Screen Freeze, HijackThis Log(RESOLVED)

xlaurax · #1 (**permalink**) 01-06-2007, 02:25 AM

Hi, can someone have a look at my HijackThis Log please, PC is not quite right my screen is freezing and I need to close and restart process explorer.exe to get it going. Explorer.exe is running at a higher mem usage than usual 51,000 and rising as a type this. A few unwanted pop-ups too. I've ran ad-aware and spybot&destroy and removed a surprising amount of unwanted stuff, also ran TuneUpUtillities07 reg optimizer to fix reg errors, stopped and restarted windows restore function to delete restore points but there seems to be something lurking somewhere.
Thanx, Laura

Logfile of HijackThis v1.99.1
Scan saved at 02:12:57, on 01/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\WIFI_LINK\WL_Utility\srvany.exe
C:\Program Files\WIFI_LINK\WL_Utility\ZyDummyZD11B-BG.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
C:\WINDOWS\system32\taskmgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\YTBSDK.e xe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/yco.../info/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.0.2:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O1 - Hosts: 207.210.117.53 www.winmx.com
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\jssceyhf.dll",realset
O4 - HKLM\..\Run: [j0291032] rundll32 C:\WINDOWS\system32\j0291032.dll sook
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\swakebhj.dll",realset
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZK
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\laura\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigital.com/HMV.Digit...Downloader.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st_current.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://game7.bigfishgames.com/Reef/e...s.1.0.0.24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xlauraxspacex.spaces.live.com...d/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/c...jolauncher.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmana...agerPlugin.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://game7.bigfishgames.com/Reef/e...loader_v10.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ZyDAS1211BBG - Unknown owner - C:\Program Files\WIFI_LINK\WL_Utility\srvany.exe

Neal · #2 (**permalink**) 01-06-2007, 03:03 AM

Looks like you are running Mcafee and I also see some symantec in your HJT log, You should uninstall one of them, two will cause great problems.

Please go to hijackthis.exe and right click on it and then click on rename and rename it to foolyou.exe, press enter
and post a new log from the newly renamed hijackthis.exe. Sometimes malware hides from hijackthis.exe.

Thanks,

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

1. Download this file - COMBOFIX
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Post a new hijackthis log also please RENAMED

xlaurax · #3 (**permalink**) 01-06-2007, 03:32 AM

I had uninstalled Symantec before McAfee, its not on my list on add and remove programs. On Hijack This uninstall list theres an entry

"Symantec KB-DocID:2003093015493306"

and if I search files on pc theres a few folders come up but theres no uninstallation file. Will I use hijack this to remove entry?

Neal · #4 (**permalink**) 01-06-2007, 05:03 AM

Symantec has a removal tool for uninstalling all symanted products:

http://service1.symantec.com/SUPPORT...05033108162039

Logs from the scans please. Thanks.

xlaurax · #5 (**permalink**) 01-06-2007, 05:27 AM

Ran Symantec removal tool,
hijack this log:-
Logfile of HijackThis v1.99.1
Scan saved at 05:22:05, on 01/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\WIFI_LINK\WL_Utility\srvany.exe
C:\Program Files\WIFI_LINK\WL_Utility\ZyDummyZD11B-BG.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\Foolyou.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/yco.../info/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.0.2:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O1 - Hosts: 207.210.117.53 www.winmx.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {332914D4-1277-445F-AF05-C43ECC6FE71A} - C:\WINDOWS\system32\mljge.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6148028B-D532-4417-8C0B-5A4A0B745393} - C:\WINDOWS\system32\gebxuur.dll
O2 - BHO: (no name) - {6CA8244F-EF9B-4AB2-9C55-352526B88F48} - C:\WINDOWS\system32\brigvtlt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\vohrwijs.dll
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\mqdbvfyl.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\jssceyhf.dll",realset
O4 - HKLM\..\Run: [j0291032] rundll32 C:\WINDOWS\system32\j0291032.dll sook
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\swakebhj.dll",realset
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZK
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\laura\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigital.com/HMV.Digit...Downloader.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st_current.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://game7.bigfishgames.com/Reef/e...s.1.0.0.24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xlauraxspacex.spaces.live.com...d/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/c...jolauncher.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmana...agerPlugin.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://game7.bigfishgames.com/Reef/e...loader_v10.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebxuur - C:\WINDOWS\SYSTEM32\gebxuur.dll
O20 - Winlogon Notify: mljge - C:\WINDOWS\system32\mljge.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ZyDAS1211BBG - Unknown owner - C:\Program Files\WIFI_LINK\WL_Utility\srvany.exe

vundofix log in a min

xlaurax · #6 (**permalink**) 01-06-2007, 05:42 AM

VundoFix V6.4.1

Checking Java version...

