• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Ericks

Help with log file !

11 posts in this topic

The comp has a horrible pop up problem , most of the blockers and what not cant seem to fix it. I've run ad aware , avg , CWShredder etc. but can't seem to get it all. It's also been very slow . I don't know the extent of the problems , these are just the major ones . Thanks in advance !

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 4:10:46 PM, on 6/29/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\VERITAS Software\Update Manager\sgtray.exe

C:\WINDOWS\system32\ps2.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\igfxtray.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

C:\Program Files\PeoplePC\ISP6330\Browser\Bartshel.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe

c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\PeoplePC\ISP6330\Browser\PPShared.exe

C:\Documents and Settings\Belle\Desktop\BeLLA\Hijack this\HiJackThis_v2.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcy/default.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcy/default...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rd.yahoo.com/mail_us/mailto/sbcy/De...?.redir=ymmapi1

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: PPCScamBHO Class - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll

O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar41.dll

O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar41.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [FLSYMP] C:\WINDOWS\FLSYMP.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe ] SBC Yahoo! Connection Manager

O4 - HKLM\..\Run: [bart Station] C:\Program Files\PeoplePC\ISP6330\BIN\PPCOLink.exe -STATION

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [pqvgjjsmu] c:\windows\system32\pqvgjjsmu.exe pqvgjjsmu

O4 - HKLM\..\Run: [hegrcl] c:\windows\system32\hegrcl.exe hegrcl

O4 - HKLM\..\Run: [ttlhpu] c:\windows\system32\ttlhpu.exe ttlhpu

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKCU\..\Run: [vlnjbkqt] c:\windows\system32\vlnjbkqt.exe -start

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [iahqtdlu] c:\windows\system32\iahqtdlu.exe iahqtdlu

O4 - HKCU\..\Run: [qausvxp] c:\windows\system32\qausvxp.exe qausvxp

O4 - HKCU\..\Run: [instant Access] C:\WINDOWS\system32\linkprd.exe /res

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe

O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Belle\Start Menu\Programs\IMVU\Run IMVU.lnk

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

--

End of file - 8983 bytes

Share this post


Link to post
Share on other sites

Hi,

 

You have a lot of Adware on this PC.

 

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

 

For additional help in booting into Safe Mode, see the following site:

http://www.pchell.com/support/safemode.shtml

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

Please also post a fresh HiJackThis log.

 

jedi

Share this post


Link to post
Share on other sites

Sorry for such a late reply , heres a log from both .

 

 

newdotnet7_48.dll;c:\program files\newdotnet;Adware.NewDotNet;Incurable.Moved.;

atrc8parb_.exe;C:\Documents and Settings\Owner\Local Settings\Temp;Adware.SAHAgent;Incurable.Moved.;

hqrhil7kg_.exe;C:\Documents and Settings\Owner\Local Settings\Temp;Adware.SAHAgent;Incurable.Moved.;

liqp7c25q_.dll;C:\Documents and Settings\Owner\Local Settings\Temp;Adware.SAHAgent;Incurable.Moved.;

umqltg4cl_.exe;C:\Documents and Settings\Owner\Local Settings\Temp;Adware.SAHAgent;Incurable.Moved.;

rav_temp.exe;C:\Documents and Settings\Owner\Local Settings\Temp\EACDownload;Probably DLOADER.Trojan;Incurable.Moved.;

UWA6P_0001_N822M1605NetInstaller.exe;C:\Documents and Settings\Owner\Local Settings\Temp\ICD2.tmp;Trojan.DownLoader.10346;Deleted.;

UWA6P_0001_N822M1605NetInstaller.exe;C:\Documents and Settings\Owner\Local Settings\Temp\ICD3.tmp;Trojan.DownLoader.10346;Deleted.;

UWAS6_0001_N69M0903NetInstaller.exe;C:\Documents and Settings\Owner\Local Settings\Temp\ICD4.tmp;Trojan.Fakealert;Deleted.;

PPCInstall.dll;C:\Documents and Settings\Owner\Local Settings\Temp\PeoplePC\ISP6130;Probably STPAGE.Trojan;Incurable.Moved.;

PPCInstall.dll;C:\Documents and Settings\Owner\Local Settings\Temp\PeoplePC Online;Probably STPAGE.Trojan;Incurable.Moved.;

BH2.exe;C:\Documents and Settings\Owner\Local Settings\Temp\pft3B~tmp;Modification of APE.based;Moved.;

