\system32\rlkumhdf.exe C:\WINDOWS\system32\rrvnvxug.exe C:\WINDOWS\system32\rsprvhbk.exe C:\windows\system32\seqokjji.dll C:\windows\system32\sjgfyqem.exe C:\WINDOWS\system32\sjskthbj.exe C:\WINDOWS\system32\sqtkxhvr.exe C:\WINDOWS\system32\ssefvqdt.exe C:\WINDOWS\system32\stirbfdg.exe C:\WINDOWS\system32\sugdbydl.exe C:\WINDOWS\system32\swobquqr.exe C:\WINDOWS\system32\syeubyjx.exe C:\WINDOWS\system32\terfcoeu.exe C:\WINDOWS\system32\uaonjsle.exe C:\windows\system32\ubuduwei.exe C:\WINDOWS\system32\ubvigday.exe C:\WINDOWS\system32\uedtodmo.exe C:\WINDOWS\system32\unqetrcv.exe C:\windows\system32\vclwgqrj.exe C:\WINDOWS\system32\vowuhvva.exe C:\WINDOWS\system32\vtupvgmq.dll C:\windows\system32\wjgqxcpv.exe C:\WINDOWS\system32\wtkjwgxo.exe C:\WINDOWS\system32\wushjfea.exe C:\WINDOWS\system32\wwyagwcv.exe C:\windows\system32\wyhycpnt.exe C:\WINDOWS\system32\xkkdbwbu.exe C:\WINDOWS\system32\xmncvpku.exe C:\WINDOWS\system32\yaiwjpbg.exe C:\WINDOWS\system32\yayvttq.dll C:\windows\system32\yhmuhbef.exe C:\WINDOWS\system32\yhoakpku.exe C:\WINDOWS\system32\yjrmrjgh.exe C:\WINDOWS\system32\ymppnrha.exe C:\WINDOWS\system32\ysodhubm.exe Beginning removal... Attempting to delete C:\windows\inf\avjavdr.bak1 C:\windows\inf\avjavdr.bak1 Has been deleted! Attempting to delete C:\WINDOWS\inf\avjavdr.bak2 C:\WINDOWS\inf\avjavdr.bak2 Has been deleted! Attempting to delete C:\WINDOWS\inf\avjavdr.ini C:\WINDOWS\inf\avjavdr.ini Has been deleted! Attempting to delete C:\WINDOWS\inf\avjavdr.ini2 C:\WINDOWS\inf\avjavdr.ini2 Has been deleted! Attempting to delete C:\WINDOWS\inf\avjavdr.tmp C:\WINDOWS\inf\avjavdr.tmp Has been deleted! Attempting to delete C:\WINDOWS\inf\rdvajva.dll C:\WINDOWS\inf\rdvajva.dll Has been deleted! Attempting to delete C:\windows\msagent\eol3mp.bak1 C:\windows\msagent\eol3mp.bak1 Has been deleted! Attempting to delete C:\WINDOWS\msagent\pm3loe.dll C:\WINDOWS\msagent\pm3loe.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\aajngccv.exe C:\WINDOWS\system32\aajngccv.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ajvndgte.exe C:\WINDOWS\system32\ajvndgte.exe Has been deleted! Attempting to delete C:\windows\system32\akaapsiq.exe C:\windows\system32\akaapsiq.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\aknmgchw.exe C:\WINDOWS\system32\aknmgchw.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\apxytwqq.exe C:\WINDOWS\system32\apxytwqq.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\bbhxgiic.dll C:\WINDOWS\system32\bbhxgiic.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\bdsgbnim.exe C:\WINDOWS\system32\bdsgbnim.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\bfoctilf.exe C:\WINDOWS\system32\bfoctilf.exe Has been deleted! Attempting to delete C:\windows\system32\biyjpgkm.ini C:\windows\system32\biyjpgkm.ini Has been deleted! Attempting to delete C:\windows\system32\bkifbcnt.exe C:\windows\system32\bkifbcnt.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\bpimccnv.exe C:\WINDOWS\system32\bpimccnv.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\bqarknqi.exe C:\WINDOWS\system32\bqarknqi.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\brjnjwhx.exe C:\WINDOWS\system32\brjnjwhx.exe Has been deleted! Attempting to delete C:\windows\system32\btrobfbd.exe C:\windows\system32\btrobfbd.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\cbkjkxgh.exe C:\WINDOWS\system32\cbkjkxgh.exe Has been deleted! Attempting to delete C:\windows\system32\ciigxhbb.ini C:\windows\system32\ciigxhbb.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\cnbweavg.exe C:\WINDOWS\system32\cnbweavg.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\cslprjbt.exe C:\WINDOWS\system32\cslprjbt.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ddbhqpxl.exe C:\WINDOWS\system32\ddbhqpxl.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\dfyqipik.exe C:\WINDOWS\system32\dfyqipik.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\dlvtinhn.exe C:\WINDOWS\system32\dlvtinhn.exe Has been deleted! Attempting to delete C:\windows\system32\dqrswlyb.exe C:\windows\system32\dqrswlyb.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\duqvflnn.exe C:\WINDOWS\system32\duqvflnn.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\eairygxg.exe C:\WINDOWS\system32\eairygxg.exe Has been deleted! Attempting to delete C:\windows\system32\eandiayn.exe C:\windows\system32\eandiayn.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\eelqqdwt.exe C:\WINDOWS\system32\eelqqdwt.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\efbltkcu.exe C:\WINDOWS\system32\efbltkcu.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\efcbayv.dll C:\WINDOWS\system32\efcbayv.