« previous next »
Pages: [1]

Author Topic: info stealer winfixer vundo trojan pls help  (Read 927 times)

Offline Aaron40002

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
info stealer winfixer vundo trojan pls help
« on: March 29, 2007, 11:46:10 AM »
norton keeps saying its deleting these files but they keep comming back and random websites popup when ur trying to search the net...



Logfile of HijackThis v1.99.1
Scan saved at 11:23:00 AM, on 3/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\hgt\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\nfytthhh.dll",setvm
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm090LEUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
info stealer winfixer vundo trojan pls help
« Reply #1 on: March 29, 2007, 11:49:15 AM »
Can you do the following for me
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

AFTER you post that list
Can you also do the following
Navigate to Hijackthis.exe located here
C:\hgt\HijackThis.exe

RIGHT CLICK on HijackThis.exe and rename it to
Aaron.exe
Run a fresh scan and save logfile with Aaron.exe and post a fresh log please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Aaron40002

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
info stealer winfixer vundo trojan pls help
« Reply #2 on: March 29, 2007, 12:05:16 PM »
Hey ecerytime i hit the save list button it closes and it doesent bring up a option to save it to any location?
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
info stealer winfixer vundo trojan pls help
« Reply #3 on: March 29, 2007, 12:15:00 PM »
That's ok, can you go ahead and rename hijackthis.exe to Aaron.exe and post a fresh log

Also
Download and unzip to your desktop InstalledPrograms.zip
Double click on InstalledPrograms.vbs

Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents

ALLOW this script to run if prompted by your AntiVirus
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Aaron40002

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
info stealer winfixer vundo trojan pls help
« Reply #4 on: March 29, 2007, 12:33:39 PM »
ok here it is this is the hjt log

Logfile of HijackThis v1.99.1
Scan saved at 12:27:46 PM, on 3/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hgt\Aaron.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {035867B5-5F41-45B1-950F-0850FCE3E20B} - C:\WINDOWS\system32\awvtt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\qvgeyagq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\nfytthhh.dll",setvm
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm090LEUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvtt - C:\WINDOWS\system32\awvtt.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: ssqrrrr - C:\WINDOWS\SYSTEM32\ssqrrrr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxyvutq - C:\WINDOWS\SYSTEM32\xxyvutq.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe



and heres the other one



INSTALLED SOFTWARE (267) - TAMARARLEVIEN - 3/29/2007 12:30:47 PM

2570   Ver: 50.0.214.000   Installed: 7/15/2006
2570_Help   Ver: 50.0.214.000   Installed: 7/15/2006
2570Trb   Ver: 50.0.214.000   Installed: 7/15/2006
Ad-Aware SE Personal   Ver: 1.0.6   Installed: 3/23/2007
Adobe Bridge 1.0   Ver: 001.000.004   Installed: 8/23/2006
Adobe Common File Installer   Ver: 1.00.0000   Installed: 8/23/2006
Adobe Flash Player 9 ActiveX   Ver: 9
Adobe Help Center 1.0   Ver: 001.000.000   Installed: 8/23/2006
Adobe Photoshop CS2   Ver: 9.0
Adobe Photoshop CS2   Ver: 9.0   Installed: 8/23/2006
Adobe Reader 8   Ver: 8.0.0   Installed: 1/22/2007
Adobe Stock Photos 1.0   Ver: 1.0.7   Installed: 8/23/2006
AiO_Scan_CDA   Ver: 50.0.214.000   Installed: 7/15/2006
AiOSoftwareNPI   Ver: 50.0.214.000   Installed: 7/15/2006
Audible Download Manager   Ver: 5.0.0.32
AudibleManager   Ver: 2089884134.2089884196.2090320000.2089884154
Avanquest update   Ver: 1.09   Installed: 3/11/2007
Best Buy Rhapsody   
BitLord 1.1   Ver: 1.1
BufferChm   Ver: 60.0.155.000   Installed: 12/28/2005
C++ AIO For Dummies   
ccCommon   Ver: 104.0.1.17   Installed: 8/3/2006
Comcast Rhapsody   
Conexant HD Audio   
CP_AtenaShokunin1Config   Ver: 60.0.155.000   Installed: 12/28/2005
CP_CalendarTemplates1   Ver: 60.0.155.000   Installed: 12/28/2005
cp_LightScribeConfig   Ver: 60.0.155.000   Installed: 12/28/2005
cp_OnlineProjectsConfig   Ver: 60.0.155.000   Installed: 12/28/2005
CP_Package_Basic1   Ver: 60.0.155.000   Installed: 12/28/2005
CP_Package_Variety1   Ver: 60.0.155.000   Installed: 12/28/2005
CP_Package_Variety2   Ver: 60.0.155.000   Installed: 12/28/2005
CP_Package_Variety3   Ver: 60.0.155.000   Installed: 12/28/2005
CP_Panorama1Config   Ver: 60.0.155.000   Installed: 12/28/2005
cp_PosterPrintConfig   Ver: 60.0.155.000   Installed: 12/28/2005
cp_UpdateProjectsConfig   Ver: 60.0.155.000   Installed: 12/28/2005
CueTour   Ver: 60.0.155.000   Installed: 12/28/2005
Customer Experience Enhancement   Ver: Customer Experience Enhancement -1.0.0.1680   Installed: 12/28/2005
Customer Experience Enhancement   Ver: Customer Experience Enhancement -1.0.0.1680   Installed: 12/28/2005
Destinations   Ver: 60.0.155.000   Installed: 12/28/2005
DeviceFunctionQFolder   Ver: 1.00.0000   Installed: 7/15/2006
DocProc   Ver: 5.2.0.0   Installed: 7/15/2006
DocumentViewer   Ver: 53.0.13.000   Installed: 7/15/2006
DocumentViewerQFolder   Ver: 1.00.0000   Installed: 7/15/2006
eSupportQFolder   Ver: 1.00.0000   Installed: 7/15/2006
Fax_CDA   Ver: 50.0.214.000   Installed: 7/15/2006
Google Earth   Ver: 3.0.0762   Installed: 7/15/2006
HDAUDIO Soft Data Fax Modem with SmartCP   
HijackThis 1.99.1   Ver: 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)      Installed: 3/14/2007
Hotfix for Windows XP (KB896256)   Ver: 3   Installed: 12/28/2005
Hotfix for Windows XP (KB914440)   Ver: 12   Installed: 12/16/2006
Hotfix for Windows XP (KB915865)   Ver: 10   Installed: 12/16/2006
Hotfix for Windows XP (KB926239)   Ver: 2   Installed: 12/23/2006
HP Document Viewer 5.3   Ver: 5.3
HP Help and Support   Ver: 4.2.0006   Installed: 12/28/2005
HP Imaging Device Functions 6.0   Ver: 6.0
HP Photosmart Premier Software 6.0   Ver: 6.0
HP PSC & OfficeJet 5.3.A   
HP QuickPlay 2.0   
HP Software Update   Ver: 3.0.7.006   Installed: 12/28/2005
HP Solution Center & Imaging Support Tools 5.3   Ver: 5.3
HP User Guides 0009   Ver: 1.07.0001   Installed: 12/28/2005
HP User Guides--System Recovery   Ver: 1.00.0001   Installed: 12/28/2005
HP Wireless Assistant 2.00 B3   Ver: 2.00 B3
HPProductAssistant   Ver: 53.0.13.000   Installed: 7/15/2006
HpSdpAppCoreApp   Ver: 3.00.0000   Installed: 12/28/2005
InstantShareDevices   Ver: 60.0.155.000   Installed: 12/28/2005
Intel® Graphics Media Accelerator Driver   Ver: 6.14.10.4421
Intel® PRO Network Connections Drivers   
Internet Worm Protection   Ver: 12.0.0   Installed: 8/3/2006
J2SE Runtime Environment 5.0 Update 10   Ver: 1.5.0.100   Installed: 1/17/2007
J2SE Runtime Environment 5.0 Update 6   Ver: 1.5.0.60   Installed: 12/28/2005
LightScribe  1.4.52.1   Ver: 1.4.52.1   Installed: 12/28/2005