Scan started at 03:47:21 01/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\ajntmdma.ini
C:\WINDOWS\system32\amdmtnja.dll
C:\WINDOWS\system32\ccinwyql.dll
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.ini2
C:\WINDOWS\system32\egjlm.tmp
C:\WINDOWS\system32\eylnnohw.ini
C:\WINDOWS\system32\fhyecssj.ini
C:\WINDOWS\system32\fnevbehj.dll
C:\WINDOWS\system32\gebxuur.dll
C:\WINDOWS\system32\jhbekaws.ini
C:\WINDOWS\system32\jhebvenf.ini
C:\WINDOWS\system32\jssceyhf.dll
C:\WINDOWS\system32\kkysemro.dll
C:\WINDOWS\system32\lqywnicc.ini
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\njduneir.ini
C:\WINDOWS\system32\rienudjn.dll
C:\WINDOWS\system32\swakebhj.dll
C:\WINDOWS\system32\uadiipay.dll
C:\WINDOWS\system32\whonnlye.dll
C:\WINDOWS\system32\yapiidau.ini

VundoFix V6.4.1

Checking Java version...

Scan started at 05:26:55 01/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\ajntmdma.ini
C:\WINDOWS\system32\amdmtnja.dll
C:\WINDOWS\system32\ccinwyql.dll
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.ini2
C:\WINDOWS\system32\egjlm.tmp
C:\WINDOWS\system32\eylnnohw.ini
C:\WINDOWS\system32\fhyecssj.ini
C:\WINDOWS\system32\fnevbehj.dll
C:\WINDOWS\system32\gebxuur.dll
C:\WINDOWS\system32\jhbekaws.ini
C:\WINDOWS\system32\jhebvenf.ini
C:\WINDOWS\system32\jssceyhf.dll
C:\WINDOWS\system32\kkysemro.dll
C:\WINDOWS\system32\lqywnicc.ini
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\mqdbvfyl.dll
C:\WINDOWS\system32\njduneir.ini
C:\WINDOWS\system32\rienudjn.dll
C:\WINDOWS\system32\swakebhj.dll
C:\WINDOWS\system32\uadiipay.dll
C:\WINDOWS\system32\whonnlye.dll
C:\WINDOWS\system32\yapiidau.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ajntmdma.ini
C:\WINDOWS\system32\ajntmdma.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\amdmtnja.dll
C:\WINDOWS\system32\amdmtnja.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ccinwyql.dll
C:\WINDOWS\system32\ccinwyql.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\egjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\egjlm.ini2
C:\WINDOWS\system32\egjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\egjlm.tmp
C:\WINDOWS\system32\egjlm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\eylnnohw.ini
C:\WINDOWS\system32\eylnnohw.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhyecssj.ini
C:\WINDOWS\system32\fhyecssj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fnevbehj.dll
C:\WINDOWS\system32\fnevbehj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebxuur.dll
C:\WINDOWS\system32\gebxuur.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jhbekaws.ini
C:\WINDOWS\system32\jhbekaws.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jhebvenf.ini
C:\WINDOWS\system32\jhebvenf.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jssceyhf.dll
C:\WINDOWS\system32\jssceyhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kkysemro.dll
C:\WINDOWS\system32\kkysemro.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lqywnicc.ini
C:\WINDOWS\system32\lqywnicc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\mljge.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mqdbvfyl.dll
C:\WINDOWS\system32\mqdbvfyl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\njduneir.ini
C:\WINDOWS\system32\njduneir.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rienudjn.dll
C:\WINDOWS\system32\rienudjn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\swakebhj.dll
C:\WINDOWS\system32\swakebhj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uadiipay.dll
C:\WINDOWS\system32\uadiipay.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\whonnlye.dll
C:\WINDOWS\system32\whonnlye.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yapiidau.ini
C:\WINDOWS\system32\yapiidau.ini Has been deleted!