UmFjR3VFVXlxNVlBQUNFbTBBTQ1[1].htm;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OHAJQZK9;Win32.HLLM.Graz;Incurable.Moved.;

installdrivecleanerstart.exe;C:\Documents and Settings\Owner\My Documents;Trojan.DownLoader.13909;Deleted.;

KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Moved.;

Terminator.exe;C:\hp\bin;Trojan.KillApp.30208;Deleted.;

msnfixjs.js;C:\hp\patches\32WW5MSN\msnfix;Probably SCRIPT.Virus;Incurable.Moved.;

EN_CA-ie.reg;C:\hp\region;Trojan.StartPage.1505;Deleted.;

NNWDAC638.EXE;C:\Program Files\FileSubmit\dmblndbringtolife.zip;Adware.NewDotNet;Incurable.Moved.;

NNWDAC638.EXE;C:\Program Files\FileSubmit\kjaqueendnd.exe;Adware.NewDotNet;Incurable.Moved.;

PPCInstall.dll;C:\Program Files\PeoplePC\ISP6330\Bin;Probably STPAGE.Trojan;Incurable.Moved.;

NNWDAB638.EXE;C:\Program Files\themexp;Adware.NewDotNet;Incurable.Moved.;

A0122738.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP404;Adware.Zango;Incurable.Moved.;

A0123196.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP404;Adware.Altnet;Incurable.Moved.;

A0123200.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP404;Adware.Altnet;Incurable.Moved.;

A0123203.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP404;Adware.Altnet;Incurable.Moved.;

A0123204.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP404;Adware.Altnet;Incurable.Moved.;

A0123206.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP404;Adware.Altnet;Incurable.Moved.;

A0123473.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP405;Adware.Zango;Incurable.Moved.;

A0124329.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP406;Dialer.Egroup;Incurable.Moved.;

A0124330.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP406;Dialer.Egroup;Incurable.Moved.;

A0124331.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP406;Dialer.Egroup;Incurable.Moved.;

A0124332.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP406;Dialer.Egroup;Incurable.Moved.;

A0124333.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP406;Adware.F1Organizer;Incurable.Moved.;

A0124338.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP406;Dialer.Egroup;Incurable.Moved.;

A0124339.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP406;Dialer.Egroup;Incurable.Moved.;

A0124340.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP406;Dialer.Egroup;Incurable.Moved.;

A0124341.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP406;Dialer.Egroup;Incurable.Moved.;

A0124342.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP406;Dialer.Egroup;Incurable.Moved.;

A0124343.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP406;Dialer.Egroup;Incurable.Moved.;

A0124344.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP406;Dialer.Egroup;Incurable.Moved.;

A0124345.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP406;Dialer.Egroup;Incurable.Moved.;

A0124346.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP406;Dialer.Egroup;Incurable.Moved.;

A0124347.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP406;Dialer.Egroup;Incurable.Moved.;

A0124354.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP406;BackDoor.Ruller;Incurable.Moved.;

A0124356.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP406;Dialer.Egroup;Incurable.Moved.;

A0127779.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP412;Adware.SaveNow;Incurable.Moved.;

A0128761.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP412;Adware.Relevant;Incurable.Moved.;

A0128769.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP412;Adware.SaveNow;Incurable.Moved.;

A0128775.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP412;Adware.SaveNow;Incurable.Moved.;

A0128794.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP412;Adware.NewDotNet;Incurable.Moved.;

A0128800.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP412;Adware.Relevant;Incurable.Moved.;

A0128825.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP413;Adware.Relevant;Incurable.Moved.;

A0128861.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP413;Adware.Whenu;Incurable.Moved.;

A0128870.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP413;Adware.SaveNow;Incurable.Moved.;

A0128904.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP414;Adware.SaveNow;Incurable.Moved.;

A0128915.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP414;Adware.SaveNow;Incurable.Moved.;

A0128938.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP414;Adware.Relevant;Incurable.Moved.;

A0128951.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP415;Adware.Whenu;Incurable.Moved.;

A0128955.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP415;Adware.SaveNow;Incurable.Moved.;

A0129036.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP415;Adware.SaveNow;Incurable.Moved.;

A0129093.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP415;Adware.Relevant;Incurable.Moved.;

A0129426.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP417;Adware.Whenu;Incurable.Moved.;

A0129427.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP417;Adware.SaveNow;Incurable.Moved.;

A0129460.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP417;Modification of APE.based;Moved.;

