Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Malware Removal - Help

Register Points Site Spy New Posts Donate Unanswered Posts Search Forum Rules

>>> Get Paid to Hang Out Here! Activity = Points = Prizes. Want to Know More? <<<

Reply
1 23 >
 
LinkBack Thread Tools
  #1  
Old 8th Apr 2008
No Avatar
VNani  United States
CJ Member
 
VNani is offline
 
Join Date: 7th Apr 2008
Last Online: 18th May 2008 03:21 PM
Posts: 13
iTrader: (0)
VNani is on a distinguished road
Default Malware Removal - Help
We did all the steps till Java. downloaded it but it said "Failed to verify authenticity......installing and running this code is not allowed." Please advise.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #2  
Old 8th Apr 2008
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: 16th Jul 2007
Last Online: 24 Minutes Ago 02:36 AM
Posts: 4,926
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Malware Removal - Help
Go to Start > Control Panel and open the Java control panel found there. Use the update option and see if that works.
__________________
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #3  
Old 8th Apr 2008
No Avatar
VNani  United States
CJ Member
 
VNani is offline
 
Join Date: 7th Apr 2008
Last Online: 18th May 2008 03:21 PM
Posts: 13
iTrader: (0)
VNani is on a distinguished road
Default Malware Removal - Help
Originally Posted by evilfantasy View Post
Go to Start > Control Panel and open the Java control panel found there. Use the update option and see if that works.
There is no Java update option there.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #4  
Old 8th Apr 2008
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: 16th Jul 2007
Last Online: 24 Minutes Ago 02:36 AM
Posts: 4,926
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Malware Removal - Help
Try to get it from here www.java.com

If that doesn't work then just go to the next step and we will deal with it later.
__________________
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #5  
Old 8th Apr 2008
kanoakavirus's Avatar
CJ Donator
Intel Nvidia
kanoakavirus is offline
 
Join Date: 3rd Mar 2008
Last Online: 6 Hours Ago 08:16 PM
Age: 98
Posts: 1,152
iTrader: (0)
kanoakavirus is on a distinguished roadkanoakavirus is on a distinguished road
Default Malware Removal - Help
There should be a Java icon I bet your in category view look to your upper left and "switch to classic view" and you should then see a Java icon.
Attached Thumbnails
malware-removal-help-category.jpg  malware-removal-help-java.jpg  
__________________

My System: KaV

CPU(s):
Intel(R) Pentium(R) 4 CPU 3.00GHz
Motherboard:
DCC 0N2828
RAM:
Dell 2 x 256 mb DDR
Graphics Card(s):
NVIDIA GeForce4 MX 440 with AGP8x
Sound Card:
Creative Sound Blaster 5.1
Hard Drive(s):
Maxtor 2x 60gb
Optical Drive(s):
Generic Shite
Case / PSU:
Dell/Custom - 550w Trust
Cooling:
1 x 120/80mm led fans 2x 40mm led fans
Network / Internet:
Broadband 2mb
Monitor(s):
DELL M992 17"
Operating System(s):
Windows XP Home/Service pack 2 /32bit

Want your system info in your signature?
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #6  
Old 8th Apr 2008
No Avatar
VNani  United States
CJ Member
 
VNani is offline
 
Join Date: 7th Apr 2008
Last Online: 18th May 2008 03:21 PM
Posts: 13
iTrader: (0)
VNani is on a distinguished road
Default Malware Removal - Help
We did all the steps and we are still having the same problems

Here are the logs...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/07/2008 at 03:41 PM

Application Version : 4.0.1154

Core Rules Database Version : 3432
Trace Rules Database Version: 1424

Scan type : Complete Scan
Total Scan Time : 01:38:06

Memory items scanned : 626
Memory threats detected : 4
Registry items scanned : 6141
Registry threats detected : 38
File items scanned : 101242
File threats detected : 114

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\IIFFGECT.DLL
C:\WINDOWS\SYSTEM32\IIFFGECT.DLL

Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\BVJKLPEJ.DLL
C:\WINDOWS\SYSTEM32\BVJKLPEJ.DLL
HKLM\Software\Classes\CLSID\{65701471-4c01-4415-a067-51bacdf39b8b}
HKCR\CLSID\{65701471-4C01-4415-A067-51BACDF39B8B}
HKCR\CLSID\{65701471-4C01-4415-A067-51BACDF39B8B}\InprocServer32
HKCR\CLSID\{65701471-4C01-4415-A067-51BACDF39B8B}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{65701471-4c01-4415-a067-51bacdf39b8b}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0001080.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0001330.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0001331.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0001337.DLL
C:\WINDOWS\SYSTEM32\HXYIXXAO.DLL
C:\WINDOWS\SYSTEM32\NALJPONC.DLL

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\FUCLNHJD.DLL
C:\WINDOWS\SYSTEM32\FUCLNHJD.DLL

MyWay Search Assistant Computers
C:\PROGRAM FILES\MYWAYSA\SRCHASDE\1.BIN\DESRCAS.DLL
C:\PROGRAM FILES\MYWAYSA\SRCHASDE\1.BIN\DESRCAS.DLL
HKLM\Software\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\Programmable
HKLM\Software\Classes\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Control
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\MiscStatus
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\MiscStatus\1
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\ProgID
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Programmable
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\TypeLib
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Version
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKU\S-1-5-21-1376253242-3474823476-3209291414-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

Adware.Vundo-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D0CC2EC3-123B-4668-8346-A755825F6866}
HKCR\CLSID\{D0CC2EC3-123B-4668-8346-A755825F6866}
HKCR\CLSID\{D0CC2EC3-123B-4668-8346-A755825F6866}\InprocServer32
HKCR\CLSID\{D0CC2EC3-123B-4668-8346-A755825F6866}\InprocServer32#ThreadingModel

Adware.Tracking Cookie
C:\Documents and Settings\Dustin\Cookies\dustin@112.2o7[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@2o7[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@a.websponsors[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ad.yieldmanager[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ad.yieldmanager[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@admarketplace[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@adrevolver[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@adrevolver[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ads.addynamix[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ads.pointroll[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@advertising[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@as-us.falkag[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@atdmt[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@atwola[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@belnk[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@bfast[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@bizrate[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@burstnet[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@c1.zedo[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@casalemedia[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@dist.belnk[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@doubleclick[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wfkykpdzigp.stats.esomniture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wgmyoidjmfo.stats.esomniture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjkokicpmlo.stats.esomniture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjkygpczmep.stats.esomniture[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjliahajicp.stats.esomniture[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjliwkc5kcp.stats.esomniture[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjlockajgho.stats.esomniture[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjlykldpgfo.stats.esomniture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@edge.ru4[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-bestbuy.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-cbot.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-gamespot.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-hasbro.hitbox[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-legonewyorkinc.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-sonycomputer.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@fastclick[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ford.112.2o7[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@hg1.hitbox[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@hitbox[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@icc.intellisrv[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@indextools[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@insightexpressai[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@interclick[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@login.tracking101[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@media.fastclick[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@mediaplex[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@msnportal.112.2o7[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@nextag[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@overture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@perf.overture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@pt.crossmediaservic es[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@questionmarket[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@realmedia[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@revenue[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@revsci[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@serving-sys[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@sonycorporate.122.2 o7[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@statcounter[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@stats.gamestop[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@statse.webtrendsliv e[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@tacoda[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@tribalfusion[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@valueclick[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@www.burstbeacon[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@z1.adserver[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@zedo[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@2o7[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ad.yieldmanager[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@adknowledge[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@admarketplace[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@adrevolver[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ads.addynamix[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ads.pointroll[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@adtech[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@adv.surinter[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@advertising[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@apmebf[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@as-us.falkag[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@atdmt[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@burstnet[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@casalemedia[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@doubleclick[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@edge.ru4[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ehg-legonewyorkinc.hitbox[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ehg-sonycomputer.hitbox[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@fastclick[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@hitbox[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@insightexpressai[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@interclick[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@mediaplex[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@pt.crossmediaservices[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@questionmarket[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@realmedia[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@revenue[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@server.cpmstar[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@stats.gamestop[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@statse.webtrendslive[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@trafficmp[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@tribalfusion[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@valueclick[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@zedo[2].txt



Malwarebytes' Anti-Malware 1.10
Database version: 598

Scan type: Full Scan (C:\|)
Objects scanned: 135868
Time elapsed: 59 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 14
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\pcpthqbs.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\SYSTEM32\vtUkklLF.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0d204632-0f04-4faa-965c-af04ba91e9aa} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0d204632-0f04-4faa-965c-af04ba91e9aa} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\BMf7889183 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtukkllf -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\pcpthqbs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\sbqhtpcp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vtUkklLF.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\FLlkkUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\FLlkkUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\qwlinvmk.dll (Trojan.Agent) -> Delete on reboot.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:13 AM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\msn.com
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.wcco.com/cgi-bin/find...6251.001.99999
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by En-Tel Communications, LLC
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {38E77F01-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll
O2 - BHO: {31e8cbc1-30d8-bf99-0294-19db1acbcf74} - {47fcbca1-bd91-4920-99fb-8d031cbc8e13} - C:\WINDOWS\system32\xygpcrbt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6A35C34E-EE48-425F-B809-C6D64566FE2A} - C:\WINDOWS\system32\khfDwuvw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - C:\WINDOWS\system32\ljJDSihG.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: FrontierBA BHO - {A93A3CC1-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Frontier Browser Assistant - {A93A3CC9-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [BMf7889183] Rundll32.exe "C:\WINDOWS\system32\vmptfdge.dll",s
O4 - HKLM\..\Run: [f4bba21f] rundll32.exe "C:\WINDOWS\system32\jmiaxofx.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.en-tel.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120134982093
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ljJDSihG - C:\WINDOWS\SYSTEM32\ljJDSihG.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 15124 bytes
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #7  
Old 8th Apr 2008
No Avatar
VNani  United States
CJ Member
 
VNani is offline
 
Join Date: 7th Apr 2008
Last Online: 18th May 2008 03:21 PM
Posts: 13
iTrader: (0)
VNani is on a distinguished road
Default Malware Removal - Help
We did all the steps and it's still not working.


Here are the logs...


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/07/2008 at 03:41 PM

Application Version : 4.0.1154

Core Rules Database Version : 3432
Trace Rules Database Version: 1424

Scan type : Complete Scan
Total Scan Time : 01:38:06

Memory items scanned : 626
Memory threats detected : 4
Registry items scanned : 6141
Registry threats detected : 38
File items scanned : 101242
File threats detected : 114

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\IIFFGECT.DLL
C:\WINDOWS\SYSTEM32\IIFFGECT.DLL

Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\BVJKLPEJ.DLL
C:\WINDOWS\SYSTEM32\BVJKLPEJ.DLL
HKLM\Software\Classes\CLSID\{65701471-4c01-4415-a067-51bacdf39b8b}
HKCR\CLSID\{65701471-4C01-4415-A067-51BACDF39B8B}
HKCR\CLSID\{65701471-4C01-4415-A067-51BACDF39B8B}\InprocServer32
HKCR\CLSID\{65701471-4C01-4415-A067-51BACDF39B8B}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{65701471-4c01-4415-a067-51bacdf39b8b}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0001080.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0001330.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0001331.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0001337.DLL
C:\WINDOWS\SYSTEM32\HXYIXXAO.DLL
C:\WINDOWS\SYSTEM32\NALJPONC.DLL

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\FUCLNHJD.DLL
C:\WINDOWS\SYSTEM32\FUCLNHJD.DLL

MyWay Search Assistant Computers
C:\PROGRAM FILES\MYWAYSA\SRCHASDE\1.BIN\DESRCAS.DLL
C:\PROGRAM FILES\MYWAYSA\SRCHASDE\1.BIN\DESRCAS.DLL
HKLM\Software\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\Programmable
HKLM\Software\Classes\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Control
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\MiscStatus
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\MiscStatus\1
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\ProgID
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Programmable
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\TypeLib
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Version
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKU\S-1-5-21-1376253242-3474823476-3209291414-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

Adware.Vundo-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D0CC2EC3-123B-4668-8346-A755825F6866}
HKCR\CLSID\{D0CC2EC3-123B-4668-8346-A755825F6866}
HKCR\CLSID\{D0CC2EC3-123B-4668-8346-A755825F6866}\InprocServer32
HKCR\CLSID\{D0CC2EC3-123B-4668-8346-A755825F6866}\InprocServer32#ThreadingModel

Adware.Tracking Cookie
C:\Documents and Settings\Dustin\Cookies\dustin@112.2o7[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@2o7[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@a.websponsors[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ad.yieldmanager[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ad.yieldmanager[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@admarketplace[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@adrevolver[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@adrevolver[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ads.addynamix[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ads.pointroll[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@advertising[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@as-us.falkag[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@atdmt[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@atwola[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@belnk[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@bfast[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@bizrate[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@burstnet[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@c1.zedo[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@casalemedia[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@dist.belnk[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@doubleclick[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wfkykpdzigp.stats.esomniture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wgmyoidjmfo.stats.esomniture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjkokicpmlo.stats.esomniture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjkygpczmep.stats.esomniture[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjliahajicp.stats.esomniture[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjliwkc5kcp.stats.esomniture[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjlockajgho.stats.esomniture[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjlykldpgfo.stats.esomniture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@edge.ru4[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-bestbuy.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-cbot.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-gamespot.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-hasbro.hitbox[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-legonewyorkinc.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-sonycomputer.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@fastclick[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ford.112.2o7[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@hg1.hitbox[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@hitbox[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@icc.intellisrv[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@indextools[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@insightexpressai[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@interclick[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@login.tracking101[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@media.fastclick[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@mediaplex[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@msnportal.112.2o7[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@nextag[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@overture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@perf.overture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@pt.crossmediaservic es[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@questionmarket[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@realmedia[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@revenue[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@revsci[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@serving-sys[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@sonycorporate.122.2 o7[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@statcounter[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@stats.gamestop[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@statse.webtrendsliv e[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@tacoda[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@tribalfusion[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@valueclick[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@www.burstbeacon[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@z1.adserver[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@zedo[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@2o7[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ad.yieldmanager[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@adknowledge[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@admarketplace[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@adrevolver[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ads.addynamix[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ads.pointroll[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@adtech[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@adv.surinter[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@advertising[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@apmebf[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@as-us.falkag[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@atdmt[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@burstnet[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@casalemedia[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@doubleclick[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@edge.ru4[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ehg-legonewyorkinc.hitbox[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ehg-sonycomputer.hitbox[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@fastclick[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@hitbox[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@insightexpressai[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@interclick[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@mediaplex[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@pt.crossmediaservices[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@questionmarket[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@realmedia[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@revenue[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@server.cpmstar[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@stats.gamestop[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@statse.webtrendslive[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@trafficmp[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@tribalfusion[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@valueclick[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@zedo[2].txt







Malwarebytes' Anti-Malware 1.10
Database version: 598

Scan type: Full Scan (C:\|)
Objects scanned: 135868
Time elapsed: 59 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 14
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\pcpthqbs.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\SYSTEM32\vtUkklLF.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0d204632-0f04-4faa-965c-af04ba91e9aa} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0d204632-0f04-4faa-965c-af04ba91e9aa} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\BMf7889183 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtukkllf -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\pcpthqbs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\sbqhtpcp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vtUkklLF.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\FLlkkUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\FLlkkUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\qwlinvmk.dll (Trojan.Agent) -> Delete on reboot.








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:13 AM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\msn.com
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.wcco.com/cgi-bin/find...6251.001.99999
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by En-Tel Communications, LLC
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {38E77F01-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll
O2 - BHO: {31e8cbc1-30d8-bf99-0294-19db1acbcf74} - {47fcbca1-bd91-4920-99fb-8d031cbc8e13} - C:\WINDOWS\system32\xygpcrbt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6A35C34E-EE48-425F-B809-C6D64566FE2A} - C:\WINDOWS\system32\khfDwuvw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - C:\WINDOWS\system32\ljJDSihG.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: FrontierBA BHO - {A93A3CC1-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Frontier Browser Assistant - {A93A3CC9-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [BMf7889183] Rundll32.exe "C:\WINDOWS\system32\vmptfdge.dll",s
O4 - HKLM\..\Run: [f4bba21f] rundll32.exe "C:\WINDOWS\system32\jmiaxofx.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.en-tel.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120134982093
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ljJDSihG - C:\WINDOWS\SYSTEM32\ljJDSihG.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 15124 bytes
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #8  
Old 8th Apr 2008
No Avatar
VNani  United States
CJ Member
 
VNani is offline
 
Join Date: 7th Apr 2008
Last Online: 18th May 2008 03:21 PM
Posts: 13
iTrader: (0)
VNani is on a distinguished road
Default Malware Removal - Help
I posted my logs twice and they keep disappearing. so we did all the steps and our computer is still having trouble.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #9  
Old 8th Apr 2008
kanoakavirus's Avatar