LimeWire 4.12.11   Ver: 4.12.11
LiveUpdate 3.0 (Symantec Corporation)   Ver: 3.0.0.171
Magic ISO Maker v5.3 (build 0229)   
MagicDisc 2.5.74   
Microsoft .NET Framework 1.1   Ver: 1.1.4322   Installed: 12/28/2005
Microsoft Compression Client Pack 1.0 for Windows XP   Ver: 1   Installed: 12/23/2006
Microsoft Internationalized Domain Names Mitigation APIs      Installed: 12/16/2006
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5      Installed: 3/14/2007
Microsoft Money 2006   Ver: 15
Microsoft National Language Support Downlevel APIs      Installed: 12/16/2006
Microsoft Office Publisher 2003   Ver: 11.0.5614.0   Installed: 6/11/2006
Microsoft Office Standard Edition 2003   Ver: 11.0.5614.0   Installed: 6/11/2006
Microsoft User-Mode Driver Framework Feature Pack 1.0      Installed: 12/23/2006
Microsoft Works   Ver: 08.04.0623   Installed: 12/28/2005
MID Converter 4.2   Ver: 4.2
mIRC   Ver: 6.21
Motorola Driver Installation   Ver: 2.6.2   Installed: 3/13/2007
Motorola Phone Tools   Ver: 4.0.3b 11-5-2005   Installed: 3/11/2007
Motorola PST   Ver: PST 7.2.3 General
Motorola Service Software version 3.5.8 Full Edition Prerelease   
MSXML 4.0 SP2 (KB927978)   Ver: 4.20.9841.0   Installed: 11/15/2006
muvee autoProducer 4.5   Ver: 4.50.050
My Web Search (Zwinky)   
Myst IV - Revelation   Ver: 1
NAVShortcut   Ver: 11.5.0   Installed: 8/3/2006
Nero 6 Demo   
NewCopy_CDA   Ver: 50.0.214.000   Installed: 7/15/2006
Norton AntiVirus 2006   Ver: 12.0.0.94   Installed: 8/3/2006
Norton AntiVirus 2006 (Symantec Corporation)   Ver: 12.0.0.94
Norton AntiVirus Help   Ver: 11.00.00   Installed: 8/3/2006
Norton AntiVirus Parent MSI   Ver: 11.5.0   Installed: 8/3/2006
Norton AntiVirus SYMLT MSI   Ver: 12.0.0   Installed: 8/3/2006
Norton Protection Center   Ver: 1.0.107   Installed: 8/3/2006
Norton WMI Update   Ver: 2005.1.2.20   Installed: 8/3/2006
Office 2003 Trial Assistant   Ver: 1.0.0   Installed: 12/28/2005
OptionalContentQFolder   Ver: 1.00.0000   Installed: 12/28/2005
PanoStandAlone   Ver: 53.0.13.000   Installed: 7/15/2006
PhotoGallery   Ver: 60.0.155.000   Installed: 12/28/2005
ProductContextNPI   Ver: 50.0.214.000   Installed: 7/15/2006
Quick Launch Buttons 5.20 F2   Ver: 5.20 F2
QuickTime   Ver: 7.1   Installed: 8/3/2006
QuickTime   Ver: 7.1   Installed: 8/3/2006
R4 Controller   Ver: 1.5
RandMap   Ver: 60.0.155.000   Installed: 12/28/2005
Readme   Ver: 50.0.214.000   Installed: 7/15/2006
Rhapsody Player Engine   Ver: 1.0.604   Installed: 2/24/2007
Scan   Ver: 5.2.0.0   Installed: 7/15/2006
ScannerCopy   Ver: 5.2.0.0   Installed: 7/15/2006
Security Update for Step By Step Interactive Training (KB898458)   Ver: 20050502.101010   Installed: 6/12/2006
Security Update for Step By Step Interactive Training (KB923723)   Ver: 20050502.101010   Installed: 2/17/2007
Security Update for Windows Internet Explorer 7 (KB928090)   Ver: 20070117.120000   Installed: 2/17/2007
Security Update for Windows Internet Explorer 7 (KB929969)   Ver: 20061222.120000   Installed: 1/10/2007
Security Update for Windows Media Player (KB911564)      Installed: 6/12/2006
Security Update for Windows Media Player 10 (KB911565)      Installed: 6/12/2006
Security Update for Windows Media Player 10 (KB917734)      Installed: 6/16/2006
Security Update for Windows Media Player 6.4 (KB925398)      Installed: 12/17/2006
Security Update for Windows XP (KB890046)   Ver: 1   Installed: 6/12/2006
Security Update for Windows XP (KB893066)   Ver: 2   Installed: 12/28/2005
Security Update for Windows XP (KB893756)   Ver: 1   Installed: 6/12/2006
Security Update for Windows XP (KB896358)   Ver: 1   Installed: 12/28/2005
Security Update for Windows XP (KB896422)   Ver: 1   Installed: 12/28/2005
Security Update for Windows XP (KB896423)   Ver: 1   Installed: 12/28/2005
Security Update for Windows XP (KB896424)   Ver: 1   Installed: 6/12/2006
Security Update for Windows XP (KB896428)   Ver: 1   Installed: 6/12/2006
Security Update for Windows XP (KB899587)   Ver: 1   Installed: 6/12/2006
Security Update for Windows XP (KB899591)   Ver: 1   Installed: 6/12/2006
Security Update for Windows XP (KB900725)   Ver: 1   Installed: 6/12/2006