A0134805.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP420;Program.OSS-Proxy;Incurable.Moved.;

A0149418.EXE;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.Websearch;Incurable.Moved.;

A0149425.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.SaveNow;Incurable.Moved.;

A0149426.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.SaveNow;Incurable.Moved.;

A0149427.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.SaveNow;Incurable.Moved.;

A0149428.DLL;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.MyWay;Incurable.Moved.;

A0149432.DLL;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.Msearch;Incurable.Moved.;

A0149434.DLL;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Trojan.Isbar.438;Deleted.;

A0149436.SCR;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.Msearch;Incurable.Moved.;

A0149438.DLL;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.Msearch;Incurable.Moved.;

A0149439.EXE;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.Msearch;Incurable.Moved.;

A0149440.DLL;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Trojan.DownLoader.7028;Deleted.;

A0149442.DLL;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.Msearch;Incurable.Moved.;

A0149444.DLL;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.Msearch;Incurable.Moved.;

A0149445.DLL;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.MWS;Incurable.Moved.;

A0149446.DLL;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.Msearch;Incurable.Moved.;

A0149447.DLL;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.Msearch;Incurable.Moved.;

A0149452.DLL;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.Msearch;Incurable.Moved.;

A0149455.DLL;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.MWS;Incurable.Moved.;

A0149457.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.NewDotNet;Incurable.Moved.;

A0149458.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.NewDotNet;Incurable.Moved.;

A0149459.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.SaveNow;Incurable.Moved.;

A0149460.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.nCase;Incurable.Moved.;

A0149461.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.nCase;Incurable.Moved.;

A0149462.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.NewDotNet;Incurable.Moved.;

A0150405.DLL;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP429;Adware.Websearch;Incurable.Moved.;

A0154615.dll;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP434;Adware.NewDotNet;Incurable.Moved.;

A0154616.exe;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP434;Trojan.KillApp.30208;Deleted.;

A0154617.reg;C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP434;Trojan.StartPage.1505;Deleted.;

NDNuninstall7_48.exe;C:\WINDOWS;Adware.NewDotNet;Incurable.Moved.;

UWA6P_0001_N822M1605NetInstaller.exe;C:\WINDOWS\Downloaded Program Files;Trojan.DownLoader.10346;Deleted.;

UWAS6_0001_N69M0903NetInstaller.exe;C:\WINDOWS\Downloaded Program Files;Trojan.Fakealert;Deleted.;

UWA6P_0001_N822M1605NetInstaller.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.1;Trojan.DownLoader.10346;Deleted.;

TTIL.exe;C:\WINDOWS\iLookup;Adware.Ezula;Incurable.Moved.;

egaccess4_1066.dll;C:\WINDOWS\system32;Dialer.Egroup;Incurable.Moved.;

f3PSSavr.scr;C:\WINDOWS\system32;Adware.Msearch;Incurable.Moved.;

msclock32.dll;C:\WINDOWS\system32;Dialer.Eghost;Deleted.;

msplock32.dll;C:\WINDOWS\system32;Dialer.Eghost;Deleted.;

prodsrvs.exe;C:\WINDOWS\system32;Dialer.Egroup;Incurable.Moved.;

prosvsys.exe;C:\WINDOWS\system32;Dialer.Egroup;Incurable.Moved.;

msnfixjs.js;D:\hp\patches\32WW5MSN\msnfix;Probably SCRIPT.Virus;Incurable.Moved.;

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 3:19:29 AM, on 7/17/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\VERITAS Software\Update Manager\sgtray.exe

C:\WINDOWS\system32\ps2.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\igfxtray.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\PeoplePC\ISP6330\Browser\Bartshel.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\InterMute\SpySubtract\SpySub.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\IMVU\IMVUClient.exe

C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe

c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\PeoplePC\ISP6330\Browser\PPShared.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Documents and Settings\Belle\Desktop\BeLLA\Hijack this\HiJackThis_v2.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcy/default.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcy/default...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rd.yahoo.com/mail_us/mailto/sbcy/De...?.redir=ymmapi1

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: PPCScamBHO Class - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll

O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar41.dll

O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar41.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [FLSYMP] C:\WINDOWS\FLSYMP.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe ] SBC Yahoo! Connection Manager

O4 - HKLM\..\Run: [bart Station] C:\Program Files\PeoplePC\ISP6330\BIN\PPCOLink.exe -STATION

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [pqvgjjsmu] c:\windows\system32\pqvgjjsmu.exe pqvgjjsmu

