Infected again Malware
Here is a Highjack this log....thanks
Logfile of HijackThis v1.99.1
Scan saved at 2:48:04 PM, on 04/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\utilities\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\UTILIT~1\AVG\avgamsvr.exe
G:\UTILIT~1\AVG\avgupsvc.exe
G:\UTILIT~1\AVG\avgemc.exe
G:\WINDOWS\System32\GEARSec.exe
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\WINDOWS\System32\HPZipm12.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
G:\UTILIT~1\AVG\avgcc.exe
G:\utilities\iTunes\iTunesHelper.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Utilities\Poppy\Poppy.exe
G:\Utilities\iPod\bin\iPodService.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\rundll32.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
G:\Utilities\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl/index.php?switchto=nfos&menu=sections§ionid=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [dvd43] G:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] G:\UTILIT~1\AVG\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "G:\utilities\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SBI] G:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\WP0Q1EIL\installer_sbd_en[2].exe
O4 - HKLM\..\Run: [BM57ab7719] Rundll32.exe "G:\WINDOWS\system32\jyneuvah.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "G:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "G:\WINDOWS\TEMP\E_S1EB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [uTorrent] "G:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: Poppy for Windows.lnk = G:\Utilities\Poppy\Poppy.exe
O4 - Startup: Secunia PSI (RC1).lnk = G:\Utilities\Secunia\PSI (RC1)\psi.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\utilities\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\UTILIT~1\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\UTILIT~1\AVG\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\UTILIT~1\AVG\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: Microsoft .NET Framework v1.1.4322 Update (NetFxUpdate_v1.1.4322) - Unknown owner - G:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Logfile of HijackThis v1.99.1
Scan saved at 2:48:04 PM, on 04/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\utilities\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\UTILIT~1\AVG\avgamsvr.exe
G:\UTILIT~1\AVG\avgupsvc.exe
G:\UTILIT~1\AVG\avgemc.exe
G:\WINDOWS\System32\GEARSec.exe
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\WINDOWS\System32\HPZipm12.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
G:\UTILIT~1\AVG\avgcc.exe
G:\utilities\iTunes\iTunesHelper.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Utilities\Poppy\Poppy.exe
G:\Utilities\iPod\bin\iPodService.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\rundll32.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
G:\Utilities\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl/index.php?switchto=nfos&menu=sections§ionid=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [dvd43] G:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] G:\UTILIT~1\AVG\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "G:\utilities\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SBI] G:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\WP0Q1EIL\installer_sbd_en[2].exe
O4 - HKLM\..\Run: [BM57ab7719] Rundll32.exe "G:\WINDOWS\system32\jyneuvah.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "G:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "G:\WINDOWS\TEMP\E_S1EB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [uTorrent] "G:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: Poppy for Windows.lnk = G:\Utilities\Poppy\Poppy.exe
O4 - Startup: Secunia PSI (RC1).lnk = G:\Utilities\Secunia\PSI (RC1)\psi.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\utilities\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\UTILIT~1\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\UTILIT~1\AVG\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\UTILIT~1\AVG\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: Microsoft .NET Framework v1.1.4322 Update (NetFxUpdate_v1.1.4322) - Unknown owner - G:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
0
Comments
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
==============================================
After that I need you to rename HijackThis.exe to Nutty110.exe.
Please do the following:
- Navigate here using Windows Explorer (windows button + E) or My Computer -> Disk G: -> G:\Utilities\Hijackthis
- Right-click on the HijackThis.exe
- Choose from the pull-down menu; "Rename"
- And now Rename HijackThis.exe to Nutty110.exe
- When you've renamed HijackThis, open HijackThis again.
- Take a fresh HijackThis log (click Do a system scan and save a log file)
- Post the fresh HijackThis log here.
==============================================Please post the contents of the MBAM's log and a fresh HijackThis log.
Database version: 672
Scan type: Quick Scan
Objects scanned: 35064
Time elapsed: 11 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
G:\WINDOWS\system32\lsprst7.dll (Trojan.Agent) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\ssprs.dll (Trojan.Agent) -> Quarantined and deleted successfully.