Performing Repairs to the registry.
Done!

xlaurax · #7 (**permalink**) 01-06-2007, 05:43 AM

Logfile of HijackThis v1.99.1
Scan saved at 05:43, on 2007-06-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\WIFI_LINK\WL_Utility\srvany.exe
C:\Program Files\WIFI_LINK\WL_Utility\ZyDummyZD11B-BG.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\YTBSDK.e xe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\Foolyou.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.0.2:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O1 - Hosts: 207.210.117.53 www.winmx.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {332914D4-1277-445F-AF05-C43ECC6FE71A} - C:\WINDOWS\system32\mljge.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6CA8244F-EF9B-4AB2-9C55-352526B88F48} - C:\WINDOWS\system32\brigvtlt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\vohrwijs.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [j0291032] rundll32 C:\WINDOWS\system32\j0291032.dll sook
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZK
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\laura\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigital.com/HMV.Digit...Downloader.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st_current.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://game7.bigfishgames.com/Reef/e...s.1.0.0.24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xlauraxspacex.spaces.live.com...d/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/c...jolauncher.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmana...agerPlugin.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://game7.bigfishgames.com/Reef/e...loader_v10.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ZyDAS1211BBG - Unknown owner - C:\Program Files\WIFI_LINK\WL_Utility\srvany.exe

xlaurax · #8 (**permalink**) 01-06-2007, 05:46 AM

"laura" - 2007-06-01 5:44:14 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\laura\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))

C:\WINDOWS\system32\nyicegvt.dll
C:\WINDOWS\system32\pprqamkj.dll
C:\WINDOWS\system32\urfposte.dll
C:\WINDOWS\system32\vohrwijs.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"C:\Temp\17O7\tmpTF.log"
"C:\WINDOWS\DOWNLO~1.\PiratePoppers.1.0.0.24\asset s\ball_3.jpg"
"C:\WINDOWS\DOWNLO~1.\PiratePoppers.1.0.0.24\asset s\ball_5.jpg"
"C:\WINDOWS\DOWNLO~1.\PiratePoppers.1.0.0.24\asset s\map_e.jpg"
"C:\WINDOWS\DOWNLO~1.\PiratePoppers.1.0.0.24\asset s\map_h.jpg"
"C:\WINDOWS\DOWNLO~1.\PiratePoppers.1.0.0.24\asset s\sfx_explosion.ogg"
"C:\WINDOWS\DOWNLO~1.\PiratePoppers.1.0.0.24\asset s\sfx_startlevel.ogg"
"C:\WINDOWS\DOWNLO~1.\PiratePoppers.1.0.0.24\asset s\_explosion1.jpg"
"C:\WINDOWS\DOWNLO~1.\PiratePoppers.1.0.0.24\asset s\_hrzarrows.png"
"C:\WINDOWS\DOWNLO~1.\PiratePoppers.1.0.0.24\asset s\_pw_cbb.alpha.jpg"
"C:\WINDOWS\DOWNLO~1.\PiratePoppers.1.0.0.24\asset s\_pw_reverse.jpg"
"C:\WINDOWS\DOWNLO~1.\PiratePoppers.1.0.0.24\asset s\_pw_speedshot.jpg"
"C:\WINDOWS\system32\nvs2.inf"
"C:\WINDOWS\system32\smpi1"
"C:\Temp\17O7"
"C:\WINDOWS\DOWNLO~1.\PiratePoppers.1.0.0.24"

((((((((((((((((((((((((((((((( Files Created from 2007-05-01 to 2007-06-01 ))))))))))))))))))))))))))))))))))