O4 - HKLM\..\Run: [echraz] c:\windows\system32\echraz.exe echraz

O4 - HKLM\..\Run: [hegrcl] c:\windows\system32\hegrcl.exe hegrcl

O4 - HKCU\..\Run: [vlnjbkqt] c:\windows\system32\vlnjbkqt.exe -start

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [iahqtdlu] c:\windows\system32\iahqtdlu.exe iahqtdlu

O4 - HKCU\..\Run: [qausvxp] c:\windows\system32\qausvxp.exe qausvxp

O4 - HKCU\..\Run: [instant Access] C:\WINDOWS\system32\linkprd.exe /res

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe

O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Belle\Start Menu\Programs\IMVU\Run IMVU.lnk

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

--

End of file - 9088 bytes

Share this post


Link to post
Share on other sites

Hi again,

 

Please follow these instructions exactly as shown in order to achieve the best results:

 

1. Please download Brute Force Uninstaller to your desktop.

  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

2. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download EGDACCESS Remover.

Save it in the same folder you made earlier (c:\BFU).

 

3. Restart your computer in Safe Mode

 

4. Open My Computer and navigate to the c:\BFU folder.

  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon foldericon.png and select EGDACCESS.bfu
  • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.

5. Reboot back to normal mode and post:

  • The content of the file C:\egd.txt that was created by the script.
  • The content of the folder bfubackups in your System(32) folder. This folder was also created by the script.
  • A new HijackThis log

jedi

Share this post


Link to post
Share on other sites

okay heres the rest of the logs . oh but the bfubackups folder didn't contain anything ....

 

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"

"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"

"Share-to-Web Namespace Daemon"="c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"

"CamMonitor"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe"

"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"

"AutoTBar"="C:\\hp\\bin\\autotbar.exe"

"WCOLOREAL"="\"C:\\Program Files\\Coloreal\\coloreal.exe\""

"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"

"nwiz"="nwiz.exe /install"

"PS2"="C:\\WINDOWS\\system32\\ps2.exe"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"FLSYMP"="C:\\WINDOWS\\FLSYMP.exe"

"AlcxMonitor"="ALCXMNTR.EXE"

"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"

"C:\\Program Files\\SBC Yahoo!\\Connection Manager\\ConnectionManager.exe "="SBC Yahoo! Connection Manager"

"Bart Station"="C:\\Program Files\\PeoplePC\\ISP6330\\BIN\\PPCOLink.exe -STATION"

"My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\MWSBAR.DLL,S"

"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

"pqvgjjsmu"="c:\\windows\\system32\\pqvgjjsmu.exe pqvgjjsmu"

"echraz"="c:\\windows\\system32\\echraz.exe echraz"

"hegrcl"="c:\\windows\\system32\\hegrcl.exe hegrcl"

"euptzqjwo"="c:\\windows\\system32\\euptzqjwo.exe euptzqjwo"

 

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 2:10:09 AM, on 7/20/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\VERITAS Software\Update Manager\sgtray.exe

C:\WINDOWS\system32\ps2.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\igfxtray.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\PeoplePC\ISP6330\Browser\Bartshel.exe

C:\Program Files\InterMute\SpySubtract\SpySub.exe

C:\Program Files\WinZip\WZQKPICK.EXE

c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe

C:\PROGRA~1\PeoplePC\ISP6330\Browser\PPShared.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Belle\Desktop\BeLLA\Hijack this\HiJackThis_v2.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcy/default.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcy/default...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rd.yahoo.com/mail_us/mailto/sbcy/De...?.redir=ymmapi1

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: PPCScamBHO Class - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll

O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar41.dll

O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar41.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [FLSYMP] C:\WINDOWS\FLSYMP.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe ] SBC Yahoo! Connection Manager

O4 - HKLM\..\Run: [bart Station] C:\Program Files\PeoplePC\ISP6330\BIN\PPCOLink.exe -STATION

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [pqvgjjsmu] c:\windows\system32\pqvgjjsmu.exe pqvgjjsmu

O4 - HKLM\..\Run: [echraz] c:\windows\system32\echraz.exe echraz

O4 - HKLM\..\Run: [hegrcl] c:\windows\system32\hegrcl.exe hegrcl

O4 - HKCU\..\Run: [vlnjbkqt] c:\windows\system32\vlnjbkqt.exe -start

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [iahqtdlu] c:\windows\system32\iahqtdlu.exe iahqtdlu