Scan saved at 8:15:53 PM, on 04/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\utilities\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\UTILIT~1\AVG\avgamsvr.exe
G:\UTILIT~1\AVG\avgupsvc.exe
G:\UTILIT~1\AVG\avgemc.exe
G:\WINDOWS\System32\GEARSec.exe
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\WINDOWS\System32\HPZipm12.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
G:\UTILIT~1\AVG\avgcc.exe
G:\utilities\iTunes\iTunesHelper.exe
G:\WINDOWS\system32\ctfmon.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Utilities\iPod\bin\iPodService.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
G:\Utilities\Hijackthis\Nutty110.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl/index.php?switchto=nfos&menu=sections§ionid=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [dvd43] G:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] G:\UTILIT~1\AVG\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "G:\utilities\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SBI] G:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\WP0Q1EIL\installer_sbd_en[2].exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "G:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "G:\WINDOWS\TEMP\E_S1EB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [uTorrent] "G:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: Poppy for Windows.lnk = G:\Utilities\Poppy\Poppy.exe
O4 - Startup: Secunia PSI (RC1).lnk = G:\Utilities\Secunia\PSI (RC1)\psi.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: jkkKeBTk - jkkKeBTk.dll (file missing)
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\utilities\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\UTILIT~1\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\UTILIT~1\AVG\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\UTILIT~1\AVG\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: Microsoft .NET Framework v1.1.4322 Update (NetFxUpdate_v1.1.4322) - Unknown owner - G:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Please do a system scan with HijackThis, and check the boxes next to all the entries listed below:
O4 - HKLM\..\Run: [SBI] G:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\WP0Q1EIL\installer_sbd_en[2].exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O20 - Winlogon Notify: jkkKeBTk - jkkKeBTk.dll (file missing)
=================================================
Please do an online scan with Kaspersky WebScanner
Click on Accept
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
- Click OK
- Now under select a target to scan:
- Select My Computer
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
How is your computer doing?Scan Mail Bases
Thursday, April 24, 2008 7:51:07 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/04/2008
Kaspersky Anti-Virus database records: 724903
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
Scan Statistics:
Total number of scanned objects: 106742
Number of viruses found: 7
Number of infected objects: 18
Number of suspicious objects: 0
Duration of the scan process: 02:49:28
Infected Object Name / Virus Name / Last Action
C:\DISH\Phoenix Atmega Loader v1.1.8\ATMEGA LIVE HELP\Live_Help.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Mirc\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\Appz\BayGenie.eBay.Auction.Sniper.Pro.Edition.v3.1.3.0-HERiTAGE\htgad630.zip/HTG.rar/Crack/BG3130_CRK.exe Infected: Packed.Win32.PePatch.fa skipped
F:\Appz\BayGenie.eBay.Auction.Sniper.Pro.Edition.v3.1.3.0-HERiTAGE\htgad630.zip/HTG.rar Infected: Packed.Win32.PePatch.fa skipped
F:\Appz\BayGenie.eBay.Auction.Sniper.Pro.Edition.v3.1.3.0-HERiTAGE\htgad630.zip ZIP: infected - 2 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
G:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
G:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
G:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
G:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
G:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
G:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
G:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
G:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
G:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
G:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
G:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
G:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
G:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
G:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
G:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
G:\Documents and Settings\Randy\Cookies\index.dat Object is locked skipped
G:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
G:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
G:\Documents and Settings\Randy\Local Settings\History\History.IE5\index.dat Object is locked skipped
G:\Documents and Settings\Randy\Local Settings\History\History.IE5\MSHist012008042420080425\index.dat Object is locked skipped
G:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
G:\Documents and Settings\Randy\ntuser.dat Object is locked skipped
G:\Documents and Settings\Randy\NTUSER.DAT.LOG Object is locked skipped
G:\QooBox\Quarantine\catchme2008-04-20_173129.14.zip/pmnlIaXR.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmt skipped
G:\QooBox\Quarantine\catchme2008-04-20_173129.14.zip ZIP: infected - 1 skipped
G:\QooBox\Quarantine\G\WINDOWS\system32\jkkKeBTk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.pjw skipped
G:\System Volume Information\_restore{C3A0D580-10C5-40FC-933A-4AA07734DCA8}\RP13\A0001336.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pjw skipped
G:\System Volume Information\_restore{C3A0D580-10C5-40FC-933A-4AA07734DCA8}\RP13\A0001342.dll Object is locked skipped
G:\System Volume Information\_restore{C3A0D580-10C5-40FC-933A-4AA07734DCA8}\RP16\A0003398.exe Object is locked skipped
G:\System Volume Information\_restore{C3A0D580-10C5-40FC-933A-4AA07734DCA8}\RP16\change.log Object is locked skipped
