lesser-equity

Computer Juice Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security



Reply
 
Thread Tools
  #1  
Old 8th Apr 2008, 06:55
Member Group
 
Posts: 21
Default Malware Removal - Help

We did all the steps till Java. downloaded it but it said "Failed to verify authenticity......installing and running this code is not allowed." Please advise.

  #2  
Old 8th Apr 2008, 07:36
Moderator Group
 
Skill Level: Advanced
Posts: 6,742
Default Malware Removal - Help

Go to Start > Control Panel and open the Java control panel found there. Use the update option and see if that works.
__________________

  #3  
Old 8th Apr 2008, 08:38
Member Group
 
Posts: 21
Default Malware Removal - Help

Quote:
Originally Posted by evilfantasy View Post
Go to Start > Control Panel and open the Java control panel found there. Use the update option and see if that works.
There is no Java update option there.
  #4  
Old 8th Apr 2008, 08:39
Moderator Group
 
Skill Level: Advanced
Posts: 6,742
Default Malware Removal - Help

Try to get it from here www.java.com

If that doesn't work then just go to the next step and we will deal with it later.
__________________

  #5  
Old 8th Apr 2008, 09:34
Donor Group
 
Skill Level: Advanced
Posts: 1,704
Default Malware Removal - Help

There should be a Java icon I bet your in category view look to your upper left and "switch to classic view" and you should then see a Java icon.

Attached Thumbnails
Malware Removal - Help-category.jpg   Malware Removal - Help-java.jpg  
__________________

My System: Nalo

Processor(s):
Intel Core 2 Duo T5800 2GHz
Motherboard:
RAM Memory:
1GBx2
Graphics Card(s):
Sound Card:
Hard Drive(s):
250GB
Optical Drive(s):
Case / PSU:
Cooling:
Stock Air
Network / Internet:
TeleWest BroadBand 10MB/sec
Monitor(s):
Generic PnP 17"
Operating System(s):
Vista Home Premium SP1 32Bit.
  #6  
Old 8th Apr 2008, 09:38
Member Group
 
Posts: 21
Default Malware Removal - Help

We did all the steps and we are still having the same problems

Here are the logs...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/07/2008 at 03:41 PM

Application Version : 4.0.1154

Core Rules Database Version : 3432
Trace Rules Database Version: 1424

Scan type : Complete Scan
Total Scan Time : 01:38:06

Memory items scanned : 626
Memory threats detected : 4
Registry items scanned : 6141
Registry threats detected : 38
File items scanned : 101242
File threats detected : 114

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\IIFFGECT.DLL
C:\WINDOWS\SYSTEM32\IIFFGECT.DLL

Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\BVJKLPEJ.DLL
C:\WINDOWS\SYSTEM32\BVJKLPEJ.DLL
HKLM\Software\Classes\CLSID\{65701471-4c01-4415-a067-51bacdf39b8b}
HKCR\CLSID\{65701471-4C01-4415-A067-51BACDF39B8B}
HKCR\CLSID\{65701471-4C01-4415-A067-51BACDF39B8B}\InprocServer32
HKCR\CLSID\{65701471-4C01-4415-A067-51BACDF39B8B}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{65701471-4c01-4415-a067-51bacdf39b8b}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0001080.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0001330.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0001331.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0001337.DLL
C:\WINDOWS\SYSTEM32\HXYIXXAO.DLL
C:\WINDOWS\SYSTEM32\NALJPONC.DLL

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\FUCLNHJD.DLL
C:\WINDOWS\SYSTEM32\FUCLNHJD.DLL

MyWay Search Assistant Computers
C:\PROGRAM FILES\MYWAYSA\SRCHASDE\1.BIN\DESRCAS.DLL
C:\PROGRAM FILES\MYWAYSA\SRCHASDE\1.BIN\DESRCAS.DLL
HKLM\Software\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\Programmable
HKLM\Software\Classes\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Control
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\MiscStatus
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\MiscStatus\1
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\ProgID
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Programmable
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\TypeLib
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Version
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKU\S-1-5-21-1376253242-3474823476-3209291414-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