O4 - HKCU\..\Run: [qausvxp] c:\windows\system32\qausvxp.exe qausvxp

O4 - HKCU\..\Run: [instant Access] C:\WINDOWS\system32\linkprd.exe /res

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe

O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Belle\Start Menu\Programs\IMVU\Run IMVU.lnk

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

--

End of file - 9050 bytes

Share this post


Link to post
Share on other sites

Hi again,

 

OK, that's thinned out the Malware quite a lot, though we have a way to go yet. Next step:

 

1. Download this file - ComboFix

2. Double click combofix.exe & follow the prompts.

3. When finished, it will produce a log for you. Post that log in your next reply

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

jedi

Share this post


Link to post
Share on other sites

k heres the log it produced

 

 

 

"Belle" - 2007-07-21 3:19:03 - ComboFix 07-07-17.8 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2006

C:\DOCUME~1\Owner\APPLIC~1\WinAntiVirus Pro 2006

C:\DOCUME~1\Owner\APPLIC~1\WinAntiVirus Pro 2006\Logs\update.log

C:\DOCUME~1\Owner\APPLIC~1\WinAntiVirus Pro 2006\Logs\wa6Support.log

C:\DOCUME~1\Owner\APPLIC~1\WinAntiVirus Pro 2006\Logs\winav.log

C:\DOCUME~1\Owner\APPLIC~1\WinAntiVirus Pro 2006\PGE.dat

C:\Program Files\Common Files\companion wizard

C:\Program Files\Common Files\companion wizard\compwiz.exe

C:\Program Files\Common Files\companion wizard\WapCHK.dll

C:\Program Files\Common Files\companion wizard\WapCHK{45B628EE-6703-47AB-BB45-FF279297F734}.dll

C:\Program Files\Common Files\companion wizard\WapCHK{465A138A-D3C5-45B4-B063-2E0D2CBBCCC2}.dll

C:\Program Files\Common Files\companion wizard\WapCHK{7C73DFD3-A1B0-4311-B31E-63FF4A333661}.dll

C:\Program Files\Common Files\companion wizard\WapCHK{7C815F3D-27E1-4CFD-9833-53FF60BC0B60}.dll

C:\Program Files\Common Files\companion wizard\WapCHK{7CF35C3F-B8BA-4775-963D-5BDA9B7574D7}.dll

C:\Program Files\Common Files\companion wizard\WapCHK{9B9F59E5-978E-48DC-B0DD-223C0A9D0F41}.dll

C:\Program Files\Common Files\companion wizard\WapCHK{AEDEB73E-8EC2-4823-89FF-F54902940E5C}.dll

C:\Program Files\Common Files\companion wizard\WapCHK{DE98A4FC-CCE8-4D2A-9A9C-486DCC536A75}.dll

C:\Program Files\newdotnet

C:\WINDOWS\system32\echraz.exe

C:\WINDOWS\system32\euptzqjwo.dat

C:\WINDOWS\system32\euptzqjwo.exe

C:\WINDOWS\system32\euptzqjwo_nav.dat

C:\WINDOWS\system32\euptzqjwo_navps.dat

C:\WINDOWS\system32\hegrcl.dat

C:\WINDOWS\system32\hegrcl.exe

C:\WINDOWS\system32\ldpackage.dll

C:\WINDOWS\system32\model.dat

C:\WINDOWS\system32\nvs2.inf

C:\WINDOWS\system32\pqvgjjsmu.dat

C:\WINDOWS\system32\pqvgjjsmu.exe

C:\WINDOWS\system32\pqvgjjsmu_nav.dat

C:\WINDOWS\system32\pqvgjjsmu_navps.dat

C:\WINDOWS\system32\rlls.dll

C:\WINDOWS\system32\rlxf.dll

C:\WINDOWS\system32\silc_dll.dll

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_VSPF

 

 

((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))

 

 

2007-07-21 03:18 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-20 02:00 <DIR> d-------- C:\WINDOWS\system32\bfubackups

2007-07-20 01:49 <DIR> d-------- C:\BFU

2007-07-16 21:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DoctorWeb

2007-07-16 21:12 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback

2007-06-28 23:52 <DIR> d-------- C:\Program Files\InterMute

2007-06-28 22:36 278,528 --a------ C:\WINDOWS\system32\ttlhpu.exe

2007-06-27 01:37 43,596 --a------ C:\WINDOWS\system32\kpoedwb.exe

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-21 10:05:43 -------- d-----w C:\DOCUME~1\Belle\APPLIC~1\IMVU

2007-07-19 11:17:29 -------- d-----w C:\DOCUME~1\Belle\APPLIC~1\AdobeUM

2007-06-29 22:06:22 -------- d-----w C:\Program Files\MyWebSearch

2007-06-05 06:38:09 -------- d-----w C:\DOCUME~1\Belle\APPLIC~1\Yahoo!