G:\System Volume Information\_restore{C3A0D580-10C5-40FC-933A-4AA07734DCA8}\RP9\A0000272.exe Infected: Packed.Win32.PePatch.fa skipped
G:\System Volume Information\_restore{C3A0D580-10C5-40FC-933A-4AA07734DCA8}\RP9\A0000273.exe Infected: Packed.Win32.PePatch.fa skipped
G:\System Volume Information\_restore{C3A0D580-10C5-40FC-933A-4AA07734DCA8}\RP9\A0000275.exe Infected: Packed.Win32.PePatch.fa skipped
G:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
G:\WINDOWS\SchedLgU.Txt Object is locked skipped
G:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
G:\WINDOWS\Sti_Trace.log Object is locked skipped
G:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
G:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
G:\WINDOWS\system32\config\default Object is locked skipped
G:\WINDOWS\system32\config\default.LOG Object is locked skipped
G:\WINDOWS\system32\config\Internet.evt Object is locked skipped
G:\WINDOWS\system32\config\SAM Object is locked skipped
G:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
G:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
G:\WINDOWS\system32\config\SECURITY Object is locked skipped
G:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
G:\WINDOWS\system32\config\software Object is locked skipped
G:\WINDOWS\system32\config\software.LOG Object is locked skipped
G:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
G:\WINDOWS\system32\config\system Object is locked skipped
G:\WINDOWS\system32\config\system.LOG Object is locked skipped
G:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
G:\WINDOWS\system32\drivers\sptd1517.sys Object is locked skipped
G:\WINDOWS\system32\h323log.txt Object is locked skipped
G:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
G:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
G:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
G:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
G:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
G:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
G:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
G:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
G:\WINDOWS\wiadebug.log Object is locked skipped
G:\WINDOWS\wiaservc.log Object is locked skipped
G:\WINDOWS\WindowsUpdate.log Object is locked skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
K:\System Volume Information\_restore{C3A0D580-10C5-40FC-933A-4AA07734DCA8}\RP10\A0000295.exe/data0000.cab/is152510.exe Infected: Packed.Win32.Monder.gen skipped
K:\System Volume Information\_restore{C3A0D580-10C5-40FC-933A-4AA07734DCA8}\RP10\A0000295.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
K:\System Volume Information\_restore{C3A0D580-10C5-40FC-933A-4AA07734DCA8}\RP10\A0000295.exe Rsrc-Package: infected - 2 skipped
K:\System Volume Information\_restore{C3A0D580-10C5-40FC-933A-4AA07734DCA8}\RP9\A0000282.exe/data0000.cab/is152635.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.olx skipped
K:\System Volume Information\_restore{C3A0D580-10C5-40FC-933A-4AA07734DCA8}\RP9\A0000282.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.olx skipped
K:\System Volume Information\_restore{C3A0D580-10C5-40FC-933A-4AA07734DCA8}\RP9\A0000282.exe Rsrc-Package: infected - 2 skipped
Scan process completed.
F:\Appz\BayGenie.eBay.Auction.Sniper.Pro.Edition.v 3.1.3.0-HERiTAGE\htgad630.zip
Please post a fresh HijackThis log once again.
New HighJack this Log
Logfile of HijackThis v1.99.1
Scan saved at 11:34:57 AM, on 04/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\utilities\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\system32\devldr32.exe
G:\UTILIT~1\AVG\avgamsvr.exe
G:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
G:\UTILIT~1\AVG\avgcc.exe
G:\utilities\iTunes\iTunesHelper.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\UTILIT~1\AVG\avgupsvc.exe
G:\UTILIT~1\AVG\avgemc.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Utilities\Poppy\Poppy.exe
G:\WINDOWS\System32\GEARSec.exe
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\WINDOWS\System32\HPZipm12.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\Utilities\iPod\bin\iPodService.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Outlook Express\MSIMN.EXE
G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Utilities\Hijackthis\Nutty110.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl/index.php?switchto=nfos&menu=sections§ionid=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [dvd43] G:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] G:\UTILIT~1\AVG\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "G:\utilities\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SBI] G:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\WP0Q1EIL\installer_sbd_en[2].exe
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "G:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "G:\WINDOWS\TEMP\E_S1EB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [uTorrent] "G:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: Poppy for Windows.lnk = G:\Utilities\Poppy\Poppy.exe
O4 - Startup: Secunia PSI (RC1).lnk = G:\Utilities\Secunia\PSI (RC1)\psi.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\utilities\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\UTILIT~1\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\UTILIT~1\AVG\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\UTILIT~1\AVG\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: Microsoft .NET Framework v1.1.4322 Update (NetFxUpdate_v1.1.4322) - Unknown owner - G:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Please Note: O4 - HKLM\..\Run: [SBI] G:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\WP0Q1EIL\installer_sbd_en[2].exe
I could not remove this line with HighJack This as it reappears after doing another log.
I wanted to point this out before going further.......
This program is for XP and Windows 2000 only
- Double-click ATF-Cleaner.exe to run the program.
- Under Main choose: Select All
- Click the Empty Selected button.
If you use Firefox browser- Click Firefox at the top and choose: Select All
- Click the Empty Selected button.
- NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser- Click Opera at the top and choose: Select All
- Click the Empty Selected button.
- NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.
See if this file is gone:
G:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\WP0Q1EIL\installer_sbd_en[2].exe
Now do a system scan with HijackThis and fix these entries
O4 - HKLM\..\Run: [SBI] G:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\WP0Q1EIL\installer_sbd_en[2].exe
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.microsoft.com/objects/ocget.dll
Please post a fresh HijackThis log after that.
Scan saved at 8:26:01 AM, on 04/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\utilities\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\system32\devldr32.exe
G:\UTILIT~1\AVG\avgamsvr.exe
G:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
G:\UTILIT~1\AVG\avgcc.exe
G:\utilities\iTunes\iTunesHelper.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\UTILIT~1\AVG\avgupsvc.exe
G:\UTILIT~1\AVG\avgemc.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Utilities\Poppy\Poppy.exe
G:\WINDOWS\System32\GEARSec.exe
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\WINDOWS\System32\HPZipm12.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\Utilities\iPod\bin\iPodService.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
G:\Utilities\Hijackthis\Nutty110.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl/index.php?switchto=nfos&menu=sections§ionid=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [dvd43] G:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] G:\UTILIT~1\AVG\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "G:\utilities\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SBI] G:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\WP0Q1EIL\installer_sbd_en[2].exe
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "G:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "G:\WINDOWS\TEMP\E_S1EB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [uTorrent] "G:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: Poppy for Windows.lnk = G:\Utilities\Poppy\Poppy.exe
O4 - Startup: Secunia PSI (RC1).lnk = G:\Utilities\Secunia\PSI (RC1)\psi.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\utilities\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\UTILIT~1\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\UTILIT~1\AVG\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\UTILIT~1\AVG\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: Microsoft .NET Framework v1.1.4322 Update (NetFxUpdate_v1.1.4322) - Unknown owner - G:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\WP0Q1EIL\installer_sbd_en[2].exe
- Quit Internet Explorer and quit any instances of Windows Explorer.
- Click Start, click Control Panel, and then double-click Internet Options.
- On the General tab, click Delete Files under Temporary Internet Files.
- In the Delete Files dialog box, click to select the Delete all offline content check box, and then click OK.
- Click OK.
What happens if you now HijackThis fix this:O4 - HKLM\..\Run: [SBI] G:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\WP0Q1EIL\installer_sbd_en[2].exe
Also I cannot find this file when I do a computer search. I wonder is the file still there? When I search for installer_sbd_en[2].exe I go imnto G:\Documents and Settings\Randy\ I can't find Local Settings dir?
Please download the OTMoveIt2 by OldTimer.
- Save it to your desktop.
- Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
- Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
- Click the red Moveit! button.
- A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
- Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.Please post a fresh HijackThis log also.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SBI deleted successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05012008_114819
Logfile of HijackThis v1.99.1
Scan saved at 11:54:35 AM, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\utilities\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\UTILIT~1\AVG\avgamsvr.exe
G:\UTILIT~1\AVG\avgupsvc.exe
G:\UTILIT~1\AVG\avgemc.exe
G:\WINDOWS\System32\GEARSec.exe
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\WINDOWS\System32\HPZipm12.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
G:\UTILIT~1\AVG\avgcc.exe
G:\utilities\iTunes\iTunesHelper.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Utilities\Poppy\Poppy.exe
G:\Utilities\iPod\bin\iPodService.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\Windows Live\installer\WLSetupSvc.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Utilities\Hijackthis\Nutty110.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl/index.php?switchto=nfos&menu=sections§ionid=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [dvd43] G:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] G:\UTILIT~1\AVG\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "G:\utilities\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "G:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "G:\WINDOWS\TEMP\E_S1EB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [uTorrent] "G:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: Poppy for Windows.lnk = G:\Utilities\Poppy\Poppy.exe
O4 - Startup: Secunia PSI (RC1).lnk = G:\Utilities\Secunia\PSI (RC1)\psi.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - G:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\utilities\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\UTILIT~1\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\UTILIT~1\AVG\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\UTILIT~1\AVG\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: Microsoft .NET Framework v1.1.4322 Update (NetFxUpdate_v1.1.4322) - Unknown owner - G:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
But I don't see a firewall running on your system.
It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built into Windows. It doesn't block everything that may try to get in, it doesn't block anything at all outbound, and the entire firewall is written to the registry. Since most malware accesses the registry and can disable the Windows firewall, it's preferable to install one of these excellent third party solutions.
Comodo
Zone Alarm
Sunbelt Kerio PF
Outpost Firewall
Other than that, your log looks good.
This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.
If you are not the user who started this thread, you must start your own Thread instead