2007-06-01 03:47 <DIR> d-------- C:\VundoFix Backups
2007-05-31 01:08 32,768 --a------ C:\WINDOWS\system\plugin.dll
2007-05-31 01:07 210,944 --a------ C:\WINDOWS\system\MSVCRT10.DLL
2007-05-30 21:58 <DIR> d-------- C:\Program Files\Common Files\Jasc Software Inc
2007-05-30 21:57 <DIR> d-------- C:\Program Files\Jasc Software Inc
2007-05-30 21:57 <DIR> d-------- C:\DOCUME~1\laura\APPLIC~1\Jasc Software Inc
2007-05-30 20:10 <DIR> d-------- C:\DOCUME~1\laura\APPLIC~1\uTorrent
2007-05-30 19:56 14,868 --a------ C:\WINDOWS\system32\htjycqrr.exe
2007-05-30 19:56 10,752 --a------ C:\WINDOWS\system32\j0291032.dll
2007-05-30 19:37 14,868 --a------ C:\WINDOWS\system32\behcljuo.exe
2007-05-30 19:37 10,752 --a------ C:\WINDOWS\system32\j4201536.dll
2007-05-30 19:25 14,868 --a------ C:\WINDOWS\system32\cifkgdsx.exe
2007-05-30 19:25 10,752 --a------ C:\WINDOWS\system32\j4291733.dll
2007-05-30 19:23 14,868 --a------ C:\WINDOWS\system32\evcxydnw.exe
2007-05-30 19:23 10,752 --a------ C:\WINDOWS\system32\j2291831.dll
2007-05-30 19:21 14,868 --a------ C:\WINDOWS\system32\pdlyfkpv.exe
2007-05-30 19:21 10,752 --a------ C:\WINDOWS\system32\j6201038.dll
2007-05-30 19:14 88 -r-hs---- C:\WINDOWS\system32\FAB3C8B792.sys
2007-05-30 19:13 <DIR> d-------- C:\DOCUME~1\laura\APPLIC~1\Corel
2007-05-30 19:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-05-30 19:11 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-30 18:30 14,868 --a------ C:\WINDOWS\system32\swqembbr.exe
2007-05-30 18:24 14,868 --a------ C:\WINDOWS\system32\hiqcuusn.exe
2007-05-30 18:24 14,868 --a------ C:\WINDOWS\system32\crumvydh.exe
2007-05-30 18:24 10,752 --a------ C:\WINDOWS\system32\j9271335.dll
2007-05-30 18:24 10,752 --a------ C:\WINDOWS\system32\j7211435.dll
2007-05-30 18:22 14,868 --a------ C:\WINDOWS\system32\krkfvxnr.exe
2007-05-30 18:22 10,752 --a------ C:\WINDOWS\system32\j1281438.dll
2007-05-30 18:21 14,868 --a------ C:\WINDOWS\system32\dfeqscrb.exe
2007-05-30 18:21 10,752 --a------ C:\WINDOWS\system32\j5291739.dll
2007-05-28 04:26 124,436 --a------ C:\WINDOWS\system32\brigvtlt.dll
2007-05-28 03:59 124,436 --a------ C:\WINDOWS\system32\tkpibaae.dll
2007-05-28 01:14 124,436 --a------ C:\WINDOWS\system32\pajafuhd.dll
2007-05-23 23:06 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-05-23 23:06 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-05-23 22:19 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-05-22 16:32 4,262 --a------ C:\WINDOWS\system32\uhlrgtocma.dat
2007-05-22 16:32 356,352 --a------ C:\WINDOWS\system32\uhlrgtocma.exe
2007-05-22 16:32 294 --a------ C:\WINDOWS\system32\uhlrgtocma_navps.dat
2007-05-22 16:32 259,113 --a------ C:\WINDOWS\system32\uhlrgtocma_nav.dat
2007-05-16 19:11 <DIR> d-------- C:\Poker
2007-05-14 16:07 <DIR> d-------- C:\Program Files\AHK BBCodeWriter
2007-05-11 19:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
2007-05-11 18:54 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-11 18:41 <DIR> d-------- C:\Program Files\PCPitstop
2007-05-11 18:14 <DIR> d-------- C:\DOCUME~1\laura\APPLIC~1\True Sword
2007-05-11 18:13 <DIR> d-------- C:\Program Files\True Sword 4
2007-05-11 05:37 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-11 05:37 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-11 05:37 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-11 05:37 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-05 20:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\TuneUp Software
2007-05-05 19:34 <DIR> d-------- C:\WINDOWS\CSC
2007-05-05 19:02 <DIR> d-------- C:\Inetpub
2007-05-05 16:32 6,553,600 --a------ C:\Documents and Settings\laura\ntuser.dat
2007-05-05 16:32 6,553,600 --a------ C:\DOCUME~1\laura\ntuser.dat
2007-05-04 14:46 <DIR> d-------- C:\DOCUME~1\laura\APPLIC~1\Viewpoint
2007-05-04 14:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-05-04 14:41 <DIR> d-------- C:\Program Files\AIM6
2007-05-04 09:15 167 --a------ C:\Documents and Settings\laura\5126.bat
2007-05-04 09:15 167 --a------ C:\DOCUME~1\laura\5126.bat
2007-05-04 08:59 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\McAfee.com Personal Firewall
2007-05-03 19:17 271,574 --a------ C:\Temp\gorPEURO.exe
2007-05-03 19:17 167 --a------ C:\WINDOWS\system32\5914.bat
2007-05-03 19:17 <DIR> d-------- C:\WINDOWS\system32\SBO
2007-05-03 19:17 <DIR> d-------- C:\Temp
2007-05-03 19:16 32,768 --a------ C:\WINDOWS\system32\setup9x.exe
2007-05-03 19:16 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

