|
| Computer Juice Magazine |
|
|||||||
| Register | Site Spy | Member List | Donate | Unanswered Posts | Search | Today's Posts | Mark Forums Read | Forum Rules |
 |
|
|
Thread Tools |
|
#1
8th Apr 2008, 06:55
|
|||
|
|||
Malware Removal - Help
We did all the steps till Java. downloaded it but it said "Failed to verify authenticity......installing and running this code is not allowed." Please advise.
|
|
#2
8th Apr 2008, 07:36
|
|||
|
|||
|
Malware Removal - Help
Go to Start > Control Panel and open the Java control panel found there. Use the update option and see if that works.
__________________
 |
|
#3
8th Apr 2008, 08:38
|
|||
|
|||
|
Malware Removal - Help
Quote:
|
|
#4
8th Apr 2008, 08:39
|
|||
|
|||
|
Malware Removal - Help
Try to get it from here www.java.com
If that doesn't work then just go to the next step and we will deal with it later.
__________________
|
|
#5
8th Apr 2008, 09:34
|
||||||||||||
|
||||||||||||
|
Malware Removal - Help
There should be a Java icon I bet your in category view look to your upper left and "switch to classic view" and you should then see a Java icon.
  My System: Nalo
|
|
#6
8th Apr 2008, 09:38
|
|||
|
|||
|
Malware Removal - Help
We did all the steps and we are still having the same problems
 Here are the logs... SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 04/07/2008 at 03:41 PM Application Version : 4.0.1154 Core Rules Database Version : 3432 Trace Rules Database Version: 1424 Scan type : Complete Scan Total Scan Time : 01:38:06 Memory items scanned : 626 Memory threats detected : 4 Registry items scanned : 6141 Registry threats detected : 38 File items scanned : 101242 File threats detected : 114 Adware.Vundo Variant/Resident C:\WINDOWS\SYSTEM32\IIFFGECT.DLL C:\WINDOWS\SYSTEM32\IIFFGECT.DLL Adware.Vundo-Variant/Small-A C:\WINDOWS\SYSTEM32\BVJKLPEJ.DLL C:\WINDOWS\SYSTEM32\BVJKLPEJ.DLL HKLM\Software\Classes\CLSID\{65701471-4c01-4415-a067-51bacdf39b8b} HKCR\CLSID\{65701471-4C01-4415-A067-51BACDF39B8B} HKCR\CLSID\{65701471-4C01-4415-A067-51BACDF39B8B}\InprocServer32 HKCR\CLSID\{65701471-4C01-4415-A067-51BACDF39B8B}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{65701471-4c01-4415-a067-51bacdf39b8b} C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0001080.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0001330.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0001331.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0001337.DLL C:\WINDOWS\SYSTEM32\HXYIXXAO.DLL C:\WINDOWS\SYSTEM32\NALJPONC.DLL Trojan.Downloader-NewJuan/VM C:\WINDOWS\SYSTEM32\FUCLNHJD.DLL C:\WINDOWS\SYSTEM32\FUCLNHJD.DLL MyWay Search Assistant Computers C:\PROGRAM FILES\MYWAYSA\SRCHASDE\1.BIN\DESRCAS.DLL C:\PROGRAM FILES\MYWAYSA\SRCHASDE\1.BIN\DESRCAS.DLL HKLM\Software\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32 HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\Programmable HKLM\Software\Classes\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Control HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32 HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\MiscStatus HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\MiscStatus\1 HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\ProgID HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Programmable HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\TypeLib HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Version HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\VersionIndependentProgID HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32 HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKU\S-1-5-21-1376253242-3474823476-3209291414-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75} Adware.Vundo-Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D0CC2EC3-123B-4668-8346-A755825F6866} HKCR\CLSID\{D0CC2EC3-123B-4668-8346-A755825F6866} HKCR\CLSID\{D0CC2EC3-123B-4668-8346-A755825F6866}\InprocServer32 HKCR\CLSID\{D0CC2EC3-123B-4668-8346-A755825F6866}\InprocServer32#ThreadingModel Adware.Tracking Cookie C:\Documents and Settings\Dustin\Cookies\dustin@112.2o7[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@2o7[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@a.websponsors[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@ad.yieldmanager[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@ad.yieldmanager[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@admarketplace[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@adrevolver[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@adrevolver[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@ads.addynamix[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@ads.pointroll[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@advertising[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@as-us.falkag[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@atdmt[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@atwola[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@belnk[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@bfast[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@bizrate[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@burstnet[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@c1.zedo[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@casalemedia[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@dist.belnk[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@doubleclick[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wfkykpdzigp.stats.esomniture[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wgmyoidjmfo.stats.esomniture[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjkokicpmlo.stats.esomniture[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjkygpczmep.stats.esomniture[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjliahajicp.stats.esomniture[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjliwkc5kcp.stats.esomniture[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjlockajgho.stats.esomniture[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjlykldpgfo.stats.esomniture[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@edge.ru4[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@ehg-bestbuy.hitbox[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@ehg-cbot.hitbox[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@ehg-dig.hitbox[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@ehg-gamespot.hitbox[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@ehg-hasbro.hitbox[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@ehg-legonewyorkinc.hitbox[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@ehg-sonycomputer.hitbox[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@fastclick[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@ford.112.2o7[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@hg1.hitbox[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@hitbox[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@icc.intellisrv[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@indextools[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@insightexpressai[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@interclick[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@login.tracking101[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@media.fastclick[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@mediaplex[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@msnportal.112.2o7[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@nextag[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@overture[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@perf.overture[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@pt.crossmediaservic es[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@questionmarket[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@realmedia[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@revenue[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@revsci[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@serving-sys[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@sonycorporate.122.2 o7[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@statcounter[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@stats.gamestop[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@statse.webtrendsliv e[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@tacoda[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@tribalfusion[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@valueclick[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@www.burstbeacon[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@z1.adserver[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@zedo[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@2o7[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@ad.yieldmanager[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@adknowledge[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@admarketplace[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@adrevolver[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@ads.addynamix[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@ads.pointroll[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@adtech[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@adv.surinter[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@advertising[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@apmebf[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@as-us.falkag[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@atdmt[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@burstnet[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@casalemedia[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@doubleclick[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@edge.ru4[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@ehg-legonewyorkinc.hitbox[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@ehg-sonycomputer.hitbox[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@fastclick[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@hitbox[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@insightexpressai[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@interclick[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@mediaplex[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@pt.crossmediaservices[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@questionmarket[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@realmedia[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@revenue[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@server.cpmstar[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@stats.gamestop[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@statse.webtrendslive[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@trafficmp[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@tribalfusion[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@valueclick[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@zedo[2].txt Malwarebytes' Anti-Malware 1.10 Database version: 598 Scan type: Full Scan (C:\|) Objects scanned: 135868 Time elapsed: 59 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 14 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\SYSTEM32\pcpthqbs.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\SYSTEM32\vtUkklLF.dll (Trojan.Vundo) -> Unloaded module successfully. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0d204632-0f04-4faa-965c-af04ba91e9aa} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{0d204632-0f04-4faa-965c-af04ba91e9aa} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\BMf7889183 (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtukkllf -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\pcpthqbs.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\SYSTEM32\sbqhtpcp.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\vtUkklLF.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\SYSTEM32\FLlkkUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\FLlkkUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\qwlinvmk.dll (Trojan.Agent) -> Delete on reboot. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:21:13 AM, on 4/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\WINDOWS\msn.com C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.wcco.com/cgi-bin/find...6251.001.99999 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by En-Tel Communications, LLC R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {38E77F01-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll O2 - BHO: {31e8cbc1-30d8-bf99-0294-19db1acbcf74} - {47fcbca1-bd91-4920-99fb-8d031cbc8e13} - C:\WINDOWS\system32\xygpcrbt.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {6A35C34E-EE48-425F-B809-C6D64566FE2A} - C:\WINDOWS\system32\khfDwuvw.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - C:\WINDOWS\system32\ljJDSihG.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: FrontierBA BHO - {A93A3CC1-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Frontier Browser Assistant - {A93A3CC9-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows live Messenger] msn.com O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe O4 - HKLM\..\Run: [BMf7889183] Rundll32.exe "C:\WINDOWS\system32\vmptfdge.dll",s O4 - HKLM\..\Run: [f4bba21f] rundll32.exe "C:\WINDOWS\system32\jmiaxofx.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.en-tel.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120134982093 O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ljJDSihG - C:\WINDOWS\SYSTEM32\ljJDSihG.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 15124 bytes |
|
#7
8th Apr 2008, 09:45
|
|||
|
|||
|
Malware Removal - Help
We did all the steps and it's still not working.
Here are the logs... SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 04/07/2008 at 03:41 PM Application Version : 4.0.1154 Core Rules Database Version : 3432 Trace Rules Database Version: 1424 Scan type : Complete Scan Total Scan Time : 01:38:06 Memory items scanned : 626 Memory threats detected : 4 Registry items scanned : 6141 Registry threats detected : 38 File items scanned : 101242 File threats detected : 114 Adware.Vundo Variant/Resident C:\WINDOWS\SYSTEM32\IIFFGECT.DLL C:\WINDOWS\SYSTEM32\IIFFGECT.DLL Adware.Vundo-Variant/Small-A C:\WINDOWS\SYSTEM32\BVJKLPEJ.DLL C:\WINDOWS\SYSTEM32\BVJKLPEJ.DLL HKLM\Software\Classes\CLSID\{65701471-4c01-4415-a067-51bacdf39b8b} HKCR\CLSID\{65701471-4C01-4415-A067-51BACDF39B8B} HKCR\CLSID\{65701471-4C01-4415-A067-51BACDF39B8B}\InprocServer32 HKCR\CLSID\{65701471-4C01-4415-A067-51BACDF39B8B}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{65701471-4c01-4415-a067-51bacdf39b8b} C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0001080.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0001330.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0001331.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0001337.DLL C:\WINDOWS\SYSTEM32\HXYIXXAO.DLL C:\WINDOWS\SYSTEM32\NALJPONC.DLL Trojan.Downloader-NewJuan/VM C:\WINDOWS\SYSTEM32\FUCLNHJD.DLL C:\WINDOWS\SYSTEM32\FUCLNHJD.DLL MyWay Search Assistant Computers C:\PROGRAM FILES\MYWAYSA\SRCHASDE\1.BIN\DESRCAS.DLL C:\PROGRAM FILES\MYWAYSA\SRCHASDE\1.BIN\DESRCAS.DLL HKLM\Software\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32 HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\Programmable HKLM\Software\Classes\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Control HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32 HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\MiscStatus HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\MiscStatus\1 HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\ProgID HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Programmable HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\TypeLib HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Version HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\VersionIndependentProgID HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32 HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKU\S-1-5-21-1376253242-3474823476-3209291414-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75} Adware.Vundo-Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D0CC2EC3-123B-4668-8346-A755825F6866} HKCR\CLSID\{D0CC2EC3-123B-4668-8346-A755825F6866} HKCR\CLSID\{D0CC2EC3-123B-4668-8346-A755825F6866}\InprocServer32 HKCR\CLSID\{D0CC2EC3-123B-4668-8346-A755825F6866}\InprocServer32#ThreadingModel Adware.Tracking Cookie C:\Documents and Settings\Dustin\Cookies\dustin@112.2o7[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@2o7[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@a.websponsors[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@ad.yieldmanager[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@ad.yieldmanager[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@admarketplace[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@adrevolver[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@adrevolver[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@ads.addynamix[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@ads.pointroll[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@advertising[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@as-us.falkag[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@atdmt[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@atwola[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@belnk[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@bfast[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@bizrate[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@burstnet[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@c1.zedo[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@casalemedia[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@dist.belnk[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@doubleclick[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wfkykpdzigp.stats.esomniture[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wgmyoidjmfo.stats.esomniture[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjkokicpmlo.stats.esomniture[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjkygpczmep.stats.esomniture[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjliahajicp.stats.esomniture[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjliwkc5kcp.stats.esomniture[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjlockajgho.stats.esomniture[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjlykldpgfo.stats.esomniture[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@edge.ru4[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@ehg-bestbuy.hitbox[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@ehg-cbot.hitbox[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@ehg-dig.hitbox[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@ehg-gamespot.hitbox[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@ehg-hasbro.hitbox[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@ehg-legonewyorkinc.hitbox[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@ehg-sonycomputer.hitbox[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@fastclick[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@ford.112.2o7[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@hg1.hitbox[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@hitbox[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@icc.intellisrv[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@indextools[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@insightexpressai[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@interclick[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@login.tracking101[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@media.fastclick[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@mediaplex[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@msnportal.112.2o7[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@nextag[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@overture[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@perf.overture[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@pt.crossmediaservic es[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@questionmarket[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@realmedia[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@revenue[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@revsci[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@serving-sys[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@sonycorporate.122.2 o7[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@statcounter[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@stats.gamestop[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@statse.webtrendsliv e[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@tacoda[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@tribalfusion[2].txt C:\Documents and Settings\Dustin\Cookies\dustin@valueclick[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@www.burstbeacon[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@z1.adserver[1].txt C:\Documents and Settings\Dustin\Cookies\dustin@zedo[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@2o7[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@ad.yieldmanager[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@adknowledge[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@admarketplace[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@adrevolver[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@ads.addynamix[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@ads.pointroll[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@adtech[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@adv.surinter[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@advertising[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@apmebf[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@as-us.falkag[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@atdmt[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@burstnet[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@casalemedia[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@doubleclick[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@edge.ru4[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@ehg-legonewyorkinc.hitbox[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@ehg-sonycomputer.hitbox[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@fastclick[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@hitbox[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@insightexpressai[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@interclick[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@mediaplex[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@pt.crossmediaservices[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@questionmarket[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@realmedia[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@revenue[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@server.cpmstar[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@stats.gamestop[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@statse.webtrendslive[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@trafficmp[1].txt C:\Documents and Settings\Dylan\Cookies\dylan@tribalfusion[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@valueclick[2].txt C:\Documents and Settings\Dylan\Cookies\dylan@zedo[2].txt Malwarebytes' Anti-Malware 1.10 Database version: 598 Scan type: Full Scan (C:\|) Objects scanned: 135868 Time elapsed: 59 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 14 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\SYSTEM32\pcpthqbs.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\SYSTEM32\vtUkklLF.dll (Trojan.Vundo) -> Unloaded module successfully. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0d204632-0f04-4faa-965c-af04ba91e9aa} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{0d204632-0f04-4faa-965c-af04ba91e9aa} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\BMf7889183 (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtukkllf -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\pcpthqbs.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\SYSTEM32\sbqhtpcp.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\vtUkklLF.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\SYSTEM32\FLlkkUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\FLlkkUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\qwlinvmk.dll (Trojan.Agent) -> Delete on reboot. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:21:13 AM, on 4/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\WINDOWS\msn.com C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.wcco.com/cgi-bin/find...6251.001.99999 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by En-Tel Communications, LLC R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {38E77F01-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll O2 - BHO: {31e8cbc1-30d8-bf99-0294-19db1acbcf74} - {47fcbca1-bd91-4920-99fb-8d031cbc8e13} - C:\WINDOWS\system32\xygpcrbt.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {6A35C34E-EE48-425F-B809-C6D64566FE2A} - C:\WINDOWS\system32\khfDwuvw.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - C:\WINDOWS\system32\ljJDSihG.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: FrontierBA BHO - {A93A3CC1-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Frontier Browser Assistant - {A93A3CC9-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows live Messenger] msn.com O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe O4 - HKLM\..\Run: [BMf7889183] Rundll32.exe "C:\WINDOWS\system32\vmptfdge.dll",s O4 - HKLM\..\Run: [f4bba21f] rundll32.exe "C:\WINDOWS\system32\jmiaxofx.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.en-tel.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120134982093 O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ljJDSihG - C:\WINDOWS\SYSTEM32\ljJDSihG.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 15124 bytes |
|
#8
8th Apr 2008, 09:48
|
|||
|
|||
|
Malware Removal - Help
I posted my logs twice and they keep disappearing. so we did all the steps and our computer is still having trouble.
|
|
#9
8th Apr 2008, 09:55
|
|||
|
|||
|
Malware Removal - Help
Did you follow my little guide on getting to the java icon?
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Help with a malware/virus winspywareprotect | badproduce | Virus, Spyware & Security | 8 | 12th Jun 2008 13:28 |
| Malware Removal Guide - Please Read Before Posting | evilfantasy | Virus, Spyware & Security | 6 | 4th Mar 2008 10:35 |
| Malware log | antbann | Virus, Spyware & Security | 4 | 1st Mar 2008 13:31 |
| Following malware removal instructions, have some questions. | jcastell | Virus, Spyware & Security | 17 | 19th Feb 2008 17:18 |
| How can I remove vicious malware? | waynestep | Virus, Spyware & Security | 28 | 28th Aug 2007 15:26 |
| Tags |
| malware, removal |
| Bookmarks |
| Thread Tools | |
|
|