Security Update for Windows XP (KB901017)   Ver: 1   Installed: 6/12/2006
Security Update for Windows XP (KB901190)   Ver: 1   Installed: 2/26/2007
Security Update for Windows XP (KB901214)   Ver: 1   Installed: 12/28/2005
Security Update for Windows XP (KB902400)   Ver: 1   Installed: 6/12/2006
Security Update for Windows XP (KB903235)   Ver: 1   Installed: 12/28/2005
Security Update for Windows XP (KB904706)   Ver: 2   Installed: 6/12/2006
Security Update for Windows XP (KB905414)   Ver: 1   Installed: 6/12/2006
Security Update for Windows XP (KB905749)   Ver: 1   Installed: 6/12/2006
Security Update for Windows XP (KB908519)   Ver: 1   Installed: 6/12/2006
Security Update for Windows XP (KB911280)   Ver: 1   Installed: 6/16/2006
Security Update for Windows XP (KB911562)   Ver: 1   Installed: 6/12/2006
Security Update for Windows XP (KB911567)   Ver: 1   Installed: 6/12/2006
Security Update for Windows XP (KB911927)   Ver: 1   Installed: 6/12/2006
Security Update for Windows XP (KB912812)   Ver: 1   Installed: 6/12/2006
Security Update for Windows XP (KB912919)   Ver: 1   Installed: 6/12/2006
Security Update for Windows XP (KB913446)   Ver: 1   Installed: 6/12/2006
Security Update for Windows XP (KB913580)   Ver: 1   Installed: 6/12/2006
Security Update for Windows XP (KB914388)   Ver: 1   Installed: 7/12/2006
Security Update for Windows XP (KB914389)   Ver: 1   Installed: 6/16/2006
Security Update for Windows XP (KB916281)   Ver: 1   Installed: 6/16/2006
Security Update for Windows XP (KB917159)   Ver: 1   Installed: 7/12/2006
Security Update for Windows XP (KB917344)   Ver: 1   Installed: 6/16/2006
Security Update for Windows XP (KB917422)   Ver: 1   Installed: 8/14/2006
Security Update for Windows XP (KB917953)   Ver: 1   Installed: 6/16/2006
Security Update for Windows XP (KB918118)   Ver: 1   Installed: 2/17/2007
Security Update for Windows XP (KB918439)   Ver: 1   Installed: 6/16/2006
Security Update for Windows XP (KB918899)   Ver: 1   Installed: 8/14/2006
Security Update for Windows XP (KB919007)   Ver: 1   Installed: 1/14/2006
Security Update for Windows XP (KB920213)   Ver: 1   Installed: 12/16/2006
Security Update for Windows XP (KB920214)   Ver: 1   Installed: 8/14/2006
Security Update for Windows XP (KB920670)   Ver: 1   Installed: 8/14/2006
Security Update for Windows XP (KB920683)   Ver: 1   Installed: 8/14/2006
Security Update for Windows XP (KB920685)   Ver: 1   Installed: 1/14/2006
Security Update for Windows XP (KB921398)   Ver: 1   Installed: 8/14/2006
Security Update for Windows XP (KB921883)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB922616)   Ver: 1   Installed: 8/14/2006
Security Update for Windows XP (KB922760)   Ver: 1   Installed: 11/16/2006
Security Update for Windows XP (KB922819)   Ver: 1   Installed: 10/12/2006
Security Update for Windows XP (KB923191)   Ver: 1   Installed: 10/12/2006
Security Update for Windows XP (KB923414)   Ver: 1   Installed: 10/12/2006
Security Update for Windows XP (KB923689)      Installed: 12/17/2006
Security Update for Windows XP (KB923694)   Ver: 1   Installed: 12/17/2006
Security Update for Windows XP (KB923980)   Ver: 1   Installed: 11/16/2006
Security Update for Windows XP (KB924191)   Ver: 1   Installed: 10/12/2006
Security Update for Windows XP (KB924270)   Ver: 1   Installed: 11/16/2006
Security Update for Windows XP (KB924496)   Ver: 1   Installed: 10/12/2006
Security Update for Windows XP (KB924667)   Ver: 1   Installed: 2/17/2007
Security Update for Windows XP (KB925486)   Ver: 1   Installed: 9/27/2006
Security Update for Windows XP (KB926255)   Ver: 1   Installed: 12/17/2006
Security Update for Windows XP (KB926436)   Ver: 1   Installed: 2/17/2007
Security Update for Windows XP (KB927779)   Ver: 1   Installed: 2/17/2007
Security Update for Windows XP (KB927802)   Ver: 1   Installed: 2/17/2007
Security Update for Windows XP (KB928255)   Ver: 1   Installed: 2/17/2007
Security Update for Windows XP (KB928843)   Ver: 1   Installed: 2/17/2007
SkinsHP1   Ver: 60.0.155.000   Installed: 12/28/2005
SmartAudio   Ver: 1.3.5   Installed: 12/28/2005