2007-06-01 04:11:10 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-01 02:45:32 -------- d-----w C:\Program Files\MxMonitor
2007-06-01 02:43:40 -------- d-----w C:\Program Files\Web Page Maker V2
2007-05-30 21:15:18 -------- d-----w C:\Program Files\PartyGaming
2007-05-30 18:12:58 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-21 21

58 -------- d-----w C:\Program Files\MSN Messenger
2007-05-21 21

58 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-05-13 14:06:57 -------- d-----w C:\Program Files\DivX
2007-05-11 18:10:57 -------- d-----w C:\Program Files\WinAce
2007-05-11 18:10:57 -------- d-----w C:\Program Files\Microsoft Works
2007-05-05 02:36:47 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-04 13:55:39 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-04 13:42:12 -------- d-----w C:\Program Files\Viewpoint
2007-05-02 12:19:12 -------- d-----w C:\DOCUME~1\laura\APPLIC~1\IMVU
2007-05-02 12:19:06 -------- d-----w C:\Program Files\IMVU
2007-04-25 20:45:47 -------- d-----w C:\Program Files\McAfee.com
2007-04-24 16:58:42 -------- d-----w C:\Program Files\LimeWire
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-22 16:28:25 -------- d-----w C:\Program Files\WinMX
2007-04-22 16:07:40 -------- d-----w C:\Program Files\Yahoo!
2007-04-22 15

24 -------- d-----w C:\DOCUME~1\laura\APPLIC~1\iolo
2007-04-20 17:19:33 -------- d-----w C:\Program Files\Panicware
2007-04-19 19:24:17 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 20:40:29 -------- d-----w C:\DOCUME~1\laura\APPLIC~1\McAfee
2007-04-17 14:41:14 -------- d-----w C:\DOCUME~1\laura\APPLIC~1\Google
2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-15 17:00:45 -------- d-----w C:\DOCUME~1\laura\APPLIC~1\McAfee.com Personal Firewall
2007-04-15 15:14:01 -------- d-----w C:\DOCUME~1\laura\APPLIC~1\Lavasoft
2007-04-15 15:13:49 -------- d-----w C:\Program Files\Lavasoft
2007-04-14 22:18:50 -------- d-----w C:\Program Files\McAfee
2007-04-13 00:46:31 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-04-07 16:58:45 -------- d-----w C:\Program Files\Super Granny 3
2007-04-06 18:53:08 -------- d-----w C:\Program Files\Belarc
2007-04-05 22:49:03 -------- d-----w C:\Program Files\Sky Broadband
2007-04-04 17:51:31 -------- d-----w C:\DOCUME~1\laura\APPLIC~1\FunWebProducts
2007-03-27 13:12:19 0 ----a-w C:\WINDOWS\css020.dat
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2004-08-10 20:00:00 849,089 --sh--w C:\WINDOWS\Fonts\lsass.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2006-10-26 12:28]
{332914D4-1277-445F-AF05-C43ECC6FE71A}=C:\WINDOWS\system32\mljge.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{6CA8244F-EF9B-4AB2-9C55-352526B88F48}=C:\WINDOWS\system32\brigvtlt.dll [2007-05-28 04:26]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 13:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"@"="" []
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent .exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupda te.exe" [2006-01-11 12:05]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray. exe" [2005-11-11 17:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\PO P-UP~1\PSFree.exe" [2005-03-17 11:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\R oyale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale. theme

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"WindowsUpdate"=rundll32.exe "C:\WINDOWS\system32\qrffjetv.dll",realset
"setup"=rundll32.exe "C:\WINDOWS\system32\ccinwyql.dll",realset

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
UxTuneUp

Contents of the 'Scheduled Tasks' folder
2007-05-31 13:35:20 C:\WINDOWS\tasks\User_Feed_Synchronization-{AA698DD4-09EC-48A3-9C02-BF0C55E70BC9}.job

************************************************** ******************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-01 05:45:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ******************

Completion time: 2007-06-01 5:45:35
C:\ComboFix-quarantined-files.txt ... 2007-06-01 05:45

--- E O F ---

xlaurax · #9 (**permalink**) 02-06-2007, 02:13 AM

Well it's seamed to have fix the problem Thanx Neil.

Neal · #10 (**permalink**) 02-06-2007, 04:09 AM

Not quite done yet got to do some research on files that showed up in combofix log.

Be back soon.