Adware.Vundo-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D0CC2EC3-123B-4668-8346-A755825F6866}
HKCR\CLSID\{D0CC2EC3-123B-4668-8346-A755825F6866}
HKCR\CLSID\{D0CC2EC3-123B-4668-8346-A755825F6866}\InprocServer32
HKCR\CLSID\{D0CC2EC3-123B-4668-8346-A755825F6866}\InprocServer32#ThreadingModel

Adware.Tracking Cookie
C:\Documents and Settings\Dustin\Cookies\dustin@112.2o7[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@2o7[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@a.websponsors[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ad.yieldmanager[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ad.yieldmanager[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@admarketplace[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@adrevolver[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@adrevolver[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ads.addynamix[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ads.pointroll[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@advertising[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@as-us.falkag[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@atdmt[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@atwola[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@belnk[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@bfast[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@bizrate[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@burstnet[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@c1.zedo[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@casalemedia[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@dist.belnk[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@doubleclick[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wfkykpdzigp.stats.esomniture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wgmyoidjmfo.stats.esomniture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjkokicpmlo.stats.esomniture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjkygpczmep.stats.esomniture[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjliahajicp.stats.esomniture[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjliwkc5kcp.stats.esomniture[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjlockajgho.stats.esomniture[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjlykldpgfo.stats.esomniture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@edge.ru4[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-bestbuy.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-cbot.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-gamespot.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-hasbro.hitbox[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-legonewyorkinc.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-sonycomputer.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@fastclick[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ford.112.2o7[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@hg1.hitbox[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@hitbox[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@icc.intellisrv[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@indextools[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@insightexpressai[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@interclick[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@login.tracking101[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@media.fastclick[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@mediaplex[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@msnportal.112.2o7[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@nextag[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@overture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@perf.overture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@pt.crossmediaservic es[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@questionmarket[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@realmedia[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@revenue[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@revsci[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@serving-sys[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@sonycorporate.122.2 o7[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@statcounter[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@stats.gamestop[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@statse.webtrendsliv e[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@tacoda[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@tribalfusion[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@valueclick[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@www.burstbeacon[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@z1.adserver[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@zedo[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@2o7[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ad.yieldmanager[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@adknowledge[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@admarketplace[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@adrevolver[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ads.addynamix[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ads.pointroll[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@adtech[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@adv.surinter[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@advertising[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@apmebf[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@as-us.falkag[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@atdmt[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@burstnet[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@casalemedia[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@doubleclick[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@edge.ru4[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ehg-legonewyorkinc.hitbox[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ehg-sonycomputer.hitbox[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@fastclick[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@hitbox[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@insightexpressai[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@interclick[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@mediaplex[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@pt.crossmediaservices[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@questionmarket[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@realmedia[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@revenue[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@server.cpmstar[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@stats.gamestop[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@statse.webtrendslive[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@trafficmp[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@tribalfusion[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@valueclick[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@zedo[2].txt



Malwarebytes' Anti-Malware 1.10
Database version: 598

Scan type: Full Scan (C:\|)
Objects scanned: 135868
Time elapsed: 59 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 14
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\pcpthqbs.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\SYSTEM32\vtUkklLF.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0d204632-0f04-4faa-965c-af04ba91e9aa} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0d204632-0f04-4faa-965c-af04ba91e9aa} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\BMf7889183 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtukkllf -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\pcpthqbs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\sbqhtpcp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vtUkklLF.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\FLlkkUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\FLlkkUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\qwlinvmk.dll (Trojan.Agent) -> Delete on reboot.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:13 AM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\msn.com
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.wcco.com/cgi-bin/find...6251.001.99999
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by En-Tel Communications, LLC
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {38E77F01-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll
O2 - BHO: {31e8cbc1-30d8-bf99-0294-19db1acbcf74} - {47fcbca1-bd91-4920-99fb-8d031cbc8e13} - C:\WINDOWS\system32\xygpcrbt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6A35C34E-EE48-425F-B809-C6D64566FE2A} - C:\WINDOWS\system32\khfDwuvw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - C:\WINDOWS\system32\ljJDSihG.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: FrontierBA BHO - {A93A3CC1-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Frontier Browser Assistant - {A93A3CC9-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [BMf7889183] Rundll32.exe "C:\WINDOWS\system32\vmptfdge.dll",s
O4 - HKLM\..\Run: [f4bba21f] rundll32.exe "C:\WINDOWS\system32\jmiaxofx.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.en-tel.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120134982093
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ljJDSihG - C:\WINDOWS\SYSTEM32\ljJDSihG.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 15124 bytes
  #7  
Old 8th Apr 2008, 09:45
Member Group
 
Posts: 21
Default Malware Removal - Help

We did all the steps and it's still not working.


Here are the logs...


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/07/2008 at 03:41 PM

Application Version : 4.0.1154

Core Rules Database Version : 3432
Trace Rules Database Version: 1424

Scan type : Complete Scan
Total Scan Time : 01:38:06

Memory items scanned : 626
Memory threats detected : 4
Registry items scanned : 6141
Registry threats detected : 38
File items scanned : 101242
File threats detected : 114

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\IIFFGECT.DLL
C:\WINDOWS\SYSTEM32\IIFFGECT.DLL

Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\BVJKLPEJ.DLL
C:\WINDOWS\SYSTEM32\BVJKLPEJ.DLL
HKLM\Software\Classes\CLSID\{65701471-4c01-4415-a067-51bacdf39b8b}
HKCR\CLSID\{65701471-4C01-4415-A067-51BACDF39B8B}
HKCR\CLSID\{65701471-4C01-4415-A067-51BACDF39B8B}\InprocServer32
HKCR\CLSID\{65701471-4C01-4415-A067-51BACDF39B8B}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{65701471-4c01-4415-a067-51bacdf39b8b}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0001080.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0001330.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0001331.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0001337.DLL
C:\WINDOWS\SYSTEM32\HXYIXXAO.DLL
C:\WINDOWS\SYSTEM32\NALJPONC.DLL

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\FUCLNHJD.DLL
C:\WINDOWS\SYSTEM32\FUCLNHJD.DLL

MyWay Search Assistant Computers
C:\PROGRAM FILES\MYWAYSA\SRCHASDE\1.BIN\DESRCAS.DLL
C:\PROGRAM FILES\MYWAYSA\SRCHASDE\1.BIN\DESRCAS.DLL
HKLM\Software\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\Programmable
HKLM\Software\Classes\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Control
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\MiscStatus
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\MiscStatus\1
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\ProgID
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Programmable
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\TypeLib
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Version
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKU\S-1-5-21-1376253242-3474823476-3209291414-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

Adware.Vundo-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D0CC2EC3-123B-4668-8346-A755825F6866}
HKCR\CLSID\{D0CC2EC3-123B-4668-8346-A755825F6866}
HKCR\CLSID\{D0CC2EC3-123B-4668-8346-A755825F6866}\InprocServer32
HKCR\CLSID\{D0CC2EC3-123B-4668-8346-A755825F6866}\InprocServer32#ThreadingModel

Adware.Tracking Cookie
C:\Documents and Settings\Dustin\Cookies\dustin@112.2o7[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@2o7[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@a.websponsors[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ad.yieldmanager[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ad.yieldmanager[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@admarketplace[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@adrevolver[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@adrevolver[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ads.addynamix[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ads.pointroll[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@advertising[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@as-us.falkag[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@atdmt[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@atwola[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@belnk[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@bfast[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@bizrate[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@burstnet[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@c1.zedo[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@casalemedia[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@dist.belnk[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@doubleclick[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wfkykpdzigp.stats.esomniture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wgmyoidjmfo.stats.esomniture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjkokicpmlo.stats.esomniture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjkygpczmep.stats.esomniture[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjliahajicp.stats.esomniture[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjliwkc5kcp.stats.esomniture[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjlockajgho.stats.esomniture[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@e-2dj6wjlykldpgfo.stats.esomniture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@edge.ru4[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-bestbuy.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-cbot.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-gamespot.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-hasbro.hitbox[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-legonewyorkinc.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ehg-sonycomputer.hitbox[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@fastclick[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ford.112.2o7[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@hg1.hitbox[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@hitbox[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@icc.intellisrv[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@indextools[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@insightexpressai[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@interclick[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@login.tracking101[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@media.fastclick[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@mediaplex[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@msnportal.112.2o7[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@nextag[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@overture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@perf.overture[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@pt.crossmediaservic es[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@questionmarket[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@realmedia[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@revenue[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@revsci[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@serving-sys[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@sonycorporate.122.2 o7[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@statcounter[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@stats.gamestop[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@statse.webtrendsliv e[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@tacoda[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@tribalfusion[2].txt
C:\Documents and Settings\Dustin\Cookies\dustin@valueclick[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@www.burstbeacon[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@z1.adserver[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@zedo[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@2o7[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ad.yieldmanager[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@adknowledge[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@admarketplace[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@adrevolver[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ads.addynamix[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ads.pointroll[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@adtech[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@adv.surinter[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@advertising[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@apmebf[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@as-us.falkag[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@atdmt[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@burstnet[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@casalemedia[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@doubleclick[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@edge.ru4[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ehg-legonewyorkinc.hitbox[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@ehg-sonycomputer.hitbox[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@fastclick[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@hitbox[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@insightexpressai[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@interclick[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@mediaplex[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@pt.crossmediaservices[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@questionmarket[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@realmedia[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@revenue[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@server.cpmstar[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@stats.gamestop[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@statse.webtrendslive[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@trafficmp[1].txt
C:\Documents and Settings\Dylan\Cookies\dylan@tribalfusion[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@valueclick[2].txt
C:\Documents and Settings\Dylan\Cookies\dylan@zedo[2].txt







