Help with various bugs on my computer
Hi, I have spent the last 2 days scanning, deleting, rebooting, rescanning my computer. I have gone through many of the threads on here trying to fix the various problems I have came across. I ran HJT and would like to know if someone could read over it and tell me if I missed anything. Any help would be greatly appreciated. Thanks. Here is my HJT log.
Lisa
Logfile of HijackThis v1.99.1
Scan saved at 5:52:32 PM, on 2/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {34985592-4E4C-420A-8A25-5F070715920C} - C:\WINDOWS\system32\byxvwvt.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\dttcsrcw.dll (file missing)
O2 - BHO: (no name) - {74ECEEAE-D6B9-45F0-B6FF-9D5F3E238DC7} - C:\WINDOWS\system32\awvvu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) - http://72.29.84.224/OCX/gwnet.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://aolsvc.aol.com/onlinegames/shapo/shapo.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://aolsvc.aol.com/onlinegames/sonydavincicode/DVCDownloaderControl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000140 (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Lisa
Logfile of HijackThis v1.99.1
Scan saved at 5:52:32 PM, on 2/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {34985592-4E4C-420A-8A25-5F070715920C} - C:\WINDOWS\system32\byxvwvt.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\dttcsrcw.dll (file missing)
O2 - BHO: (no name) - {74ECEEAE-D6B9-45F0-B6FF-9D5F3E238DC7} - C:\WINDOWS\system32\awvvu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) - http://72.29.84.224/OCX/gwnet.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://aolsvc.aol.com/onlinegames/shapo/shapo.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://aolsvc.aol.com/onlinegames/sonydavincicode/DVCDownloaderControl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000140 (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
0
This discussion has been closed.
Comments
I am currently working on your log.
I will get back to you as soon as possible.
~zami~
Lets start with this:
Please download VundoFix.exe to your desktop.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
***************************************
Please download Combofix to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply
Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
***************************************
With all other windows closed, start your HijackThis and Click "Do a System Scan Only"
Click in the check-box to the left of each of the following entries, if found:
O2 - BHO: (no name) - {34985592-4E4C-420A-8A25-5F070715920C} - C:\WINDOWS\system32\byxvwvt.dll (file missing)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\dttcsrcw.dll (file missing)
O2 - BHO: (no name) - {74ECEEAE-D6B9-45F0-B6FF-9D5F3E238DC7} - C:\WINDOWS\system32\awvvu.dll (file missing)
O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) - http://72.29.84.224/OCX/gwnet.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
Select Fix Checked
In your next reply, please include the following logs: a Fresh HijackThis, Combofix log and VundoFix report. Thanks.
vundofix log:
VundoFix V6.3.5
Checking Java version...
Java version is 1.5.0.5
Java version is 1.5.0.6
Java version is 1.5.0.9
Scan started at 9:03:26 AM 2/3/2007
Listing files found while scanning....
C:\WINDOWS\system32\dttcsrcw.dll
Beginning removal...
Performing Repairs to the registry.
Done!
----
combofix log:
"Compaq_Owner" - 07-02-03 9:35:57 Service Pack 2
ComboFix 07.02.03 - Running from: "C:\Documents and Settings\Compaq_Owner\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\install.exe
C:\WINDOWS\system32\unsvchosts.exe
C:\Program Files\Common Files\{309B3~1
C:\Program Files\outlook
C:\Program Files\winupdates
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\Common Files\{009B3~1
((((((((((((((((((((((((((((((( Files Created from 2007-01-03 to 2007-02-03 ))))))))))))))))))))))))))))))))))
2007-02-03 09:39 <DIR> d
C:\WINDOWS\ERDNT
2007-02-02 17:51 <DIR> d
C:\Program Files\Hijackthis
2007-02-02 17:36 <DIR> d
C:\VundoFix Backups
2007-02-02 17:10 <DIR> d
C:\WINDOWS\system32\Kaspersky Lab
2007-02-02 17:01 <DIR> d
C:\WINDOWS\system32\ActiveScan
2007-02-02 16:53 <DIR> d
C:\Program Files\SpywareBlaster
2007-02-02 15:16 <DIR> d
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-02 14:11 <DIR> d
C:\DOCUME~1\COMPAQ~1\Application Data\Lavasoft
2007-02-02 14:10 <DIR> d
C:\Program Files\Lavasoft
2007-02-01 21:13 277,158 ---hs---- C:\WINDOWS\system32\ddayy.dll
2007-02-01 20:11 277,251 ---hs---- C:\WINDOWS\system32\jkhff.dll
2007-02-01 19:10 277,120 ---hs---- C:\WINDOWS\system32\jkhhh.dll
2007-02-01 18:09 277,179 ---hs---- C:\WINDOWS\system32\pmkhh.dll
2007-02-01 17:07 277,161 ---hs---- C:\WINDOWS\system32\ddcyx.dll
2007-02-01 16:06 74 ---hs---- C:\WINDOWS\system32\hjkmp.ini2
2007-02-01 16:06 277,087 ---hs---- C:\WINDOWS\system32\pmkjh.dll
2007-02-01 15:05 277,258 ---hs---- C:\WINDOWS\system32\pmnno.dll
2007-02-01 14:05 277,163 ---hs---- C:\WINDOWS\system32\sstqq.dll
2007-02-01 14:00 <DIR> d
C:\DOCUME~1\evan\Application Data\AVG7
2007-02-01 09:14 <DIR> dr-h
C:\$VAULT$.AVG
2007-02-01 08:10 <DIR> d
C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-02-01 08:10 <DIR> d
C:\DOCUME~1\COMPAQ~1\Application Data\AVG7
2007-02-01 08:09 816,672 --a
C:\WINDOWS\system32\drivers\avg7core.sys
2007-02-01 08:09 4,224 --a
C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-02-01 08:09 3,968 --a
C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-01 08:09 28,416 --a
C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-02-01 08:09 18,240 --a
C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-01 08:09 <DIR> d
C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-02-01 08:09 <DIR> d
C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-02-01 08:03 76,560 --a
C:\WINDOWS\system32\drivers\tmcomm.sys
2007-01-31 22:19 277,232 ---hs---- C:\WINDOWS\system32\jkhhe.dll
2007-01-31 22:19 277,232 ---hs---- C:\WINDOWS\system32\awtsq.dll
2007-01-31 20:17 277,094 ---hs---- C:\WINDOWS\system32\mljjj.dll
2007-01-31 20:17 277,094 ---hs---- C:\WINDOWS\system32\jkhhg.dll
2007-01-31 19:16 277,283 ---hs---- C:\WINDOWS\system32\mlljj.dll
2007-01-31 19:16 277,283 ---hs---- C:\WINDOWS\system32\mljgd.dll
2007-01-31 18:15 277,280 ---hs---- C:\WINDOWS\system32\ssqpq.dll
2007-01-31 18:15 277,280 ---hs---- C:\WINDOWS\system32\mljgg.dll
2007-01-31 16:13 277,051 ---hs---- C:\WINDOWS\system32\ssttu.dll
2007-01-31 16:13 277,051 ---hs---- C:\WINDOWS\system32\ddcyy.dll
2007-01-31 15:12 277,082 ---hs---- C:\WINDOWS\system32\vtsqo.dll
2007-01-31 15:12 277,082 ---hs---- C:\WINDOWS\system32\jkkll.dll
2007-01-31 14:11 277,270 ---hs---- C:\WINDOWS\system32\jkkji.dll
2007-01-31 14:11 277,270 ---hs---- C:\WINDOWS\system32\awvvt.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\yayyxxy.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\yayywtq.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\xxyyyax.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\xxywtsp.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\xxyvwuu.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\xxyaxww.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\wvusrrs.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\vtuvspq.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\vturspo.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\tuvwwxu.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\tuvuuuv.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\ssqolmk.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\ssqolkk.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\rqrrqnk.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\rqrqrrr.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\pmnoolk.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\opnonop.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\opnlkhi.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\nnnljhf.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\mljkhge.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\mljgfgg.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\ljjjkkl.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\ljjihgg.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\khfffeb.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\khffdcb.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\jkkllll.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\jkkjjkk.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\hgghhgd.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\hggfcby.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\hggeffe.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\hggddbb.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\hggddba.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\gebyvsq.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\fcccyyv.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\efcbcdd.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\efcbccb.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\ddcdefg.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\ddcdaax.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\cbxyaya.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\byxwurs.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\byxvtqq.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\byxuvuv.dll
2007-01-31 10:37 0 --a
C:\WINDOWS\system32\awtsrol.dll
2007-01-30 14:39 <DIR> d
C:\CRAYOLA
2007-01-29 17:21 32,768 --a
C:\DOCUME~1\evan\setup.exe
2007-01-28 17:02 720,896 --a
C:\WINDOWS\iun6002ev.exe
2007-01-28 17:02 <DIR> d
C:\Program Files\Bejeweled 2 Deluxe
2007-01-25 23:38 <DIR> d
C:\WINDOWS\ie7updates
2007-01-25 12:34 <DIR> d
C:\DOCUME~1\evan\Application Data\SecondLife
2007-01-20 02:15 <DIR> d
C:\DOCUME~1\COMPAQ~1\Application Data\Creative
2007-01-16 22:17 <DIR> d
C:\DOCUME~1\evan\Application Data\Apple Computer
2007-01-16 11:48 <DIR> d
C:\DOCUME~1\evan\Application Data\HP
2007-01-15 20:31 <DIR> d
C:\DOCUME~1\evan\Application Data\Sun
2007-01-15 20:26 <DIR> d
C:\DOCUME~1\evan\WINDOWS
2007-01-15 20:26 <DIR> d
C:\DOCUME~1\evan\Application Data\Symantec
2007-01-15 20:26 <DIR> d
C:\DOCUME~1\evan\Application Data\Real
2007-01-15 20:26 <DIR> d
C:\DOCUME~1\evan\Application Data\Intuit
2007-01-15 17:46 <DIR> d
C:\Program Files\IMVU2
2007-01-08 10:20 4 --ah
C:\WINDOWS\uccspecb.sys
2007-01-07 13:40 <DIR> d
C:\DOCUME~1\ALLUSE~1\Application Data\MumboJumbo
2007-01-05 07:36 <DIR> d
C:\WINDOWS\WBEM
2007-01-05 07:36 <DIR> d
C:\WINDOWS\system32\en-US
2007-01-05 07:35 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-01-05 07:34 121,856
C:\WINDOWS\system32\xmllite.dll
2007-01-05 07:34 <DIR> d
C:\WINDOWS\network diagnostic
2007-01-05 07:31 <DIR> d
C:\Program Files\MSXML 4.0
2007-01-05 07:31 <DIR> d
C:\a90bf03d79fa7f790118
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-02 18:58
d
C:\Program Files\lx_cats
2007-02-02 18:16
d
C:\Program Files\java
2007-02-02 14:11
d
C:\Documents and Settings\Compaq_Owner\Application Data\lavasoft
2007-02-02 08:46
d
C:\Documents and Settings\Compaq_Owner\Application Data\avg7
2007-02-01 17:33
d
C:\Documents and Settings\Compaq_Owner\Application Data\imvu
2007-02-01 08:09
d
C:\Program Files\grisoft
2007-01-31 11:20 1956 --a
C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2007-01-24 17:50
d
C:\Program Files\secondlife
2007-01-21 16:30
d
C:\Program Files\imvu
2007-01-20 03:06
d
C:\Program Files\360share pro
2007-01-20 02:15
d
C:\Documents and Settings\Compaq_Owner\Application Data\creative
2007-01-09 20:23
d
C:\Program Files\yahoo! games
2007-01-06 20:52
d
C:\Program Files\lexmark fax solutions
2007-01-06 20:52
d
C:\Documents and Settings\Compaq_Owner\Application Data\faxctr
2006-12-23 23:37
d
C:\Program Files\windows media connect 2
2006-12-18 10:40 2989 --a
C:\Documents and Settings\Compaq_Owner\Application Data\patchupdate_instantsharejpg.log
2006-11-07 23:06 679424 --a
C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280
C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688
C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752
C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a
C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a
C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736
C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a
C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a
C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a
C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a
C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a
C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a
C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a
C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a
C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a
C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a
C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a
C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a
C:\WINDOWS\system32\msxml4.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Aim6"=""
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"LXCGCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCGtime.dll,_RunDLLEntry@16"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\PalStart.lnk"
"backup"="C:\\WINDOWS\\pss\\PalStart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\PALTAL~1\\palstart.exe "
"item"="PalStart"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Personal Coach.lnk"
"backup"="C:\\WINDOWS\\pss\\Personal Coach.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BRODER~1\\MAVISB~1\\MINIMA~1.EXE "
"item"="Personal Coach"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Compaq Organize.lnk]
"path"="C:\\Documents and Settings\\Compaq_Owner\\Start Menu\\Programs\\Startup\\Compaq Organize.lnk"
"backup"="C:\\WINDOWS\\pss\\Compaq Organize.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\COMPAQ~1\\bin\\DISPLA~1.EXE \"-application\" \"core.hp.main/application.xml\" \"-appname\" \"eLife\""
"item"="Compaq Organize"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Picaboo.lnk]
"path"="C:\\Documents and Settings\\Compaq_Owner\\Start Menu\\Programs\\Startup\\Picaboo.lnk"
"backup"="C:\\WINDOWS\\pss\\Picaboo.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Picaboo\\Picaboo\\PICABO~2.EXE /suppressapplication"
"item"="Picaboo"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTDetect"
"hkey"="HKCU"
"command"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DllRunning]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eukkltcu"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\eukkltcu.dll\",setvm"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ezprint"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark 2300 Series\\ezprint.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fm3032"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1160161146\\ee\\AOLSoftware.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPHSend"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxcgmon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark 2300 Series\\lxcgmon.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="exec"
"hkey"="HKCU"
"command"="C:\\Program Files\\NetZero\\exec.exe regrun"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="outlook"
"hkey"="HKLM"
"command"="C:\\Program Files\\outlook\\outlook.exe /auto"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spc_w]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nzspc"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\NZSearch\\nzspc.exe\" -w"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UrlLstCk"
"hkey"="HKLM"
"command"="c:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Save"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Save\\Save.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Media Connect 2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMCCFG"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Media Connect 2\\WMCCFG.exe\" /StartQuiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{34985592-4E4C-420A-8A25-5F070715920C}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Symantec NetDetect.job
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-03 9:44:27
hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 9:56:46 AM, on 2/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://aolsvc.aol.com/onlinegames/shapo/shapo.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://aolsvc.aol.com/onlinegames/sonydavincicode/DVCDownloaderControl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
----
Thanks again for looking at my log. Also I would like to include that my homepage has been changed and I cannot get it back to what it was before today.
Lisa
Lisa
1) Download VirtumundoBegone
2) Save VirtumundoBeGone.exe to your desktop.
3) Run VirtumundoBeGone.exe and follow the instructions. Do not worry if you see a BLUE SCREEN "Fatal Error" Message, this is normal and expected.
4) When it has finished, reboot.
Post the VBG.txt file it produces and a new HJT log...
**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**
- Make sure there are no black spaces before REGEDIT4 and there should be one blank line at the end.
- Click File at the top and then choose Save As.
- Change Save As Type to All Files.
- Name it FixME.reg and save it on your desktop.
- Double click FixME.reg. It will ask you if you want to merge it to the registry, click Yes.
**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**== Show hidden files and folders ==
Some malware files may be "hidden".
Be sure to show hidden files when looking for these file(s) and/or folder(s).
**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**
== Delete folders/files ==
1. Reboot Your System in Safe Mode
Boot to safe mode:
Instructions here
2. Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):
C:\Program Files\Save
C:\WINDOWS\iun6002ev.exe
C:\a90bf03d79fa7f790118
After all these done please empty recycle-bin.
3. Exit Explorer.
**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**¨''¨**
REBOOT BACK INTO NORMAL MODE.
== Check on status ==
After you have completed the above, please provide:
* the VBG.txt file
* a new HijackThis log
* and a description of any problems you are having with your PC
~zami~
VBG Log:
[02/07/2007, 7:32:33] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Owner\Desktop\VirtumundoBeGone.exe" )
[02/07/2007, 7:32:41] - Detected System Information:
[02/07/2007, 7:32:41] - Windows Version: 5.1.2600, Service Pack 2
[02/07/2007, 7:32:41] - Current Username: Compaq_Owner (Admin)
[02/07/2007, 7:32:41] - Windows is in NORMAL mode.
[02/07/2007, 7:32:41] - Searching for Browser Helper Objects:
[02/07/2007, 7:32:41] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[02/07/2007, 7:32:41] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/07/2007, 7:32:41] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/07/2007, 7:32:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2007, 7:32:41] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/07/2007, 7:32:41] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/07/2007, 7:32:41] - BHO 4: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[02/07/2007, 7:32:41] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/07/2007, 7:32:41] - BHO 6: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (AOL Toolbar Launcher)
[02/07/2007, 7:32:41] - Finished Searching Browser Helper Objects
[02/07/2007, 7:32:41] - Finishing up...
[02/07/2007, 7:32:41] - Nothing found! Exiting...