SolutionCenter   Ver: 50.0.152.000   Installed: 7/15/2006
Sonic Audio Module   Ver: 2.0.4   Installed: 12/28/2005
Sonic Copy Module   Ver: 2.0.4   Installed: 12/28/2005
Sonic Data Module   Ver: 2.0.4   Installed: 12/28/2005
Sonic Express Labeler   Ver: 2.0.0   Installed: 12/28/2005
Sonic MyDVD Plus   Ver: 6.2.0   Installed: 12/28/2005
Sonic Update Manager   Ver: 3.0.0   Installed: 12/28/2005
Sonic_PrimoSDK   Ver: 60.0.155.000   Installed: 12/28/2005
SPBBC   Ver: 2.0.0.73   Installed: 8/3/2006
Status   Ver: 53.0.13.000   Installed: 7/15/2006
Symantec   Ver: 11.5.0   Installed: 8/3/2006
SymNet   Ver: 6.0.4.402   Installed: 1/20/2006
Synaptics Pointing Device Driver   Ver: 8.2.4.0
TourSetup   Ver: 1.0.0   Installed: 12/28/2005
TrayApp   Ver: 53.0.13.000   Installed: 7/15/2006
TurboTax ItsDeductible 2006   Ver: 10.00.0000   Installed: 1/26/2007
Unload   Ver: 6.0.0   Installed: 12/28/2005
Update for Windows XP (KB894391)   Ver: 1   Installed: 12/28/2005
Update for Windows XP (KB896727)   Ver: 1   Installed: 12/28/2005
Update for Windows XP (KB898461)   Ver: 1   Installed: 6/11/2006
Update for Windows XP (KB900485)   Ver: 2   Installed: 6/12/2006
Update for Windows XP (KB904942)   Ver: 2   Installed: 12/16/2006
Update for Windows XP (KB908531)   Ver: 2   Installed: 6/12/2006
Update for Windows XP (KB910437)   Ver: 1   Installed: 6/12/2006
Update for Windows XP (KB916595)   Ver: 1   Installed: 7/12/2006
Update for Windows XP (KB920872)   Ver: 1   Installed: 1/14/2006
Update for Windows XP (KB922582)   Ver: 1   Installed: 1/14/2006
Update for Windows XP (KB929338)   Ver: 1   Installed: 3/14/2007
Update for Windows XP (KB931836)   Ver: 1   Installed: 2/17/2007
URGE   Ver: 1.1.8115.0   Installed: 12/23/2006
Ventrilo Client   Ver: 2.3.0   Installed: 1/20/2007
WebFldrs XP   Ver: 9.50.7523   Installed: 8/7/2004
WebReg   Ver: 53.0.13.000   Installed: 7/15/2006
WIBU-KEY Setup (WIBU-KEY Remove)   Ver: Version 3.10a of 2001-Nov-28 (Setup)   Installed: 3/7/2015
WildTangent Web Driver   
Windows Driver Package - MicroVision (Mvc25U870_VID_1262&PID_25FD) Image  (11/30/2005 1.0.1.1)   Ver: 11/30/2005 1.0.1.1
Windows Genuine Advantage Notifications (KB905474)   Ver: 1.5.0540.0   Installed: 1/21/2006
Windows Installer 3.1 (KB893803)   
Windows Internet Explorer 7   Ver: 20061107.210142   Installed: 12/16/2006
Windows Live Messenger   Ver: 8.0.0812.00   Installed: 9/7/2006
Windows Live Sign-in Assistant   Ver: 4.000.248.1   Installed: 6/23/2006
Windows Media Format 11 runtime   
Windows Media Format 11 runtime      Installed: 12/23/2006
Windows Media Player 11   
Windows Media Player 11      Installed: 12/23/2006
Windows XP Hotfix - KB873333   Ver: 20050114.005213
Windows XP Hotfix - KB873339   Ver: 20041117.092459
Windows XP Hotfix - KB883667   Ver: 20040812.104354
Windows XP Hotfix - KB884575   Ver: 20040827.145237
Windows XP Hotfix - KB885250   Ver: 20050118.202711
Windows XP Hotfix - KB885464   Ver: 20040927.152742
Windows XP Hotfix - KB885835   Ver: 20041027.181713
Windows XP Hotfix - KB885836   Ver: 20041028.173203
Windows XP Hotfix - KB885855   Ver: 20040930.104104
Windows XP Hotfix - KB885884   Ver: 20040924.025457
Windows XP Hotfix - KB886185   Ver: 20041021.090540
Windows XP Hotfix - KB887472   Ver: 20041014.162858
Windows XP Hotfix - KB887742   Ver: 20041103.095002
Windows XP Hotfix - KB888113   Ver: 20041116.131036
Windows XP Hotfix - KB888239   Ver: 20041124.162528
Windows XP Hotfix - KB888302   Ver: 20041207.111426
Windows XP Hotfix - KB888402   Ver: 20041117.151732
Windows XP Hotfix - KB889673   Ver: 20041116.085848
Windows XP Hotfix - KB890859   Ver: 1   Installed: 6/12/2006
Windows XP Hotfix - KB891781   Ver: 20050110.165439
Windows XP Hotfix - KB892559   Ver: 2   Installed: 12/28/2005
WinRAR archiver   
Wireless Home Network Setup   Ver: 1.1.19.0   Installed: 12/28/2005
Yahoo! Messenger   
Yahoo! Toolbar   
Yahoo! Toolbar
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
info stealer winfixer vundo trojan pls help
« Reply #5 on: March 29, 2007, 12:45:48 PM »
[color=\"blue\"]Your Java Runtime Environment is out of date.[/color] Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