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\egilnnvs.exe C:\WINDOWS\system32\egilnnvs.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\elhtocpn.exe C:\WINDOWS\system32\elhtocpn.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\eoojhyhx.exe C:\WINDOWS\system32\eoojhyhx.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\fhvvkeuw.exe C:\WINDOWS\system32\fhvvkeuw.exe Has been deleted! Attempting to delete C:\windows\system32\fjswlany.exe C:\windows\system32\fjswlany.exe Has been deleted! Attempting to delete C:\windows\system32\fmgytxrv.exe C:\windows\system32\fmgytxrv.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\fpqmulfl.exe C:\WINDOWS\system32\fpqmulfl.exe Has been deleted! Attempting to delete C:\windows\system32\fqallxvg.exe C:\windows\system32\fqallxvg.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\fuplvmav.exe C:\WINDOWS\system32\fuplvmav.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\gplnukly.exe C:\WINDOWS\system32\gplnukly.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\hrjviteg.exe C:\WINDOWS\system32\hrjviteg.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\htowoqta.exe C:\WINDOWS\system32\htowoqta.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\iaurtfvf.exe C:\WINDOWS\system32\iaurtfvf.exe Has been deleted! Attempting to delete C:\windows\system32\ihphsnns.exe C:\windows\system32\ihphsnns.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\imyldjpg.exe C:\WINDOWS\system32\imyldjpg.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ipfxqoiq.exe C:\WINDOWS\system32\ipfxqoiq.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\jbjijxoq.exe C:\WINDOWS\system32\jbjijxoq.exe Has been deleted! Attempting to delete C:\windows\system32\jdhknqem.exe C:\windows\system32\jdhknqem.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\jljfahni.exe C:\WINDOWS\system32\jljfahni.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\jpxyiowv.exe C:\WINDOWS\system32\jpxyiowv.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\kixigewi.exe C:\WINDOWS\system32\kixigewi.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\kxkoxgqi.exe C:\WINDOWS\system32\kxkoxgqi.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\lcjkdmnh.exe C:\WINDOWS\system32\lcjkdmnh.exe Has been deleted! Attempting to delete C:\windows\system32\lkwquhwk.exe C:\windows\system32\lkwquhwk.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\mcietqdf.exe C:\WINDOWS\system32\mcietqdf.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\mewopxdx.exe C:\WINDOWS\system32\mewopxdx.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\mhgxqsni.exe C:\WINDOWS\system32\mhgxqsni.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\mkgpjyib.dll C:\WINDOWS\system32\mkgpjyib.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mqiwovuh.exe C:\WINDOWS\system32\mqiwovuh.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\mwqnnyxy.exe C:\WINDOWS\system32\mwqnnyxy.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\namfgvuc.exe C:\WINDOWS\system32\namfgvuc.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ndkysofq.exe C:\WINDOWS\system32\ndkysofq.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\nhevddob.exe C:\WINDOWS\system32\nhevddob.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\nnelvuxj.exe C:\WINDOWS\system32\nnelvuxj.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\nsysraii.exe C:\WINDOWS\system32\nsysraii.exe Has been deleted! Attempting to delete C:\windows\system32\nwjcjgyk.exe C:\windows\system32\nwjcjgyk.exe Has been deleted! Attempting to delete C:\windows\system32\nwsdsvjw.exe C:\windows\system32\nwsdsvjw.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ocdtblbw.exe C:\WINDOWS\system32\ocdtblbw.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\odfocybt.exe C:\WINDOWS\system32\odfocybt.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\oevvdfmd.exe C:\WINDOWS\system32\oevvdfmd.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\oijofaug.exe C:\WINDOWS\system32\oijofaug.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\omfilajc.exe C:\WINDOWS\system32\omfilajc.exe Has been deleted! Attempting to delete C:\windows\system32\opafgftr.exe C:\windows\system32\opafgftr.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\otyrkfjo.exe C:\WINDOWS\system32\otyrkfjo.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ovbavvqi.exe C:\WINDOWS\system32\ovbavvqi.exe Has been deleted! Attempting to delete C:\windows\system32\pgyiffdk.dll C:\windows\system32\pgyiffdk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pliecojo.exe C:\WINDOWS\system32\pliecojo.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\pnaranle.exe C:\WINDOWS\system32\pnaranle.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\prpatwew.exe C:\WINDOWS\system32\prpatwew.