~~~~~
HiJackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 7:55:03 AM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://aolsvc.aol.com/onlinegames/shapo/shapo.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://aolsvc.aol.com/onlinegames/sonydavincicode/DVCDownloaderControl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
~~~
The only problems I seem to be having now is my IE is running just a little bit slower than it was, other than that everything seems to be running fine.
Thanks
Lisa~~
Thanks again
Lisa
Unzip the folder to your desktop.
- Start Killbox.exe
- Select the Delete on Reboot option.
- Click on the All Files button.
- Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:
- Go to the File menu of Killbox, and choose Paste from Clipboard.
- Click the Delete File button that is a red-and-white X. Click Yes at the Delete on Reboot prompt.
If your computer does not restart automatically, please restart it manually.C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\vtsqo.dll
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\yayyxxy.dll
C:\WINDOWS\system32\yayywtq.dll
C:\WINDOWS\system32\xxyyyax.dll
C:\WINDOWS\system32\xxywtsp.dll
C:\WINDOWS\system32\xxyvwuu.dll
C:\WINDOWS\system32\xxyaxww.dll
C:\WINDOWS\system32\wvusrrs.dll
C:\WINDOWS\system32\vtuvspq.dll
C:\WINDOWS\system32\vturspo.dll
C:\WINDOWS\system32\tuvwwxu.dll
C:\WINDOWS\system32\tuvuuuv.dll
C:\WINDOWS\system32\ssqolmk.dll
C:\WINDOWS\system32\ssqolkk.dll
C:\WINDOWS\system32\rqrrqnk.dll
C:\WINDOWS\system32\rqrqrrr.dll
C:\WINDOWS\system32\pmnoolk.dll
C:\WINDOWS\system32\opnonop.dll
C:\WINDOWS\system32\opnlkhi.dll
C:\WINDOWS\system32\nnnljhf.dll
C:\WINDOWS\system32\mljkhge.dll
C:\WINDOWS\system32\mljgfgg.dll
C:\WINDOWS\system32\ljjjkkl.dll
C:\WINDOWS\system32\ljjihgg.dll
C:\WINDOWS\system32\khfffeb.dll
C:\WINDOWS\system32\khffdcb.dll
C:\WINDOWS\system32\jkkllll.dll
C:\WINDOWS\system32\jkkjjkk.dll
C:\WINDOWS\system32\hgghhgd.dll
C:\WINDOWS\system32\hggfcby.dll
C:\WINDOWS\system32\hggeffe.dll
C:\WINDOWS\system32\hggddbb.dll
C:\WINDOWS\system32\hggddba.dll
C:\WINDOWS\system32\gebyvsq.dll
C:\WINDOWS\system32\fcccyyv.dll
C:\WINDOWS\system32\efcbcdd.dll
C:\WINDOWS\system32\efcbccb.dll
C:\WINDOWS\system32\ddcdefg.dll
C:\WINDOWS\system32\ddcdaax.dll
C:\WINDOWS\system32\cbxyaya.dll
C:\WINDOWS\system32\byxwurs.dll
C:\WINDOWS\system32\byxvtqq.dll
C:\WINDOWS\system32\byxuvuv.dll
C:\WINDOWS\system32\awtsrol.dll
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\pmkhh.dll
C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\sstqq.dll
C:\DOCUME~1\evan\setup.exe
C:\WINDOWS\iun6002ev.exe
NOTE: You must use the file File menu--pasting by right-clicking the mouse will only enter one file.
Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
Post this log in your next reply.
********************************************
Then run Combofix again:
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply
Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
********************************************
In your next reply, please include the following logs: a Fresh HijackThis and Combofix report. Thanks.
killbox log:
Pocket Killbox version 2.0.0.648
Running on Windows XP as Compaq_Owner(Administrator)
was started @ Wednesday, February 07, 2007, 1:46 PM
# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\jkhhe.dll
I Rebooted @ 1:47:18 PM
Killbox Closed(Exit) @ 1:47:49 PM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Compaq_Owner(Administrator)
was started @ Wednesday, February 07, 2007, 1:52 PM
Killbox Closed(Exit) @ 1:53:05 PM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Compaq_Owner(Administrator)
was started @ Wednesday, February 07, 2007, 2:05 PM
# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\awtsq.dll
# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\mljjj.dll
# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\jkhhg.dll
# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\mlljj.dll
# 5 [Delete on Reboot]
Path = C:\WINDOWS\system32\mljgd.dll
# 6 [Delete on Reboot]
Path = C:\WINDOWS\system32\ssqpq.dll
# 7 [Delete on Reboot]
Path = C:\WINDOWS\system32\mljgg.dll
# 8 [Delete on Reboot]
Path = C:\WINDOWS\system32\ddcyy.dll
# 9 [Delete on Reboot]
Path = C:\WINDOWS\system32\vtsqo.dll
# 10 [Delete on Reboot]
Path = C:\WINDOWS\system32\jkkll.dll
# 11 [Delete on Reboot]
Path = C:\WINDOWS\system32\jkkji.dll
# 12 [Delete on Reboot]
Path = C:\WINDOWS\system32\awvvt.dll
# 13 [Delete on Reboot]
Path = C:\WINDOWS\system32\yayyxxy.dll
# 14 [Delete on Reboot]
Path = C:\WINDOWS\system32\yayywtq.dll
# 15 [Delete on Reboot]
Path = C:\WINDOWS\system32\xxyyyax.dll
# 16 [Delete on Reboot]
Path = C:\WINDOWS\system32\xxywtsp.dll
# 17 [Delete on Reboot]
Path = C:\WINDOWS\system32\xxyvwuu.dll
# 18 [Delete on Reboot]
Path = C:\WINDOWS\system32\xxyaxww.dll
# 19 [Delete on Reboot]
Path = C:\WINDOWS\system32\wvusrrs.dll
# 20 [Delete on Reboot]
Path = C:\WINDOWS\system32\vtuvspq.dll
# 21 [Delete on Reboot]
Path = C:\WINDOWS\system32\vturspo.dll
# 22 [Delete on Reboot]
Path = C:\WINDOWS\system32\tuvwwxu.dll
# 23 [Delete on Reboot]
Path = C:\WINDOWS\system32\tuvuuuv.dll
# 24 [Delete on Reboot]
Path = C:\WINDOWS\system32\ssqolmk.dll
# 25 [Delete on Reboot]
Path = C:\WINDOWS\system32\ssqolkk.dll
# 26 [Delete on Reboot]
Path = C:\WINDOWS\system32\rqrrqnk.dll
# 27 [Delete on Reboot]
Path = C:\WINDOWS\system32\rqrqrrr.dll
# 28 [Delete on Reboot]
Path = C:\WINDOWS\system32\pmnoolk.dll
# 29 [Delete on Reboot]
Path = C:\WINDOWS\system32\opnonop.dll
# 30 [Delete on Reboot]
Path = C:\WINDOWS\system32\opnlkhi.dll
# 31 [Delete on Reboot]
Path = C:\WINDOWS\system32\nnnljhf.dll
# 32 [Delete on Reboot]
Path = C:\WINDOWS\system32\mljkhge.dll
# 33 [Delete on Reboot]
Path = C:\WINDOWS\system32\mljgfgg.dll
# 34 [Delete on Reboot]
Path = C:\WINDOWS\system32\ljjjkkl.dll
# 35 [Delete on Reboot]
Path = C:\WINDOWS\system32\ljjihgg.dll
# 36 [Delete on Reboot]
Path = C:\WINDOWS\system32\khfffeb.dll
# 37 [Delete on Reboot]
Path = C:\WINDOWS\system32\khffdcb.dll
# 38 [Delete on Reboot]
Path = C:\WINDOWS\system32\jkkllll.dll
# 39 [Delete on Reboot]
Path = C:\WINDOWS\system32\jkkjjkk.dll
# 40 [Delete on Reboot]
Path = C:\WINDOWS\system32\hgghhgd.dll
# 41 [Delete on Reboot]
Path = C:\WINDOWS\system32\hggfcby.dll
# 42 [Delete on Reboot]
Path = C:\WINDOWS\system32\hggeffe.dll
# 43 [Delete on Reboot]
Path = C:\WINDOWS\system32\hggddbb.dll
# 44 [Delete on Reboot]
Path = C:\WINDOWS\system32\hggddba.dll
# 45 [Delete on Reboot]
Path = C:\WINDOWS\system32\gebyvsq.dll
# 46 [Delete on Reboot]
Path = C:\WINDOWS\system32\fcccyyv.dll
# 47 [Delete on Reboot]
Path = C:\WINDOWS\system32\efcbcdd.dll
# 48 [Delete on Reboot]
Path = C:\WINDOWS\system32\efcbccb.dll
# 49 [Delete on Reboot]
Path = C:\WINDOWS\system32\ddcdefg.dll
# 50 [Delete on Reboot]
Path = C:\WINDOWS\system32\ddcdaax.dll
# 51 [Delete on Reboot]
Path = C:\WINDOWS\system32\cbxyaya.dll
# 52 [Delete on Reboot]
Path = C:\WINDOWS\system32\byxwurs.dll
# 53 [Delete on Reboot]
Path = C:\WINDOWS\system32\byxvtqq.dll
# 54 [Delete on Reboot]
Path = C:\WINDOWS\system32\byxuvuv.dll
# 55 [Delete on Reboot]
Path = C:\WINDOWS\system32\awtsrol.dll
# 56 [Delete on Reboot]
Path = C:\WINDOWS\system32\ddayy.dll
# 57 [Delete on Reboot]
Path = C:\WINDOWS\system32\jkhff.dll
# 58 [Delete on Reboot]
Path = C:\WINDOWS\system32\jkhhh.dll
# 59 [Delete on Reboot]
Path = C:\WINDOWS\system32\pmkhh.dll
# 60 [Delete on Reboot]
Path = C:\WINDOWS\system32\ddcyx.dll
# 61 [Delete on Reboot]
Path = C:\WINDOWS\system32\hjkmp.ini2
# 62 [Delete on Reboot]
Path = C:\WINDOWS\system32\pmkjh.dll
# 63 [Delete on Reboot]
Path = C:\WINDOWS\system32\pmnno.dll
# 64 [Delete on Reboot]
Path = C:\WINDOWS\system32\sstqq.dll
# 65 [Delete on Reboot]
Path = C:\DOCUME~1\evan\setup.exe
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 2:06:35 PM
Killbox Closed(Exit) @ 2:08:02 PM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Compaq_Owner(Administrator)
was started @ Wednesday, February 07, 2007, 2:09 PM
~~~~~~~~~~~~
combofix log:
Pocket Killbox version 2.0.0.648
Running on Windows XP as Compaq_Owner(Administrator)
was started @ Wednesday, February 07, 2007, 1:46 PM
# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\jkhhe.dll
I Rebooted @ 1:47:18 PM
Killbox Closed(Exit) @ 1:47:49 PM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Compaq_Owner(Administrator)
was started @ Wednesday, February 07, 2007, 1:52 PM
Killbox Closed(Exit) @ 1:53:05 PM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Compaq_Owner(Administrator)
was started @ Wednesday, February 07, 2007, 2:05 PM
# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\awtsq.dll
# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\mljjj.dll
# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\jkhhg.dll
# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\mlljj.dll
# 5 [Delete on Reboot]
Path = C:\WINDOWS\system32\mljgd.dll
# 6 [Delete on Reboot]
Path = C:\WINDOWS\system32\ssqpq.dll
# 7 [Delete on Reboot]
Path = C:\WINDOWS\system32\mljgg.dll
# 8 [Delete on Reboot]
Path = C:\WINDOWS\system32\ddcyy.dll
# 9 [Delete on Reboot]
Path = C:\WINDOWS\system32\vtsqo.dll
# 10 [Delete on Reboot]
Path = C:\WINDOWS\system32\jkkll.dll
# 11 [Delete on Reboot]
Path = C:\WINDOWS\system32\jkkji.dll
# 12 [Delete on Reboot]
Path = C:\WINDOWS\system32\awvvt.dll
# 13 [Delete on Reboot]
Path = C:\WINDOWS\system32\yayyxxy.dll
# 14 [Delete on Reboot]
Path = C:\WINDOWS\system32\yayywtq.dll
# 15 [Delete on Reboot]
Path = C:\WINDOWS\system32\xxyyyax.dll
# 16 [Delete on Reboot]
Path = C:\WINDOWS\system32\xxywtsp.dll
# 17 [Delete on Reboot]
Path = C:\WINDOWS\system32\xxyvwuu.dll
# 18 [Delete on Reboot]
Path = C:\WINDOWS\system32\xxyaxww.dll
# 19 [Delete on Reboot]
Path = C:\WINDOWS\system32\wvusrrs.dll
# 20 [Delete on Reboot]
Path = C:\WINDOWS\system32\vtuvspq.dll
# 21 [Delete on Reboot]
Path = C:\WINDOWS\system32\vturspo.dll
# 22 [Delete on Reboot]
Path = C:\WINDOWS\system32\tuvwwxu.dll
# 23 [Delete on Reboot]
Path = C:\WINDOWS\system32\tuvuuuv.dll
# 24 [Delete on Reboot]
Path = C:\WINDOWS\system32\ssqolmk.dll
# 25 [Delete on Reboot]
Path = C:\WINDOWS\system32\ssqolkk.dll
# 26 [Delete on Reboot]
Path = C:\WINDOWS\system32\rqrrqnk.dll
# 27 [Delete on Reboot]
Path = C:\WINDOWS\system32\rqrqrrr.dll
# 28 [Delete on Reboot]
Path = C:\WINDOWS\system32\pmnoolk.dll
# 29 [Delete on Reboot]
Path = C:\WINDOWS\system32\opnonop.dll
# 30 [Delete on Reboot]
Path = C:\WINDOWS\system32\opnlkhi.dll
# 31 [Delete on Reboot]
Path = C:\WINDOWS\system32\nnnljhf.dll
# 32 [Delete on Reboot]
Path = C:\WINDOWS\system32\mljkhge.dll
# 33 [Delete on Reboot]
Path = C:\WINDOWS\system32\mljgfgg.dll
# 34 [Delete on Reboot]
Path = C:\WINDOWS\system32\ljjjkkl.dll
# 35 [Delete on Reboot]
Path = C:\WINDOWS\system32\ljjihgg.dll
# 36 [Delete on Reboot]
Path = C:\WINDOWS\system32\khfffeb.dll
# 37 [Delete on Reboot]
Path = C:\WINDOWS\system32\khffdcb.dll
# 38 [Delete on Reboot]
Path = C:\WINDOWS\system32\jkkllll.dll
# 39 [Delete on Reboot]
Path = C:\WINDOWS\system32\jkkjjkk.dll
# 40 [Delete on Reboot]
Path = C:\WINDOWS\system32\hgghhgd.dll
# 41 [Delete on Reboot]
Path = C:\WINDOWS\system32\hggfcby.dll
# 42 [Delete on Reboot]
Path = C:\WINDOWS\system32\hggeffe.dll
# 43 [Delete on Reboot]
Path = C:\WINDOWS\system32\hggddbb.dll
# 44 [Delete on Reboot]
Path = C:\WINDOWS\system32\hggddba.dll
# 45 [Delete on Reboot]
Path = C:\WINDOWS\system32\gebyvsq.dll
# 46 [Delete on Reboot]
Path = C:\WINDOWS\system32\fcccyyv.dll
# 47 [Delete on Reboot]
Path = C:\WINDOWS\system32\efcbcdd.dll
# 48 [Delete on Reboot]
Path = C:\WINDOWS\system32\efcbccb.dll
# 49 [Delete on Reboot]
Path = C:\WINDOWS\system32\ddcdefg.dll
# 50 [Delete on Reboot]
Path = C:\WINDOWS\system32\ddcdaax.dll
# 51 [Delete on Reboot]
Path = C:\WINDOWS\system32\cbxyaya.dll
# 52 [Delete on Reboot]
Path = C:\WINDOWS\system32\byxwurs.dll
# 53 [Delete on Reboot]
Path = C:\WINDOWS\system32\byxvtqq.dll
# 54 [Delete on Reboot]
Path = C:\WINDOWS\system32\byxuvuv.dll
# 55 [Delete on Reboot]
Path = C:\WINDOWS\system32\awtsrol.dll
# 56 [Delete on Reboot]
Path = C:\WINDOWS\system32\ddayy.dll
# 57 [Delete on Reboot]
Path = C:\WINDOWS\system32\jkhff.dll
# 58 [Delete on Reboot]
Path = C:\WINDOWS\system32\jkhhh.dll
# 59 [Delete on Reboot]
Path = C:\WINDOWS\system32\pmkhh.dll
# 60 [Delete on Reboot]
Path = C:\WINDOWS\system32\ddcyx.dll
# 61 [Delete on Reboot]
Path = C:\WINDOWS\system32\hjkmp.ini2
# 62 [Delete on Reboot]
Path = C:\WINDOWS\system32\pmkjh.dll
# 63 [Delete on Reboot]
Path = C:\WINDOWS\system32\pmnno.dll
# 64 [Delete on Reboot]
Path = C:\WINDOWS\system32\sstqq.dll
# 65 [Delete on Reboot]
Path = C:\DOCUME~1\evan\setup.exe
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 2:06:35 PM
Killbox Closed(Exit) @ 2:08:02 PM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Compaq_Owner(Administrator)
was started @ Wednesday, February 07, 2007, 2:09 PM
~~~~~~~~~
Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 2:19:01 PM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://aolsvc.aol.com/onlinegames/shapo/shapo.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://aolsvc.aol.com/onlinegames/sonydavincicode/DVCDownloaderControl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Thanks for your help
Lisa
"Compaq_Owner" - 07-02-07 14:24:00 Service Pack 2
ComboFix 07.02.03 - Running from: "C:\Documents and Settings\Compaq_Owner\Desktop\cleaning tools"
((((((((((((((((((((((((((((((( Files Created from 2007-01-07 to 2007-02-07 ))))))))))))))))))))))))))))))))))
2007-02-07 13:46 <DIR> d
C:\!KillBox
2007-02-05 09:15 <DIR> d
C:\DOCUME~1\evan\Application Data\yahoo!
2007-02-03 10:43 <DIR> d
C:\DOCUME~1\ALLUSE~1\Application Data\Zylom
2007-02-03 09:39 <DIR> d
C:\WINDOWS\ERDNT
2007-02-02 17:51 <DIR> d
C:\Program Files\Hijackthis
2007-02-02 17:36 <DIR> d
C:\VundoFix Backups
2007-02-02 17:10 <DIR> d
C:\WINDOWS\system32\Kaspersky Lab
2007-02-02 17:01 <DIR> d
C:\WINDOWS\system32\ActiveScan
2007-02-02 16:53 <DIR> d
C:\Program Files\SpywareBlaster
2007-02-02 15:16 <DIR> d
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-02 14:11 <DIR> d
C:\DOCUME~1\COMPAQ~1\Application Data\Lavasoft
2007-02-02 14:10 <DIR> d
C:\Program Files\Lavasoft
2007-02-01 14:00 <DIR> d
C:\DOCUME~1\evan\Application Data\AVG7
2007-02-01 09:14 <DIR> dr-h
C:\$VAULT$.AVG
2007-02-01 08:10 <DIR> d
C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-02-01 08:10 <DIR> d
C:\DOCUME~1\COMPAQ~1\Application Data\AVG7
2007-02-01 08:09 816,672 --a
C:\WINDOWS\system32\drivers\avg7core.sys
2007-02-01 08:09 4,224 --a
C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-02-01 08:09 3,968 --a
C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-01 08:09 28,416 --a
C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-02-01 08:09 18,240 --a
C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-01 08:09 <DIR> d
C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-02-01 08:09 <DIR> d
C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-02-01 08:03 76,560 --a
C:\WINDOWS\system32\drivers\tmcomm.sys
2007-01-31 16:13 277,051 ---hs---- C:\WINDOWS\system32\ssttu.dll
2007-01-30 14:39 <DIR> d
C:\CRAYOLA
2007-01-28 17:02 <DIR> d
C:\Program Files\Bejeweled 2 Deluxe
2007-01-25 23:38 <DIR> d
C:\WINDOWS\ie7updates
2007-01-25 12:34 <DIR> d
C:\DOCUME~1\evan\Application Data\SecondLife
2007-01-20 02:15 <DIR> d
C:\DOCUME~1\COMPAQ~1\Application Data\Creative
2007-01-16 22:17 <DIR> d
C:\DOCUME~1\evan\Application Data\Apple Computer
2007-01-16 11:48 <DIR> d
C:\DOCUME~1\evan\Application Data\HP
2007-01-15 20:31 <DIR> d
C:\DOCUME~1\evan\Application Data\Sun
2007-01-15 20:26 <DIR> d
C:\DOCUME~1\evan\WINDOWS
2007-01-15 20:26 <DIR> d
C:\DOCUME~1\evan\Application Data\Symantec
2007-01-15 20:26 <DIR> d
C:\DOCUME~1\evan\Application Data\Real
2007-01-15 20:26 <DIR> d
C:\DOCUME~1\evan\Application Data\Intuit
2007-01-15 17:46 <DIR> d
C:\Program Files\IMVU2
2007-01-08 10:20 4 --ah
C:\WINDOWS\uccspecb.sys
2007-01-07 13:40 <DIR> d
C:\DOCUME~1\ALLUSE~1\Application Data\MumboJumbo
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-05 08:56
d
C:\Program Files\eudemons online
2007-02-04 17:11
d
C:\DOCUME~1\COMPAQ~1\Application Data\imvu
2007-02-02 18:58
d
C:\Program Files\lx_cats
2007-02-02 18:16
d
C:\Program Files\java
2007-02-01 08:09
d
C:\Program Files\grisoft
2007-01-31 11:20 1956 --a
C:\DOCUME~1\COMPAQ~1\Application Data\wklnhst.dat
2007-01-24 17:50
d
C:\Program Files\secondlife
2007-01-21 16:30
d
C:\Program Files\imvu
2007-01-20 03:06
d
C:\Program Files\360share pro
2007-01-09 20:23
d
C:\Program Files\yahoo! games
2007-01-06 20:52
d
C:\Program Files\lexmark fax solutions
2007-01-06 20:52
d
C:\DOCUME~1\COMPAQ~1\Application Data\faxctr
2007-01-05 07:31
d
C:\Program Files\msxml 4.0
2006-12-23 23:37
d
C:\Program Files\windows media connect 2
2006-12-18 10:40 2989 --a
C:\DOCUME~1\COMPAQ~1\Application Data\patchupdate_instantsharejpg.log
2006-11-07 23:06 679424 --a
C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280
C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688
C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752
C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a
C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a
C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736
C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a
C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a
C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a
C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a
C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a
C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a
C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a
C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a
C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a
C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a
C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a
C:\WINDOWS\system32\ieakui.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Aim6"=""
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"LXCGCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCGtime.dll,_RunDLLEntry@16"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\PalStart.lnk"
"backup"="C:\\WINDOWS\\pss\\PalStart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\PALTAL~1\\palstart.exe "
"item"="PalStart"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Personal Coach.lnk"
"backup"="C:\\WINDOWS\\pss\\Personal Coach.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BRODER~1\\MAVISB~1\\MINIMA~1.EXE "
"item"="Personal Coach"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Compaq Organize.lnk]
"path"="C:\\Documents and Settings\\Compaq_Owner\\Start Menu\\Programs\\Startup\\Compaq Organize.lnk"
"backup"="C:\\WINDOWS\\pss\\Compaq Organize.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\COMPAQ~1\\bin\\DISPLA~1.EXE \"-application\" \"core.hp.main/application.xml\" \"-appname\" \"eLife\""
"item"="Compaq Organize"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Picaboo.lnk]
"path"="C:\\Documents and Settings\\Compaq_Owner\\Start Menu\\Programs\\Startup\\Picaboo.lnk"
"backup"="C:\\WINDOWS\\pss\\Picaboo.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Picaboo\\Picaboo\\PICABO~2.EXE /suppressapplication"
"item"="Picaboo"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTDetect"
"hkey"="HKCU"
"command"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ezprint"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark 2300 Series\\ezprint.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fm3032"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1160161146\\ee\\AOLSoftware.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPHSend"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxcgmon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark 2300 Series\\lxcgmon.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="exec"
"hkey"="HKCU"
"command"="C:\\Program Files\\NetZero\\exec.exe regrun"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="outlook"
"hkey"="HKLM"
"command"="C:\\Program Files\\outlook\\outlook.exe /auto"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spc_w]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nzspc"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\NZSearch\\nzspc.exe\" -w"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UrlLstCk"
"hkey"="HKLM"
"command"="c:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Media Connect 2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMCCFG"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Media Connect 2\\WMCCFG.exe\" /StartQuiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{34985592-4E4C-420A-8A25-5F070715920C}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Symantec NetDetect.job
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-07 14:25:12
C:\ComboFix2.txt ... 07-02-07 14:17
C:\ComboFix3.txt ... 07-02-07 13:58
- Start Killbox.exe
- Select the Delete on Reboot option.
- Click on the All Files button.
- Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:
- Go to the File menu of Killbox, and choose Paste from Clipboard.
- Click the Delete File button that is a red-and-white X. Click Yes at the Delete on Reboot prompt.
If your computer does not restart automatically, please restart it manually.C:\WINDOWS\system32\ssttu.dll
NOTE: You must use the file File menu--pasting by right-clicking the mouse will only enter one file.
Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
Post this log in your next reply.
***************************
Now we'll need to remove a couple of registry entries.
Please open Notepad, and copy/paste the code in the box below into a new text file.
Save it as fix.reg (set Filetype to "All Files") and save it on your Desktop.
Now Locate and DoubleClick fix.reg-> Allow it to merge into the Registry!
Help
***************************
Please follow the instructions provided, you may want to print out these instructions and use them as a reference:
AVG Anti-Spyware only works on Windows 2000 and Windows XP (32-Bit)
First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.
This is a 30 day trial of the program
- Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
- Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
- On the main screen select the icon "Update" then select the "Update now" link.
- Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
- Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
- Under "Reports"
Close AVG Anti-Spyware, Do Not run a scan yet!* Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"
Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Once the scan is complete do the following:
(make sure to remember where you saved that file, this is important).
***************************
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 6 .
- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement".
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on the download to install the newest version.
***************************In your next reply, please include the following logs: AVG A-S log, a Fresh HijackThis and Killbox report. Thanks.
Killbox :
Pocket Killbox version 2.0.0.648
Running on Windows XP as Compaq_Owner(Administrator)
was started @ Thursday, February 08, 2007, 6:49 PM
# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\ssttu.dll
I Rebooted @ 6:50:25 PM
Killbox Closed(Exit) @ 6:50:26 PM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Compaq_Owner(Administrator)
was started @ Thursday, February 08, 2007, 6:52 PM
~~~~~~~~~~~~~~
AVG report:
AVG Anti-Spyware - Scan Report
+ Created at: 7:20:18 AM 2/9/2007
+ Scan result:
C:\Program Files\Hijackthis\backups\backup-20070203-095556-907.dll -> Adware.Coupons : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP314\A0067739.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gtdownls_95.ocx -> Adware.Gdown : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc1\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc1\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc2\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc2\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP310\A0065815.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP310\A0065826.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP310\A0065887.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP311\A0067146.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP311\A0067147.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP311\A0067162.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP311\A0067163.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP311\A0067390.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP313\A0067630.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\byxvwvt.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP311\A0067401.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP314\A0067700.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20070203-095556-797.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).
C:\Program Files\MyKazaaGold\giFT\giFT.dll -> Not-A-Virus.PornTool.Win32.Porn2Peer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\evan\Cookies\evan@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\evan\Cookies\evan@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\evan\Cookies\evan@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP313\A0067608.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP311\A0067151.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP312\A0067497.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP311\A0067127.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP311\A0067129.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP311\A0067145.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP312\A0067513.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
::Report end
~~~~~~~~
Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 7:40:45 AM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\internet explorer\iexplore.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://aolsvc.aol.com/onlinegames/shapo/shapo.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://aolsvc.aol.com/onlinegames/sonydavincicode/DVCDownloaderControl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Thanks for your help. Does it look like there is an end in sight or is it still completely messed up?
Lisa~~
How's the system running now?
You can delete all of the tools that I had you download for us to use.
I'd recommend keeping AVG Anti-Spyware, as it's an excellent program that will compliment your antivirus protection.
Lastly, Let's reset system restore:
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows.
The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files:
You will lose all previous restore points which are likely to be infected.
Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Lisa
If you need this topic reopened, please request this by sending the moderating team
a PM, with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.