[color=\"blue\"]Updating Java:[/color]
  • Download the latest version of   Java(tm) SE Runtime Environment 6 Update 1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement[/i]".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language  and save it to your desktop (12.6 MB).
  • Close any programs you may have running - especially any web browsers.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
This includes both
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6

Don't install the new version yet

Instead, keep all browser windows closed
Optionally, but I suggest that you also uninstall from Add/remove programs
My Web Search (Zwinky)
WildTangent Web Driver

Afterwards, Download [color=\"blue\"]VundoFix.exe[/color]
to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files,  click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button."

Go ahead and install the latest version of Java from the installer on desktop

Post back the following please
1. Run Hijackthis.exe again (Aaron.exe) and post a fresh log
2. Post the report from Vundofix>>C:\Vundofix.txt
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Aaron40002

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
info stealer winfixer vundo trojan pls help
« Reply #6 on: March 29, 2007, 01:18:32 PM »
ok heres the hgt log i got a run dll error last time i rebooted i dident cath the exact name but i havent hap any random sites pop up yet

Logfile of HijackThis v1.99.1
Scan saved at 1:13:32 PM, on 3/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hgt\Aaron.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {035867B5-5F41-45B1-950F-0850FCE3E20B} - C:\WINDOWS\system32\awvtt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\qvgeyagq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\nfytthhh.dll",setvm
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe


and the vunvo log


VundoFix V6.3.18

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 12:55:42 PM 3/29/2007

Listing files found while scanning....