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\qbqstiek.exe C:\WINDOWS\system32\qbqstiek.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\qeuqrcnk.exe C:\WINDOWS\system32\qeuqrcnk.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\qhwyayon.exe C:\WINDOWS\system32\qhwyayon.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\qkscxstj.exe C:\WINDOWS\system32\qkscxstj.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\qoimaytm.exe C:\WINDOWS\system32\qoimaytm.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\qshoabfg.exe C:\WINDOWS\system32\qshoabfg.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\qwykjtfv.exe C:\WINDOWS\system32\qwykjtfv.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ravllcmc.exe C:\WINDOWS\system32\ravllcmc.exe Has been deleted! Attempting to delete C:\windows\system32\rdotiycb.exe C:\windows\system32\rdotiycb.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\rlkumhdf.exe C:\WINDOWS\system32\rlkumhdf.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\rrvnvxug.exe C:\WINDOWS\system32\rrvnvxug.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\rsprvhbk.exe C:\WINDOWS\system32\rsprvhbk.exe Could not be deleted. Attempting to delete C:\windows\system32\seqokjji.dll C:\windows\system32\seqokjji.dll Has been deleted! Attempting to delete C:\windows\system32\sjgfyqem.exe C:\windows\system32\sjgfyqem.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\sjskthbj.exe C:\WINDOWS\system32\sjskthbj.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\sqtkxhvr.exe C:\WINDOWS\system32\sqtkxhvr.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ssefvqdt.exe C:\WINDOWS\system32\ssefvqdt.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\stirbfdg.exe C:\WINDOWS\system32\stirbfdg.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\sugdbydl.exe C:\WINDOWS\system32\sugdbydl.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\swobquqr.exe C:\WINDOWS\system32\swobquqr.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\syeubyjx.exe C:\WINDOWS\system32\syeubyjx.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\terfcoeu.exe C:\WINDOWS\system32\terfcoeu.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\uaonjsle.exe C:\WINDOWS\system32\uaonjsle.exe Has been deleted! Attempting to delete C:\windows\system32\ubuduwei.exe C:\windows\system32\ubuduwei.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ubvigday.exe C:\WINDOWS\system32\ubvigday.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\uedtodmo.exe C:\WINDOWS\system32\uedtodmo.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\unqetrcv.exe C:\WINDOWS\system32\unqetrcv.exe Has been deleted! Attempting to delete C:\windows\system32\vclwgqrj.exe C:\windows\system32\vclwgqrj.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\vowuhvva.exe C:\WINDOWS\system32\vowuhvva.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\vtupvgmq.dll C:\WINDOWS\system32\vtupvgmq.dll Has been deleted! Attempting to delete C:\windows\system32\wjgqxcpv.exe C:\windows\system32\wjgqxcpv.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\wtkjwgxo.exe C:\WINDOWS\system32\wtkjwgxo.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\wushjfea.exe C:\WINDOWS\system32\wushjfea.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\wwyagwcv.exe C:\WINDOWS\system32\wwyagwcv.exe Has been deleted! Attempting to delete C:\windows\system32\wyhycpnt.exe C:\windows\system32\wyhycpnt.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\xkkdbwbu.exe C:\WINDOWS\system32\xkkdbwbu.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\xmncvpku.exe C:\WINDOWS\system32\xmncvpku.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\yaiwjpbg.exe C:\WINDOWS\system32\yaiwjpbg.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\yayvttq.dll C:\WINDOWS\system32\yayvttq.dll Could not be deleted. Attempting to delete C:\windows\system32\yhmuhbef.exe C:\windows\system32\yhmuhbef.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\yhoakpku.exe C:\WINDOWS\system32\yhoakpku.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\yjrmrjgh.exe C:\WINDOWS\system32\yjrmrjgh.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ymppnrha.exe C:\WINDOWS\system32\ymppnrha.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ysodhubm.exe C:\WINDOWS\system32\ysodhubm.exe Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\bbhxgiic.dll C:\WINDOWS\system32\bbhxgiic.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rsprvhbk.exe C:\WINDOWS\system32\rsprvhbk.exe Could not be deleted. Attempting to delete C:\WINDOWS\system32\yayvttq.dll C:\WINDOWS\system32\yayvttq.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal...

#7 rigacci

rigacci

    Silver Member

  • Authentic Member
  • PipPipPip
  • 489 posts

Posted 06 January 2008 - 08:10 PM

:thumbup:

#8 DougD0181

DougD0181

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 06 January 2008 - 08:14 PM

I will complete the other steps and post in a reply tomorrow evening. Doug

#9 rigacci

rigacci

    Silver Member

  • Authentic Member
  • PipPipPip
  • 489 posts

Posted 06 January 2008 - 08:23 PM

Great, I'll look for it. :blink:

BTW, I could also use an Unistall List. :ph34r:

Run HijackThis but instead of doing a scan, Open the Misc Tools Section.

Click on Open Uninstall Manager.

Save the List and post that list here with everything else you have.

Thanks.

DR

#10 DougD0181

DougD0181

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 06 January 2008 - 09:58 PM

Jotti scan results for File: rsprvhbk.exe Scanner results Scan taken on 07 Jan 2008 03:52:51 (GMT) A-Squared Found nothing AntiVir Found TR/Fotomoto.E ArcaVir Found Trojan.Agent.Bck Avast Found Win32:Agent-LAP AVG Antivirus Found Generic2.ONQ BitDefender Found Trojan.Fotomoto.E ClamAV Found Trojan.Agent-7570 CPsecure Found Troj.W32.Agent.bck Dr.Web Found Trojan.EzulaAd F-Prot Antivirus Found W32/Trojan.BXOI F-Secure Anti-Virus Found Trojan.Win32.Agent.bck Fortinet Found nothing Ikarus Found Win32.Rigel.6468 Kaspersky Anti-Virus Found Trojan.Win32.Agent.bck NOD32 Found Win32/Agent.BCK Norman Virus Control Found W32/Agent.dam Panda Antivirus Found Trj/Downloader.OZB Rising Antivirus Found Trojan.Win32.Agent.yyw Sophos Antivirus Found Troj/Bckdr-QJL VirusBuster Found Adware.Vundo.P.Gen VBA32 Found Trojan.Win32.Agent.bck jotti scan results for File: xofgd.dat Scanner results Scan taken on 07 Jan 2008 03:56:37 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing

#11 DougD0181

DougD0181

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 06 January 2008 - 10:00 PM

uninstall list Adobe Acrobat - Reader 6.0.2 Update Adobe Flash Player 9 ActiveX Adobe Reader 6.0.1 Agere Systems PCI Soft Modem Air Utility CC_ccProxyMSI CC_ccStart ccCommon Compaq Connections Compaq Organize DivX Easy Internet Sign-up Full Tilt Poker Google Toolbar for Internet Explorer Help and Support Additions High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Windows XP (KB935448) hp deskjet 5100 HP Photo and Imaging 2.0 - Deskjet Series hp print screen utility HP Software Update Intel® Graphics Media Accelerator Driver IntelliMover Data Transfer Demo InterActual Player Internet Speed Monitor InterVideo WinDVD Player J2SE Runtime Environment 5.0 Update 5 Java 2 Runtime Environment, SE v1.4.2_03 Java DB 10.2.2.0 Java™ 6 Update 3 Java™ SE Development Kit 6 Update 3 KBD Learn2 Player (Uninstall Only) LiveReg (Symantec Corporation) LiveUpdate 2.6 (Symantec Corporation) MetaFrame Presentation Server Web Client for Win32 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft ActiveSync 3.7 Microsoft Halo Microsoft Office 2000 Premium Microsoft Office Standard Edition 2003 Microsoft Outlook 2002 Microsoft Plus! Dancer LE Microsoft Plus! Digital Media Edition Installer Microsoft Plus! for Windows XP Microsoft Plus! Photo Story 2 LE Microsoft Works 7.0 MSRedist MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 Parser and SDK Norton AntiVirus 2004 Norton AntiVirus 2004 (Symantec Corporation) Norton AntiVirus Parent MSI Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Personal Firewall Norton Personal Firewall (Symantec Corporation) Norton Security Center Norton WMI Update Outerinfo overland ParadisePoker.net PC-Doctor for Windows PS2 Python 2.2 combined Win32 extensions Python 2.2.1 QuickTime RealPlayer RenWeb.com Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB944653) Sonic RecordNow! SpySubtract TurboTax Premier Investments 2006 Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Update for Windows XP (KB946627) Verizon Online Verizon Online Support Center Viewpoint Manager (Remove Only) Viewpoint Media Player WexTech AnswerWorks Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883667 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 World of Warcraft Yahoo! Toolbar

#12 DougD0181

DougD0181

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 06 January 2008 - 10:01 PM

HJT logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:01 PM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rsprvhbk.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\mrofinu72.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\COMPAQ~1\APPLIC~1\DOBE~1\netdde.exe
C:\Program Files\QdrModule\QdrModule11.exe
C:\Program Files\QdrPack\QdrPack11.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\?racle\w?nspool.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E5C9A96-0EA4-4200-AF1A-2A7DC7702A35} - C:\WINDOWS\system32\vkmtcube.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:\Program Files\QdrDrive\QdrDrive9.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A62E1F9E-97C0-4324-8102-FAD31E1401B3} - C:\WINDOWS\inf\rdvajva.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B18DA911-1CF8-6B78-D25B-48E679F70D92} - C:\WINDOWS\system32\kkw.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [JVM0.12] C:\WINDOWS\system32\xofgd.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Smiley District] C:\Program Files\SmileyDistrict\plugin.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A284661A64DB7
C8F0287E55E246220D9E728F9FC17D446BC57D5170E744AB97
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Srro] "C:\DOCUME~1\COMPAQ~1\APPLIC~1\DOBE~1\netdde.exe" -vt yazb
O4 - HKCU\..\Run: [QdrModule11] "C:\Program Files\QdrModule\QdrModule11.exe"
O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe"
O4 - HKCU\..\Run: [Yjzwn] C:\WINDOWS\system32\?racle\w?nspool.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://vram8.vcu.edu/dwa7W.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\rsprvhbk.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10920 bytes

#13 rigacci

rigacci

    Silver Member

  • Authentic Member
  • PipPipPip
  • 489 posts

Posted 10 January 2008 - 05:26 AM

Hello. :wavey: I'm very sorry it took so long but here is the next step.

You got a lot :thumbup: but there are still more. :wacko:

Please uninstall the following programs using Start>Control
Panel>Add/Remove Programs
:

Full Tilt Poker
Internet Speed Monitor
Outerinfo
Viewpoint Media Player (and Manager)
:rant2:



Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 3...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.


Download ComboFix to your desktop, from
HERE
or
HERE
.

Double click combofix.exe & follow the prompts.

Don't click on the window while the fix is running, because
that will cause your system to hang.


When it's finished, it will probably reboot. If it doesn't automatically,
reboot it yourself. It should produce a log located at the root of C: drive,
combofix.txt, which you can post in your next reply.

Thanks,

DR

#14 DougD0181

DougD0181

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 13 January 2008 - 12:43 PM

DR,

Here is the ComboFix logfile:

ComboFix 08-01-09.2 - Compaq_Owner 2008-01-13 13:32:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.457 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Compaq_Owner\Application Data\DOBE~1
C:\Program Files\Common Files\tsks~1
C:\Program Files\QdrDrive
C:\WINDOWS\cookies.ini
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\system32\ayjjrunv.dll
C:\WINDOWS\system32\dx7v.1
C:\WINDOWS\system32\dx7v.dll
C:\WINDOWS\system32\efcywts.dll
C:\WINDOWS\system32\gebyvvs.dll
C:\WINDOWS\system32\iiffgfc.dll
C:\WINDOWS\system32\jkkkkih.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnmjhh.dll
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\vkmtcube.dll
C:\WINDOWS\system32\wintsvtr32.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\ApiMon
-------\DomainService
-------\nm


((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-13 13:31 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 13:30 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-13 13:29 . 2008-01-13 13:30 <DIR> d-------- C:\Program Files\Java
2008-01-13 13:29 . 2008-01-13 13:29 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-13 11:34 . 2008-01-13 11:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-13 11:34 . 2008-01-13 11:34 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-09 17:57 . 2008-01-09 17:57 4,286 --a------ C:\WINDOWS\system32\everybodybets.32x32.4.ico
2008-01-09 17:05 . 2008-01-09 17:05 25 --a------ C:\WINDOWS\cdplayer.ini
2008-01-06 20:03 . 2008-01-06 21:00 <DIR> d-------- C:\VundoFix Backups
2007-12-27 18:56 . 2007-12-27 18:56 <DIR> d-------- C:\Program Files\RcvSystem
2007-12-25 19:05 . 2007-12-25 19:05 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 18:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-13 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-24 02:29 --------- d-----w C:\Program Files\Norton Personal Firewall
2007-12-17 23:12 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-09-12 23:34 2,131,994 --sh--w C:\WINDOWS\Cursors\pckb.ini2
2007-09-11 13:21 2,036,530 --sh--w C:\WINDOWS\Cursors\pckb.bak1
2007-09-11 13:21 2,036,530 --sh--w C:\WINDOWS\Cursors\pckb.bak1
2007-09-12 23:34 2,131,994 --sh--w C:\WINDOWS\Cursors\pckb.ini2
2007-09-01 01:11 1,884,477 --sh--w C:\WINDOWS\msagent\gloofin.bak1
2005-08-29 23:54 26,112 --sha-w C:\WINDOWS\system32\sstts.dll
2007-07-07 00:02 1,842,975 --sh--w C:\WINDOWS\Web\sliut.bak1
2007-07-11 22:19 1,980,153 --sh--w C:\WINDOWS\Web\sliut.bak2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A62E1F9E-97C0-4324-8102-FAD31E1401B3}]
C:\WINDOWS\inf\rdvajva.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 16:42 401491]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 10:21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"VTTimer"="VTTimer.exe" []
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 04:21 50176 C:\WINDOWS\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 19:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 22:13 98304]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 08:43 188416]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"JVM0.12"="C:\WINDOWS\system32\xofgd.exe" [ ]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-11 22:23 180269]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-03-07 22:22 95960]
"SoundMan"="SOUNDMAN.EXE" [2005-04-06 17:57 90112 C:\WINDOWS\SOUNDMAN.EXE]
"Smiley District"="C:\Program Files\SmileyDistrict\plugin.exe" [ ]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2005-03-07 22:26 385024]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 18:41 163840]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-22 17:45 71280]
"AlcWzrd"="ALCWZRD.EXE" [2005-04-06 17:53 2805248 C:\WINDOWS\ALCWZRD.EXE]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 07:00 158208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-08-11 22:39 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
backup=C:\WINDOWS\pss\SpySubtract.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Compaq Organize.lnk]
path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Compaq Organize.lnk
backup=C:\WINDOWS\pss\Compaq Organize.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
--a------ 2003-05-21 18:37 229437 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfileWatcher]
C:\Program Files\ProfileWatcher\profilewatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-08-11 22:39 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-27 10:21 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMNDS.sys [2003-09-19 15:00]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-01 13:41:34 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Compaq_Owner.job"
- c:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-01-13 16:41:25 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 13:37:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 13:40:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-13 18:40:04
.
2008-01-09 09:50:42 --- E O F ---

Thank you again for all of your assistance.

Doug

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users