Malwarebytes' Anti-Malware 1.10
Database version: 598

Scan type: Full Scan (C:\|)
Objects scanned: 135868
Time elapsed: 59 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 14
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\pcpthqbs.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\SYSTEM32\vtUkklLF.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0d204632-0f04-4faa-965c-af04ba91e9aa} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0d204632-0f04-4faa-965c-af04ba91e9aa} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\BMf7889183 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtukkllf -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\pcpthqbs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\sbqhtpcp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vtUkklLF.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\FLlkkUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\FLlkkUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\qwlinvmk.dll (Trojan.Agent) -> Delete on reboot.








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:13 AM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\msn.com
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.wcco.com/cgi-bin/find...6251.001.99999
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by En-Tel Communications, LLC
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {38E77F01-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll
O2 - BHO: {31e8cbc1-30d8-bf99-0294-19db1acbcf74} - {47fcbca1-bd91-4920-99fb-8d031cbc8e13} - C:\WINDOWS\system32\xygpcrbt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6A35C34E-EE48-425F-B809-C6D64566FE2A} - C:\WINDOWS\system32\khfDwuvw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - C:\WINDOWS\system32\ljJDSihG.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: FrontierBA BHO - {A93A3CC1-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Frontier Browser Assistant - {A93A3CC9-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [BMf7889183] Rundll32.exe "C:\WINDOWS\system32\vmptfdge.dll",s
O4 - HKLM\..\Run: [f4bba21f] rundll32.exe "C:\WINDOWS\system32\jmiaxofx.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.en-tel.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120134982093
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ljJDSihG - C:\WINDOWS\SYSTEM32\ljJDSihG.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 15124 bytes
  #8  
Old 8th Apr 2008, 09:48
Member Group
 
Posts: 21
Default Malware Removal - Help

I posted my logs twice and they keep disappearing. so we did all the steps and our computer is still having trouble.
  #9  
Old 8th Apr 2008, 09:55
Donor Group
 
Skill Level: Advanced
Posts: 1,704
Default Malware Removal - Help

Did you follow my little guide on getting to the java icon?
  #10  
Old 8th Apr 2008, 10:07
Member Group
 
Posts: 21
Default Malware Removal - Help

Quote:
Originally Posted by kanoakavirus View Post
Did you follow my little guide on getting to the java icon?
We got it to work from the java website.

Please support this forum, donate towards our running costs.
Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with a malware/virus winspywareprotect badproduce Virus, Spyware & Security 8 12th Jun 2008 13:28
Malware Removal Guide - Please Read Before Posting evilfantasy Virus, Spyware & Security 6 4th Mar 2008 10:35
Malware log antbann Virus, Spyware & Security 4 1st Mar 2008 13:31
Following malware removal instructions, have some questions. jcastell Virus, Spyware & Security 17 19th Feb 2008 17:18
How can I remove vicious malware? waynestep Virus, Spyware & Security 28 28th Aug 2007 15:26

Tags
malware, removal

Bookmarks
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish

Copyright ©2006 - 2009 Computer Juice.

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.