VundoFix V6.3.18

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 12:58:37 PM 3/29/2007

Listing files found while scanning....

C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\byxusrr.dll
C:\WINDOWS\system32\hhhttyfn.ini
C:\WINDOWS\system32\hhhttyfn.ini2
C:\WINDOWS\system32\hhhttyfn.tmp
C:\WINDOWS\system32\iifddbc.dll
C:\WINDOWS\system32\khfghhe.dll
C:\WINDOWS\system32\nfytthhh.dll
C:\WINDOWS\system32\qvgeyagq.dll
C:\WINDOWS\system32\ssqrrrr.dll
C:\WINDOWS\system32\ttvwa.bak1
C:\WINDOWS\system32\ttvwa.bak2
C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\ttvwa.ini2
C:\WINDOWS\system32\ttvwa.tmp
C:\WINDOWS\system32\xxyvutq.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\awvtt.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\byxusrr.dll
C:\WINDOWS\system32\byxusrr.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hhhttyfn.ini
C:\WINDOWS\system32\hhhttyfn.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hhhttyfn.ini2
C:\WINDOWS\system32\hhhttyfn.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hhhttyfn.tmp
C:\WINDOWS\system32\hhhttyfn.tmp Has been deleted!

 Attempting to delete C:\WINDOWS\system32\iifddbc.dll
C:\WINDOWS\system32\iifddbc.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\khfghhe.dll
C:\WINDOWS\system32\khfghhe.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\nfytthhh.dll
C:\WINDOWS\system32\nfytthhh.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qvgeyagq.dll
C:\WINDOWS\system32\qvgeyagq.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ssqrrrr.dll
C:\WINDOWS\system32\ssqrrrr.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ttvwa.bak1
C:\WINDOWS\system32\ttvwa.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ttvwa.bak2
C:\WINDOWS\system32\ttvwa.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\ttvwa.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ttvwa.ini2
C:\WINDOWS\system32\ttvwa.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ttvwa.tmp
C:\WINDOWS\system32\ttvwa.tmp Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xxyvutq.dll
C:\WINDOWS\system32\xxyvutq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\iifddbc.dll
C:\WINDOWS\system32\iifddbc.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xxyvutq.dll
C:\WINDOWS\system32\xxyvutq.dll Has been deleted!

Performing Repairs to the registry.
Done!




and thx for the fast repsones very helpful
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
info stealer winfixer vundo trojan pls help
« Reply #7 on: March 29, 2007, 01:49:56 PM »
If you haven't remove BOTH of these older versions of Java in Add/remove programs
Do so now please
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6


Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {035867B5-5F41-45B1-950F-0850FCE3E20B} - C:\WINDOWS\system32\awvtt.dll (file missing)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\qvgeyagq.dll (file missing)
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\nfytthhh.dll",setvm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab

Optionally, i would tick the next one too
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
It doesn't need to run on startup, you can manually start it when needed

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer

Back in Windows
Everything looks good

I would suggest that you may still want to do the following
I see you have Ad-Aware SE Personal installed as a spyware scanner
That's great

Another good tool you may want to add
Download and Install Spybot 1.4 from
HERE

Install with default settings
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates (or right click and Select All)
Ensure all updates are successful, a GREEN check will indicate this
If you have an error updating, search for updates again and retry the download until all updates are successfully installed
After update is complete

Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer to finish any cleaning process

Back in Windows
Utilize the Immunization feature to help with protection
Open Spybot>>Click Immunization>>OK>>Immunization at the top Green cross

Another great tool to help prevent malware
Install
SpywareBlaster 3.5.1 by JavaCool  
    *Will block bad ActiveX Controls
    *Block Malevolent cookies in Internet Explorer and Firefox
    *Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

After doing all the above, if you feel everything is running smooth, I suggest that you also do the following
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Create a New restore point
Give it a name and click Create
When that's done

Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating

Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made
Give this time to clear and then click OK
This ensures you have a clean restore point and no chance of reinfecting from an older one

Hope that helps http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
« Last Edit: March 29, 2007, 04:19:54 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »