Jump to content


Photo

Problems


  • This topic is locked This topic is locked
8 replies to this topic

#1 phi467

phi467

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 10 June 2007 - 03:35 PM

My systems recently has had a lot of pop-ups and seems to be running slow. Also when I search for something on Google and click to go to that website it redirects me to something else. I have tried using Ad-Aware, CW Shredder, and Spybot. Spybot always comes up with Smithfraud-C. Toolbar 888. Here are my reports from AVG and HijackThis.

AVG Report

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:21:38 PM 6/10/2007

+ Scan result:



[1344] VM_020B0000 -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\system32\urqrqqp.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
[508] C:\WINDOWS\system32\pmkhe.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\j0211631.dll -> Hijacker.Small.mw : Cleaned with backup (quarantined).
[1460] C:\WINDOWS\system32\j0211631.dll -> Hijacker.Small.mw : Cleaned with backup (quarantined).
[908] C:\WINDOWS\system32\j0211631.dll -> Hijacker.Small.mw : Cleaned with backup (quarantined).
C:\Documents and Settings\The Brown Family\Cookies\the brown family@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\The Brown Family\Cookies\the brown family@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP125\A0020296.exe -> Trojan.Agent.anr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP125\A0020297.exe -> Trojan.Agent.anr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP125\A0020298.exe -> Trojan.Agent.anr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP125\A0020299.exe -> Trojan.Agent.anr : Cleaned with backup (quarantined).


::Report end

HijackThis Report

Logfile of HijackThis v1.99.1
Scan saved at 4:26:05 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\THEBRO~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\gwgayagj.dll",realset
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [j0211631] rundll32 C:\WINDOWS\system32\j0211631.dll sook
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.adxgate.net
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.snipenet.net
O15 - Trusted Zone: *.adxgate.net (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.snipenet.net (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner....leanerstart.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1171131231474
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.co...aploader_v6.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe


I would appreciate any help you can give me. Thanks.

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 13 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 16 June 2007 - 10:15 AM

Hello,

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Please download Atribune's VundoFix.exe from this site:
http://www.atribune..../click.php?id=4 and place it on your desktop.

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files,
click YES

Once you click yes, your desktop will go blank as it starts removing
Vundo.

When completed, it will prompt that it will reboot your computer,
click OK.

=*=

Please set your system to show all files;
To delete the files/folders in the next steps, you may need to show hidden Files/Folders: How to.
At the end of the fix you can return the files to hidden status if you want..

Disable Microsoft Windows Defender:
We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
  • Click on Tools, General Settings.
  • Under Real-time protection options, unselect the Turn on real-time protection check box
  • Click Save
After all of the fixes are complete it is very important that you enable Real-time Protection again.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\gwgayagj.dll",realset
O4 - HKLM\..\Run: [j0211631] rundll32 C:\WINDOWS\system32\j0211631.dll sook
O15 - Trusted Zone: *.adxgate.net
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.snipenet.net
O15 - Trusted Zone: *.adxgate.net (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.snipenet.net (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner....leanerstart.cab


Click on Fix Checked when finished and exit HijackThis.

Delete this file in bold if found.
C:\WINDOWS\system32\gwgayagj.dll

Restart the computer normally to reset the registry.

=*=

Enable Microsoft Windows Defender.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.
=*=

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions. <- important.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 phi467

phi467

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 17 June 2007 - 12:26 PM

Here are the results of the Dr web and the new HJT log. Spybot is still picking up Smithfraud-C toolbar888 and Virtumonde. The Vundofix.exe is not coming back with anything. Thanks.

Dr Web log:

iwfoqswr.dll;c:\windows\system32;Trojan.Virtumod;Deleted.;
njokuqwi.dll;c:\windows\system32;Adware.Crew;Incurable.Moved.;
temp.frEE51;C:\Documents and Settings\The Brown Family\Local Settings\Temp;Adware.Crew;Incurable.Moved.;
uers.exe\data001;C:\Documents and Settings\The Brown Family\Local Settings\Temp\temp.fr9BCE\uers.exe;Trojan.DownLoader.10963;;
uers.exe\data002;C:\Documents and Settings\The Brown Family\Local Settings\Temp\temp.fr9BCE\uers.exe;Trojan.DownLoader.10963;;
uers.exe;C:\Documents and Settings\The Brown Family\Local Settings\Temp\temp.fr9BCE;Archive contains infected objects;Moved.;
A0014239.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP102;Trojan.Virtumod;Deleted.;
A0014260.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP103;Trojan.Juan;Deleted.;
A0014338.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP106;Trojan.Virtumod;Deleted.;
A0014588.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP116;Trojan.Virtumod;Deleted.;
A0014885.exe;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP116;Probably BACKDOOR.Trojan;Incurable.Moved.;
A0014904.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP117;Trojan.Virtumod;Deleted.;
A0015023.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP117;Trojan.Virtumod;Deleted.;
A0018049.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP118;Trojan.Virtumod;Deleted.;
A0018050.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP118;Trojan.Virtumod;Deleted.;
A0018169.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP118;Trojan.Virtumod;Deleted.;
A0018194.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP118;Trojan.Virtumod;Deleted.;
A0018196.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP118;Trojan.Virtumod;Deleted.;
A0018225.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP121;Trojan.Virtumod;Deleted.;
A0018227.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP121;Trojan.Virtumod;Deleted.;
A0020280.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP125;Trojan.Virtumod;Deleted.;
A0020327.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP126;Trojan.Virtumod;Deleted.;
A0022451.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP130;Adware.Crew;Incurable.Moved.;
A0022452.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP130;Adware.Crew;Incurable.Moved.;
A0022457.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP130;Adware.Crew;Incurable.Moved.;
A0022462.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP130;Trojan.Virtumod;Deleted.;
A0023578.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP131;Trojan.Virtumod;Deleted.;
A0023580.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP131;Trojan.Virtumod;Deleted.;
A0023581.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP131;Trojan.Virtumod;Deleted.;
A0023582.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP131;Trojan.Virtumod;Deleted.;
A0023583.exe;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP131;Trojan.Click.2485;Deleted.;
A0023584.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP131;Trojan.Virtumod;Deleted.;
A0023586.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP131;Trojan.Virtumod;Deleted.;
A0023590.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP131;Trojan.Virtumod;Deleted.;
A0023592.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP131;Trojan.Virtumod;Deleted.;
A0023594.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP131;Trojan.Virtumod;Deleted.;
A0023595.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP131;Trojan.Virtumod;Deleted.;
A0023596.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP131;Trojan.Virtumod;Deleted.;
A0023597.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP131;Trojan.Virtumod;Deleted.;
A0023598.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP131;Trojan.Virtumod;Deleted.;
A0023599.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP131;Trojan.Virtumod;Deleted.;
A0023600.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP131;Trojan.Virtumod;Deleted.;
A0023610.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP131;Trojan.Virtumod;Deleted.;
A0013901.exe\data001;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP89\A0013901.exe;Trojan.DownLoader.10963;;
A0013901.exe\data002;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP89\A0013901.exe;Trojan.DownLoader.10963;;
A0013901.exe;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP89;Archive contains infected objects;Moved.;
A0013978.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP93;Trojan.Juan;Deleted.;
A0014009.dll;C:\System Volume Information\_restore{F1753307-CBD5-4A8D-94A6-06A6489ADB8E}\RP95;Trojan.Virtumod;Deleted.;
dvqwhxio.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
fdvascam.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
gxtjihal.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
ifauselm.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
iicborrm.exe.bad;C:\VundoFix Backups;Trojan.Click.2485;Deleted.;
iltmdhxo.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
j0211631.dll.bad;C:\VundoFix Backups;Trojan.Click.2485;Deleted.;
lyhednic.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
nkdfiunp.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
opnrwujh.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
pmkhe.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
qkdpreit.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
rpkxyfrn.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
rxuguboa.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
sthqsuks.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
urqrqqp.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
uwcavubc.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
yyiwwpin.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
hfqtwafv.dll;C:\WINDOWS\system32;Trojan.Juan;Deleted.;
j0211631.dll;C:\WINDOWS\system32;Trojan.Click.2485;Deleted.;
njokuqwi.dll;C:\WINDOWS\system32;Adware.Crew;;
olldodou.dll;C:\WINDOWS\system32;Adware.Crew;Incurable.Moved.;
sthqsuks.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;


HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:43:24 PM, on 6/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\The Brown Family\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3EC3C5F8-F43B-4CA4-8C7B-CE50B8FDD2E7} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\iwfoqswr.dll (file missing)
O2 - BHO: (no name) - {5E3BB823-6BF6-4892-92C6-68D037DA60BE} - C:\WINDOWS\system32\jkklj.dll (file missing)
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1171131231474
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.co...aploader_v6.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

--
End of file - 5774 bytes

#5 phi467

phi467

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 17 June 2007 - 12:29 PM

Sorry, here is the vundofix.txt...........



VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.11

Scan started at 10:03:22 AM 6/17/2007

Listing files found while scanning....

C:\windows\system32\cbuvacwu.ini
C:\WINDOWS\system32\dvqwhxio.dll
C:\WINDOWS\system32\ehkmp.bak1
C:\WINDOWS\system32\ehkmp.bak2
C:\WINDOWS\system32\ehkmp.ini
C:\WINDOWS\system32\ehkmp.ini2
C:\WINDOWS\system32\ehkmp.tmp
C:\windows\system32\fdvascam.dll
C:\windows\system32\gxtjihal.dll
C:\windows\system32\ifauselm.dll
C:\windows\system32\iicborrm.exe
C:\windows\system32\iltmdhxo.dll
C:\windows\system32\j0211631.dll
C:\windows\system32\lahijtxg.ini
C:\windows\system32\lyhednic.dll
C:\windows\system32\macsavdf.ini
C:\WINDOWS\system32\mdvrtktc.dll
C:\windows\system32\mlesuafi.ini
C:\WINDOWS\system32\mwefjhwb.dll
C:\windows\system32\nipwwiyy.ini
C:\windows\system32\nkdfiunp.dll
C:\windows\system32\nrfyxkpr.ini
C:\WINDOWS\system32\opnrwujh.dll
C:\windows\system32\oxhdmtli.ini
C:\WINDOWS\system32\pmkhe.dll
C:\windows\system32\qkdpreit.dll
C:\windows\system32\rpkxyfrn.dll
C:\windows\system32\rxuguboa.dll
C:\windows\system32\skusqhts.ini
C:\WINDOWS\system32\sthqsuks.dll
C:\WINDOWS\system32\urqrqqp.dll
C:\windows\system32\uwcavubc.dll
C:\WINDOWS\system32\xbxhdtco.dll
C:\windows\system32\yyiwwpin.dll

Beginning removal...

Attempting to delete C:\windows\system32\cbuvacwu.ini
C:\windows\system32\cbuvacwu.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\dvqwhxio.dll
C:\WINDOWS\system32\dvqwhxio.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ehkmp.bak1
C:\WINDOWS\system32\ehkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ehkmp.bak2
C:\WINDOWS\system32\ehkmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ehkmp.ini
C:\WINDOWS\system32\ehkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ehkmp.ini2
C:\WINDOWS\system32\ehkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ehkmp.tmp
C:\WINDOWS\system32\ehkmp.tmp Has been deleted!

Attempting to delete C:\windows\system32\fdvascam.dll
C:\windows\system32\fdvascam.dll Has been deleted!

Attempting to delete C:\windows\system32\gxtjihal.dll
C:\windows\system32\gxtjihal.dll Has been deleted!

Attempting to delete C:\windows\system32\ifauselm.dll
C:\windows\system32\ifauselm.dll Has been deleted!

Attempting to delete C:\windows\system32\iicborrm.exe
C:\windows\system32\iicborrm.exe Has been deleted!

Attempting to delete C:\windows\system32\iltmdhxo.dll
C:\windows\system32\iltmdhxo.dll Has been deleted!

Attempting to delete C:\windows\system32\j0211631.dll
C:\windows\system32\j0211631.dll Could not be deleted.

Attempting to delete C:\windows\system32\lahijtxg.ini
C:\windows\system32\lahijtxg.ini Has been deleted!

Attempting to delete C:\windows\system32\lyhednic.dll
C:\windows\system32\lyhednic.dll Has been deleted!

Attempting to delete C:\windows\system32\macsavdf.ini
C:\windows\system32\macsavdf.ini Has been deleted!

Attempting to delete C:\windows\system32\mlesuafi.ini
C:\windows\system32\mlesuafi.ini Has been deleted!

Attempting to delete C:\windows\system32\nipwwiyy.ini
C:\windows\system32\nipwwiyy.ini Has been deleted!

Attempting to delete C:\windows\system32\nkdfiunp.dll
C:\windows\system32\nkdfiunp.dll Has been deleted!

Attempting to delete C:\windows\system32\nrfyxkpr.ini
C:\windows\system32\nrfyxkpr.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnrwujh.dll
C:\WINDOWS\system32\opnrwujh.dll Has been deleted!

Attempting to delete C:\windows\system32\oxhdmtli.ini
C:\windows\system32\oxhdmtli.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\pmkhe.dll Has been deleted!

Attempting to delete C:\windows\system32\qkdpreit.dll
C:\windows\system32\qkdpreit.dll Has been deleted!

Attempting to delete C:\windows\system32\rpkxyfrn.dll
C:\windows\system32\rpkxyfrn.dll Has been deleted!

Attempting to delete C:\windows\system32\rxuguboa.dll
C:\windows\system32\rxuguboa.dll Has been deleted!

Attempting to delete C:\windows\system32\skusqhts.ini
C:\windows\system32\skusqhts.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sthqsuks.dll
C:\WINDOWS\system32\sthqsuks.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\urqrqqp.dll
C:\WINDOWS\system32\urqrqqp.dll Has been deleted!

Attempting to delete C:\windows\system32\uwcavubc.dll
C:\windows\system32\uwcavubc.dll Has been deleted!

Attempting to delete C:\windows\system32\yyiwwpin.dll
C:\windows\system32\yyiwwpin.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.0

Checking Java version...

Scan started at 12:44:48 PM 6/17/2007

Listing files found while scanning....

No infected files were found.

#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 18 June 2007 - 06:58 AM

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Cleaning these remnant items should stop these messages.

Disable Microsoft Windows Defender:
We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
  • Click on Tools, General Settings.
  • Under Real-time protection options, unselect the Turn on real-time protection check box
  • Click Save
After all of the fixes are complete it is very important that you enable Real-time Protection again.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O2 - BHO: (no name) - {3EC3C5F8-F43B-4CA4-8C7B-CE50B8FDD2E7} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\iwfoqswr.dll (file missing)
O2 - BHO: (no name) - {5E3BB823-6BF6-4892-92C6-68D037DA60BE} - C:\WINDOWS\system32\jkklj.dll (file missing)


Click on Fix Checked when finished and exit HijackThis.

Restart the computer normally to reset the registry.

Enable Windows defender.

Submit a fresh HijackThis log.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 phi467

phi467

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 18 June 2007 - 04:22 PM

New HJT log:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:20:06 PM, on 6/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\The Brown Family\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1171131231474
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.co...aploader_v6.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

--
End of file - 5501 bytes

#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 19 June 2007 - 07:04 AM

Nice Work your log is clean.

Please read this Prevention page with lots of info and tips how to prevent this in the future.
http://users.telenet...prevention.html
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 30 June 2007 - 07:43 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button