2007-06-03 02:01:16 1,834,506 ----a-w C:\WINDOWS\Magic Daydreams.scr

2007-06-03 02:01:16 -------- d-----w C:\Program Files\Magic Daydreams

2007-06-03 02:00:14 2,566,313 ----a-w C:\WINDOWS\Fairy Garden of Dreams.scr

2007-06-03 01:59:19 1,896,605 ----a-w C:\WINDOWS\Enchanted Night.scr

2007-06-03 01:59:19 -------- d-----w C:\Program Files\Enchanted Night

2007-06-01 06:12:31 -------- d-----w C:\DOCUME~1\Belle\APPLIC~1\Smith Micro

2007-06-01 06:08:58 -------- d-----w C:\Program Files\Verizon Wireless

2007-06-01 06:07:24 -------- d-----w C:\Program Files\LG Drivers

2007-05-30 11:30:56 -------- d-----w C:\Program Files\themexp

2007-05-30 11:27:52 -------- d-----w C:\DOCUME~1\Belle\APPLIC~1\Help

2007-05-30 03:40:44 -------- d-----w C:\Program Files\Winamp

2007-05-30 03:40:43 -------- d-----w C:\Program Files\Simple Backup for My Pictures

2007-05-30 03:40:42 -------- d-----w C:\Program Files\Quicken

2007-05-30 03:40:40 -------- d-----w C:\Program Files\Movie Maker

2007-05-30 03:40:38 -------- d-----w C:\Program Files\Messenger

2007-05-30 03:40:36 -------- d-----w C:\Program Files\AtBackup

2007-05-30 03:38:57 -------- d-----w C:\Program Files\IMVU

2007-05-29 05:14:25 -------- d-----w C:\Program Files\FileSubmit

2007-05-27 10:18:27 -------- d-----w C:\Program Files\TGTSoft

2007-05-27 05:52:43 1,489,784 ----a-w C:\WINDOWS\Underworld.scr

2007-05-27 05:52:43 -------- d-----w C:\Program Files\Underworld

2007-05-27 05:47:57 3,828,300 ----a-w C:\WINDOWS\system32\Hentai BabeFest.scr

2007-05-27 05:43:34 149,504 ----a-w C:\WINDOWS\system32\Mpegdll.dll

2007-05-23 06:39:21 1,416 ----a-w C:\WINDOWS\mozver.dat

2007-05-21 06:49:03 94,696 ----a-w C:\WINDOWS\system32\fjlkovh.exe

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-15 06:25:26 34,834 ----a-w C:\WINDOWS\system32\pstkajwro.exe

2007-05-12 20:48:35 42,134 ----a-w C:\WINDOWS\system32\rqzzorhxl.exe

2007-05-11 07:33:45 552 ----a-w C:\WINDOWS\system32\d3d8caps.dat

2007-05-10 19:38:36 46,514 ----a-w C:\WINDOWS\system32\opedpkdlg.exe

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2003-11-10 04:53:46 271 ----a-w C:\Program Files\options.ini

2003-11-10 04:52:51 193,968 -c--a-w C:\Program Files\autosave.sav

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

2007-03-20 15:39 803864 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2003-11-03 13:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]

2006-10-31 15:29 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED}]

2006-01-19 17:43 176128 --a------ C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]

2006-01-24 17:07 220672 --a------ C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

2007-01-19 23:55 2427968 -ra------ c:\program files\google\googletoolbar41.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 19:42]

"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-06 23:23]

"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 09:01]

"AutoTBar"="C:\hp\bin\autotbar.exe" []

"WCOLOREAL"="C:\Program Files\Coloreal\coloreal.exe" []

"nwiz"="nwiz.exe" [2002-09-10 00:35 C:\WINDOWS\system32\nwiz.exe]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-01-19 12:08]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]

"C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe"="" []

"Bart Station"="C:\Program Files\PeoplePC\ISP6330\BIN\PPCOLink.exe" [2006-03-21 19:40]

"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL" []

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-19 23:24]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vlnjbkqt"="c:\windows\system32\vlnjbkqt.exe" []

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]

"iahqtdlu"="c:\windows\system32\iahqtdlu.exe" []

"qausvxp"="c:\windows\system32\qausvxp.exe" []

"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

 

C:\DOCUME~1\Belle\STARTM~1\Programs\Startup

IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe [2007-05-24 18:46:34]

V CAST Music Monitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe [2005-11-30 11:32:10]

 

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup

hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 20:08:34]

Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2002-09-20 21:20:02]

SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\SpySub.exe [2007-06-29 00:07:30]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2003-06-19 17:23:21]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoDispAppearancePage"=0 (0x0)

"NoDispBackgroundPage"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"="c:\Program Files\InterMute\SpySubtract\sshook.dll" [2007-06-29 00:07]

 

 

**************************************************************************

 

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-21 04:05:21

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:00000225

 

scanning hidden files ...

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"C:\\Program Files\\SBC Yahoo!\\Connection Manager\\ConnectionManager.exe "="SBC Yahoo! Connection Manager"

 

Completion time: 2007-07-21 4:09:43 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-07-21 04:08

 

--- E O F ---

Share this post


Link to post
Share on other sites

Hi again,

 

Open notepad and copy/paste the text in the quotebox below into it (do not include the word ‘Quote’)

 

File::

C:\WINDOWS\system32\ttlhpu.exe

C:\WINDOWS\system32\kpoedwb.exe

C:\WINDOWS\system32\fjlkovh.exe

C:\WINDOWS\system32\pstkajwro.exe

C:\WINDOWS\system32\rqzzorhxl.exe

C:\WINDOWS\system32\opedpkdlg.exe

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vlnjbkqt"=-

"iahqtdlu"=-

"qausvxp"=-

 

Save this as CFScript

 

CFScript.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

 

jedi

Share this post


Link to post
Share on other sites

ok here's both the logs

 

"Belle" - 2007-07-25 2:08:50 - ComboFix 07-07-17.8 - Service Pack 2 NTFS

Command switches used :: C:\Documents and Settings\Belle\Desktop\CFScript.txt

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\fjlkovh.exe

C:\WINDOWS\system32\kpoedwb.exe

C:\WINDOWS\system32\opedpkdlg.exe

C:\WINDOWS\system32\pstkajwro.exe

C:\WINDOWS\system32\rqzzorhxl.exe

C:\WINDOWS\system32\ttlhpu.exe

 

 

((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))

 

 

2007-07-21 03:18 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-20 02:00 <DIR> d-------- C:\WINDOWS\system32\bfubackups

2007-07-20 01:49 <DIR> d-------- C:\BFU

2007-07-16 21:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DoctorWeb

2007-07-16 21:12 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback

2007-06-28 23:52 <DIR> d-------- C:\Program Files\InterMute

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-25 07:57:17 -------- d-----w C:\DOCUME~1\Belle\APPLIC~1\IMVU

2007-07-19 11:17:29 -------- d-----w C:\DOCUME~1\Belle\APPLIC~1\AdobeUM

2007-06-29 22:06:22 -------- d-----w C:\Program Files\MyWebSearch

2007-06-05 06:38:09 -------- d-----w C:\DOCUME~1\Belle\APPLIC~1\Yahoo!

2007-06-03 02:01:16 1,834,506 ----a-w C:\WINDOWS\Magic Daydreams.scr

2007-06-03 02:01:16 -------- d-----w C:\Program Files\Magic Daydreams

2007-06-03 02:00:14 2,566,313 ----a-w C:\WINDOWS\Fairy Garden of Dreams.scr

2007-06-03 01:59:19 1,896,605 ----a-w C:\WINDOWS\Enchanted Night.scr

2007-06-03 01:59:19 -------- d-----w C:\Program Files\Enchanted Night

2007-06-01 06:12:31 -------- d-----w C:\DOCUME~1\Belle\APPLIC~1\Smith Micro

2007-06-01 06:08:58 -------- d-----w C:\Program Files\Verizon Wireless

2007-06-01 06:07:24 -------- d-----w C:\Program Files\LG Drivers

2007-05-30 11:27:52 -------- d-----w C:\DOCUME~1\Belle\APPLIC~1\Help

2007-05-30 03:40:44 -------- d-----w C:\Program Files\Winamp

2007-05-30 03:40:43 -------- d-----w C:\Program Files\Simple Backup for My Pictures

2007-05-30 03:40:42 -------- d-----w C:\Program Files\Quicken

2007-05-30 03:40:40 -------- d-----w C:\Program Files\Movie Maker

2007-05-30 03:40:38 -------- d-----w C:\Program Files\Messenger

2007-05-30 03:40:36 -------- d-----w C:\Program Files\AtBackup

2007-05-30 03:38:57 -------- d-----w C:\Program Files\IMVU

2007-05-29 05:14:25 -------- d-----w C:\Program Files\FileSubmit

2007-05-27 10:18:27 -------- d-----w C:\Program Files\TGTSoft

2007-05-27 05:52:43 1,489,784 ----a-w C:\WINDOWS\Underworld.scr

2007-05-27 05:52:43 -------- d-----w C:\Program Files\Underworld

2007-05-27 05:47:57 3,828,300 ----a-w C:\WINDOWS\system32\Hentai BabeFest.scr

2007-05-27 05:43:34 149,504 ----a-w C:\WINDOWS\system32\Mpegdll.dll

2007-05-23 06:39:21 1,416 ----a-w C:\WINDOWS\mozver.dat

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-11 07:33:45 552 ----a-w C:\WINDOWS\system32\d3d8caps.dat

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2003-11-10 04:53:46 271 ----a-w C:\Program Files\options.ini

2003-11-10 04:52:51 193,968 -c--a-w C:\Program Files\autosave.sav

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

2007-03-20 15:39 803864 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2003-11-03 13:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]

2006-10-31 15:29 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED}]

2006-01-19 17:43 176128 --a------ C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]

2006-01-24 17:07 220672 --a------ C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

2007-01-19 23:55 2427968 -ra------ c:\program files\google\googletoolbar41.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 19:42]

"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-06 23:23]

"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 09:01]

"AutoTBar"="C:\hp\bin\autotbar.exe" []

"WCOLOREAL"="C:\Program Files\Coloreal\coloreal.exe" []

"nwiz"="nwiz.exe" [2002-09-10 00:35 C:\WINDOWS\system32\nwiz.exe]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-01-19 12:08]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]

"C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe"="" []

"Bart Station"="C:\Program Files\PeoplePC\ISP6330\BIN\PPCOLink.exe" [2006-03-21 19:40]

"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL" []

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-19 23:24]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]

"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

 

C:\DOCUME~1\Belle\STARTM~1\Programs\Startup

IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe [2007-05-24 18:46:34]

V CAST Music Monitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe [2005-11-30 11:32:10]

 

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup

hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 20:08:34]

Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2002-09-20 21:20:02]

SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\SpySub.exe [2007-06-29 00:07:30]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2003-06-19 17:23:21]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoDispAppearancePage"=0 (0x0)

"NoDispBackgroundPage"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"="c:\Program Files\InterMute\SpySubtract\sshook.dll" [2007-06-29 00:07]

 

 

**************************************************************************

 

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-25 02:28:15

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"C:\\Program Files\\SBC Yahoo!\\Connection Manager\\ConnectionManager.exe "="SBC Yahoo! Connection Manager"

 

Completion time: 2007-07-25 2:30:10

C:\ComboFix-quarantined-files.txt ... 2007-07-25 02:29

C:\ComboFix2.txt ... 2007-07-21 04:09

 

--- E O F ---

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 3:39:11 AM, on 7/25/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\InterMute\SpySubtract\SpySub.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\PeoplePC\ISP6330\Browser\Bartshel.exe

C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe

c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\PROGRA~1\PeoplePC\ISP6330\Browser\PPShared.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Belle\Desktop\BeLLA\Hijack this\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rd.yahoo.com/mail_us/mailto/sbcy/De...?.redir=ymmapi1

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: PPCScamBHO Class - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll

O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar41.dll

O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar41.dll

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe ] SBC Yahoo! Connection Manager

O4 - HKLM\..\Run: [bart Station] C:\Program Files\PeoplePC\ISP6330\BIN\PPCOLink.exe -STATION

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe

O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Belle\Start Menu\Programs\IMVU\Run IMVU.lnk

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{7A6E074A-0B3E-4A57-9E6E-792D6C2C8832}: NameServer = 209.244.0.3 209.244.0.4

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

--

End of file - 7344 bytes

Share this post


Link to post
Share on other sites

Hi again,

 

Good, that's looking a lot better.

 

Let's see if there are any leftovers:

 

Please do the following:

Run a BitDefender Online scan Here and post the results.

 

jedi

Share this post


Link to post
Share on other sites

Since the issue appears to be resolved this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0