Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2] 3  All   Go Down

Author Topic: Virus issues, Downloader, Trojan.Vundo, Trojan Horse  (Read 31896 times)

0 Members and 1 Guest are viewing this topic.

queenbunnywitch

    Topic Starter


    Beginner

    Re: Virus issues, Downloader, Trojan.Vundo, Trojan Horse
    « Reply #15 on: September 22, 2007, 05:22:40 PM »
    okay, i did most of that.

    i couldnt delete the mllmm.dll file, it was giving me the same message when i tried deleting the byxxutr.dll file. the desktop kept disappearing and it wouldnt give me enough time to try to delete it in the actual folder itself so i tried it in killbox and thats where i got the message.

    everything in hjt you told me to delete is gone except for
    O2 - BHO: (no name) - {A07C23E2-50F5-4C49-858D-684BE62D641F} - C:\WINDOWS\system32\mllmm.dll

    heres my log

    Logfile of HijackThis v1.99.1
    Scan saved at 6:11:06 PM, on 9/22/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\Program Files\analyse\analyse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://firstdatajobs.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {055DE62A-25B5-4469-BF90-968C8FBE2B35} - C:\WINDOWS\system32\mllmm.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\rcwoawin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\bak\PopUpKiller.EXE
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\bak\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\yyufegna.dll",sitypnow
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/239ebff5dd55e2868019/netzip/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190263651562
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190263605609
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popinsaniquarium/popcaploader_v10.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Logged

    CBMatt

    • Mod & Malware Specialist


      • Prodigy

    • Sad and lonely...and loving every minute of it.
      • Thanked: 167
      • Yes
    • Experience: Experienced
    • OS: Windows 7
    Re: Virus issues, Downloader, Trojan.Vundo, Trojan Horse
    « Reply #16 on: September 23, 2007, 04:14:57 AM »
    You tried VundoFix again?  If it's not getting rid of the infection, then you can try to download ComboFix and save it to your desktop.  Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says.  Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt.  Go ahead and post that here.  Note: Don't click on the window while it's running; this may cause stalls.
    Logged
    Quote
    An undefined problem has an infinite number of solutions.
    由obert A. Humphrey

    queenbunnywitch

      Topic Starter


      Beginner

      Re: Virus issues, Downloader, Trojan.Vundo, Trojan Horse
      « Reply #17 on: September 23, 2007, 04:48:54 PM »
      yeah, i did everything you said in the order in which it was described...i just couldnt delete that file.

      ill try combofix hopefully thatll work, thanks for your help!
      Logged

      queenbunnywitch

        Topic Starter


        Beginner

        Re: Virus issues, Downloader, Trojan.Vundo, Trojan Horse
        « Reply #18 on: September 23, 2007, 05:01:52 PM »
        i tried to run combofix and this happened...



        i dunno whats up with that pop up but it only came up when trying to run combofix.
        Logged

        queenbunnywitch

          Topic Starter


          Beginner

          Re: Virus issues, Downloader, Trojan.Vundo, Trojan Horse
          « Reply #19 on: September 24, 2007, 01:00:02 AM »
          okay i tried combofix again and this is the log it generated


          ComboFix 07-09-21.2 - "starrs crap" 2007-09-24  1:47:08.1 - NTFSx86
          Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.238 [GMT -5:00]
           * Created a new restore point
          .

          (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\check_LSA7.txt
          C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
          C:\DOCUME~1\User\Desktop\internet.lnk
          C:\Program Files\WinBudget
          C:\Temp\fse
          C:\WINDOWS\cookies.ini
          C:\WINDOWS\NDNuninstall4_88.exe
          C:\WINDOWS\NDNuninstall4_94.exe
          C:\WINDOWS\NDNuninstall5_40.exe
          C:\WINDOWS\NDNuninstall5_48.exe
          C:\WINDOWS\system32\acorwuct.exe
          C:\WINDOWS\system32\ampybobd.exe
          C:\WINDOWS\system32\arkhrimt.exe
          C:\WINDOWS\system32\begniggx.exe
          C:\WINDOWS\system32\bffjlwxe.exe
          C:\WINDOWS\system32\cyaiemlt.exe
          C:\WINDOWS\system32\ddsxylos.exe
          C:\WINDOWS\system32\driver
          C:\WINDOWS\system32\driver\bcm43xx.cat
          C:\WINDOWS\system32\driver\RNDISMP.sys
          C:\WINDOWS\system32\driver\RNDISMPK.sys
          C:\WINDOWS\system32\driver\usb8023.sys
          C:\WINDOWS\system32\driver\usb8023k.sys
          C:\WINDOWS\system32\ehfcowka.exe
          C:\WINDOWS\system32\ehimbgjo.exe
          C:\WINDOWS\system32\fpypyjjh.exe
          C:\WINDOWS\system32\ftmxmvar.ini
          C:\WINDOWS\system32\fuoryjrp.exe
          C:\WINDOWS\system32\iekvjokh.exe
          C:\WINDOWS\system32\ilhynaqo.exe
          C:\WINDOWS\system32\jcbumtyh.dll
          C:\WINDOWS\system32\leosjlam.exe
          C:\WINDOWS\system32\lqvljwfc.exe
          C:\WINDOWS\system32\mgciijwt.dll
          C:\WINDOWS\system32\mllmm.dll
          C:\WINDOWS\system32\mmllm.bak1
          C:\WINDOWS\system32\mmllm.bak2
          C:\WINDOWS\system32\mmllm.ini
          C:\WINDOWS\system32\mmllm.ini2
          C:\WINDOWS\system32\mmllm.tmp
          C:\WINDOWS\system32\qfjdgdkc.exe
          C:\WINDOWS\system32\ravmxmtf.dll
          C:\WINDOWS\system32\ripddejx.exe
          C:\WINDOWS\system32\rqfsrtbp.exe
          C:\WINDOWS\system32\rrnyvyrx.ini
          C:\WINDOWS\system32\rsplwsxs.exe
          C:\WINDOWS\system32\sqqetqsb.exe
          C:\WINDOWS\system32\twjiicgm.ini
          C:\WINDOWS\system32\vwkmnvao.exe
          C:\WINDOWS\system32\wfyfdcei.exe
          C:\WINDOWS\system32\xcxivlig.exe
          C:\WINDOWS\system32\xryvynrr.dll
          C:\WINDOWS\system32\yjgpmuvw.exe

          .
          (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


          -------\LEGACY_DOMAINSERVICE
          -------\DomainService


          (((((((((((((((((((((((((   Files Created from 2007-08-24 to 2007-09-24  )))))))))))))))))))))))))))))))
          .

          2007-09-23 17:51   51,200   --a------   C:\WINDOWS\NirCmd.exe
          2007-09-23 17:39   85,568   --a------   C:\WINDOWS\system32\yaabdhcs.dll
          2007-09-21 23:42   <DIR>   d--------   C:\Program Files\analyse
          2007-09-21 21:27   87,616   --a------   C:\WINDOWS\system32\kmclfijb.dll
          2007-09-21 21:24   <DIR>   d--------   C:\!KillBox
          2007-09-21 19:50   87,616   --a------   C:\WINDOWS\system32\pgrahpun.dll
          2007-09-21 19:21   <DIR>   d--------   C:\WINDOWS\pss
          2007-09-21 19:10   <DIR>   d--------   C:\Program Files\CCleaner
          2007-09-21 18:41   <DIR>   d--------   C:\DOCUME~1\STARRS~1\APPLIC~1\MSN6
          2007-09-21 18:19   87,616   --a------   C:\WINDOWS\system32\wamnhcng.dll
          2007-09-20 03:16   <DIR>   d--------   C:\Program Files\MSXML 6.0
          2007-09-20 03:05   <DIR>   d--------   C:\Program Files\MSXML 4.0
          2007-09-19 23:32   <DIR>   d--------   C:\Program Files\Enigma Software Group
          2007-09-19 23:08   <DIR>   d--------   C:\VundoFix Backups
          2007-09-18 03:49   <DIR>   d--------   C:\Program Files\RogueRemover FREE
          2007-09-17 01:19   <DIR>   d--------   C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
          2007-09-17 01:14   89,088   --a------   C:\WINDOWS\system32\atl71.dll
          2007-09-17 01:08   44,054   --a------   C:\WINDOWS\system32\byxxutr.dll.vir
          2007-09-17 01:08   <DIR>   d--------   C:\Temp
          2007-09-15 21:07   107,888   --a------   C:\WINDOWS\system32\CmdLineExt.dll
          2007-09-15 21:07   <DIR>   dr-h-----   C:\DOCUME~1\STARRS~1\APPLIC~1\SecuROM
          2007-09-02 23:03   2,146   --a------   C:\WINDOWS\mozver.dat
          2007-09-01 02:08   <DIR>   d--------   C:\DOCUME~1\STARRS~1\APPLIC~1\Google
          2007-08-31 18:31   <DIR>   d--------   C:\WINDOWS\system32\bak

          .
          ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2007-09-21 19:48   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
          2007-09-16 21:13   ---------   d--------   C:\Program Files\DivX
          2007-09-08 22:42   ---------   d--------   C:\DOCUME~1\STARRS~1\APPLIC~1\uTorrent
          2007-09-01 02:07   ---------   d--------   C:\DOCUME~1\STARRS~1\APPLIC~1\Yahoo!
          2007-09-01 02:04   ---------   d--------   C:\Program Files\Yahoo!
          2007-09-01 02:04   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
          2007-08-31 18:39   ---------   d--------   C:\Program Files\Zune
          2007-08-31 18:39   ---------   d--------   C:\Program Files\PopUp Killer
          2007-08-31 18:39   ---------   d--------   C:\Program Files\NavNT
          2003-11-15 20:33:00   8   --sh--r   C:\WINDOWS\system32\C5DE55205B.sys
          2003-11-15 20:33:00   1,682   --sha-w   C:\WINDOWS\system32\KGyGaAvL.sys
          .

          (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
           
          *Note* empty entries & legit default entries are not shown

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-08-31 18:36]
          "windows auto update"="" []
          "vptray"="C:\Program Files\NavNT\vptray.exe" [2007-08-31 18:36]
          "PopUpKiller"="C:\Program Files\PopUp Killer\bak\PopUpKiller.EXE" [2001-08-27 15:54]
          "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 04:50 C:\WINDOWS\LOGI_MWX.EXE]
          "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29]
          "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-31 18:36]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
          "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
          "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
          "Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-08-31 18:36]
          "QuickTime Task"="E:\Program Files\QuickTime\bak\qttask.exe" [2007-04-27 09:41]
          "SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-08-31 18:36]
          "MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-08-31 18:36]
          "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Aim6"="" []
          "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2007-08-31 18:36]
          "Yahoo! Pager"="E:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-27 16:19]
          "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-04 22:58]

          C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
          ClientManager3.lnk - C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe [2007-01-24 19:32:48]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
          "{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

          R1 BUFADPT;BUFADPT;\??\C:\WINDOWS\system32\BUFADPT.SYS
          S3 ICAM5USB;Intel(r) PC Camera CS110;C:\WINDOWS\system32\Drivers\Icam5USB.sys


          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
          AutoRun\command- D:\Autorun.exe

          .
          Contents of the 'Scheduled Tasks' folder
          "2007-08-30 23:12:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          .
          **************************************************************************

          catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2007-09-24 01:56:37
          Windows 5.1.2600 Service Pack 2 NTFS

          scanning hidden processes ...

          scanning hidden autostart entries ...

          scanning hidden files ...

          scan completed successfully
          hidden files: 0

          **************************************************************************
          .
          Completion time: 2007-09-24  1:58:51 - machine was rebooted
          C:\ComboFix-quarantined-files.txt ... 2007-09-24 01:58
          .
             --- E O F ---
          Logged

          CBMatt

          • Mod & Malware Specialist


            • Prodigy

          • Sad and lonely...and loving every minute of it.
            • Thanked: 167
            • Yes
          • Experience: Experienced
          • OS: Windows 7
          Re: Virus issues, Downloader, Trojan.Vundo, Trojan Horse
          « Reply #20 on: September 24, 2007, 09:01:47 PM »
          Looks like ComboFix found quite a few Vundo files.  Now, go ahead and post a new HijackThis log and let me know how your computer is running.
          Logged
          Quote
          An undefined problem has an infinite number of solutions.
          由obert A. Humphrey

          queenbunnywitch

            Topic Starter


            Beginner

            Re: Virus issues, Downloader, Trojan.Vundo, Trojan Horse
            « Reply #21 on: September 25, 2007, 02:01:42 AM »
            i think its actually gone now, i havent had any pop ups. When i was infected my antivirus would remind me every 30 seconds and it has stopped. Also when i was infected i noticed in IE, in internet options and add-ons currently running there was an application for mmllm.exe and thats gone now so...im guessing im all clean

            heres my log just in case

            Logfile of HijackThis v1.99.1
            Scan saved at 3:00:03 AM, on 9/25/2007
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
            C:\Program Files\NavNT\defwatch.exe
            C:\Program Files\NavNT\rtvscan.exe
            C:\WINDOWS\system32\nvsvc32.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Viewpoint\Common\ViewpointService.exe
            C:\WINDOWS\system32\MsgSys.EXE
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\WgaTray.exe
            C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
            C:\Program Files\PopUp Killer\bak\PopUpKiller.EXE
            C:\WINDOWS\System32\ezSP_Px.exe
            C:\Program Files\Logitech\MouseWare\system\em_exec.exe
            C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
            C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
            E:\PROGRA~2\Yahoo!\MESSEN~1\ymsgr_tray.exe
            C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
            C:\Program Files\analyse\analyse.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://firstdatajobs.com/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
            O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
            O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
            O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
            O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
            O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\bak\PopUpKiller.EXE
            O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
            O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
            O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
            O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\bak\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
            O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
            O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
            O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
            O4 - HKCU\..\Run: [Yahoo! Pager] "E:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
            O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
            O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
            O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O15 - Trusted Zone: *.whataboutadog.com
            O15 - Trusted Zone: *.whataboutarabit.com
            O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
            O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
            O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
            O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.com/resources/MsnPUpld.cab
            O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/239ebff5dd55e2868019/netzip/RdxIE601.cab
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190263651562
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190263605609
            O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
            O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
            O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
            O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popinsaniquarium/popcaploader_v10.cab
            O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
            O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
            O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
            O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
            O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
            O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
            O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
            O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
            O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
            O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
            O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
            O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
            O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
            O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



            thank you so much for helping me out.
            Logged

            oddjob



              Hopeful

              Thanked: 4
              • Experience: Beginner
              • OS: Windows 7
              Re: Virus issues, Downloader, Trojan.Vundo, Trojan Horse
              « Reply #22 on: September 25, 2007, 03:13:13 AM »
              CBMatt quick visit ... when you look at this one you'll probably see you have a few "(no name)....(no file)" entries to fix and those 015's are still there.

              Viewpoint ... your choice. If it were me I'd get rid of it.


              However this ...

              O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/239ebff5dd55e2868019/netzip/RdxIE601.cab  is Netster related & must go.


              This one ...

              O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popinsaniquarium/popcaploader_v10.cab  "popcaploader" can slow the machine down. Should go.


              All the best.  ;D


              OJ

              Logged

              CBMatt

              • Mod & Malware Specialist


                • Prodigy

              • Sad and lonely...and loving every minute of it.
                • Thanked: 167
                • Yes
              • Experience: Experienced
              • OS: Windows 7
              Re: Virus issues, Downloader, Trojan.Vundo, Trojan Horse
              « Reply #23 on: September 25, 2007, 12:59:14 PM »
              Thanks for the always-welcome input, oddjob.  I'm handling logs a bit differently for the time being.  Because I've become so busy, I'm trying to address the main issues and clean up the logs a little bit before getting rid of the other stuff.  In this case, I wanted to make sure Vundo was taken care of before worrying about the other entries.  It keeps me from overloading myself.  It also prevents me from wasting my time and giving a complete analysis of a log, only to have the person never respond.

              Quote from: oddjob on September 25, 2007, 03:13:13 AM
              Viewpoint ... your choice. If it were me I'd get rid of it.
              Agreed.  Viewpoint is just a waste of space and really isn't necessary.  No point in keeping it.


              queenbunnywitch,
              Your log looks a lot better now.  But as oddjob has already pointed out, there are still a few things to take care of.  And there are also a few files that ComboFix didn't delete, but we will hopefully be able to take care of them manually.  Once we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file.  Open HijackThis and scan again.  Check the following entries, but don't do anything to them yet...

              O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
              O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

              O15 - Trusted Zone: *.whataboutadog.com
              O15 - Trusted Zone: *.whataboutarabit.com

              O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/239ebff5dd55e2868019/netzip/RdxIE601.cab
              O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popinsaniquarium/popcaploader_v10.cab

              O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

              Now, close all windows (including this one) besides HijackThis, then click Fix Checked.  Close HijackThis and reboot into Safe Mode and enable hidden files and folders.

              Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following (if present)...

              Viewpoint

              Please note any other programs that you dont recognize in that list in your next response.

              Navigate to and delete the following folder(s) if present...

              C:\Program Files\Viewpoint

              Navigate to and delete the following file(s) if present...

              C:\WINDOWS\system32\byxxutr.dll.vir
              C:\WINDOWS\system32\kmclfijb.dll
              C:\WINDOWS\system32\pgrahpun.dll
              C:\WINDOWS\system32\wamnhcng.dll
              C:\WINDOWS\system32\yaabdhcs.dll

              Once you've done all of this, reboot into Normal Mode and post a new HijackThis log so we can see if there's any other junk we need to clean up.  Let me know how everything's running now and if you had any problems following my steps.

              If you can't delete those files, try using KillBox.  If that doesn't work, then let me know; there's another method we can use to get rid of them.
              Logged
              Quote
              An undefined problem has an infinite number of solutions.
              由obert A. Humphrey

              queenbunnywitch

                Topic Starter


                Beginner

                Re: Virus issues, Downloader, Trojan.Vundo, Trojan Horse
                « Reply #24 on: September 25, 2007, 05:05:03 PM »
                so far no pop ups and nothing else suspicious going on. my antivirus just hangs out without bothering me every 30 seconds. i did run a complete virus scan and it came back with 30 items and quarantined them all.

                i did everything you said. all the files deleted except for byxxutr.dll.vir but it was quarantined so i deleted it and everything else that was quarantined.

                i noticed that when i was still having problems, safe mode really wouldnt let me do anything, the box reminding me im in safe mode would pop up often and then disappear with the desktop, and any windows i had opened. i had to keep bringing up the task manager and selecting run and running C:\WINDOWS\ to get an error that would pull the desktop back up. now that things are working the way they used that didnt happen once when i ran it in safe mode a few minutes ago.

                so heres my log.



                Logfile of HijackThis v1.99.1
                Scan saved at 5:58:36 PM, on 9/25/2007
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v6.00 SP2

                (6.00.2900.2180)

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\BUFFALO\Client

                Manager3\bwsvc\bwsvc.exe
                C:\Program Files\NavNT\defwatch.exe
                C:\Program Files\NavNT\rtvscan.exe
                C:\WINDOWS\system32\nvsvc32.exe
                C:\WINDOWS\Explorer.EXE
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\NavNT\vptray.exe
                C:\Program Files\PopUp

                Killer\bak\PopUpKiller.EXE
                C:\WINDOWS\System32\ezSP_Px.exe
                C:\Program

                Files\Logitech\MouseWare\system\em_exec.exe
                C:\Program Files\Yahoo!\Search

                Protection\SearchProtection.exe
                C:\Program

                Files\Java\jre1.6.0_02\bin\jusched.exe
                C:\Program

                Files\Google\GoogleToolbarNotifier\GoogleToolba

                rNotifier.exe
                C:\Program Files\BUFFALO\Client

                Manager3\cm3_tray.exe
                C:\WINDOWS\system32\WgaTray.exe
                C:\WINDOWS\system32\MsgSys.EXE
                E:\PROGRA~2\Yahoo!\MESSEN~1\ymsgr_tray.e

                xe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\system32\wuauclt.exe
                C:\Program Files\NavNT\bak\vptray.exe
                c:\program files\internet explorer\iexplore.exe
                C:\Program Files\analyse\analyse.exe

                R0 - HKCU\Software\Microsoft\Internet

                Explorer\Main,Start Page =

                http://firstdatajobs.com/
                R1 - HKLM\Software\Microsoft\Internet

                Explorer\Main,Default_Page_URL =

                http://www.yahoo.com/
                R1 - HKLM\Software\Microsoft\Internet

                Explorer\Main,Search Bar =

                http://us.rd.yahoo.com/customize/ie/defaults/sb/

                msgr8/*http://www.yahoo.com/ext/search/search

                .html
                R1 - HKLM\Software\Microsoft\Internet

                Explorer\Main,Search Page =

                http://us.rd.yahoo.com/customize/ie/defaults/sp/

                msgr8/*http://www.yahoo.com
                R0 - HKLM\Software\Microsoft\Internet

                Explorer\Main,Start Page =

                http://www.yahoo.com/
                O2 - BHO: AcroIEHlprObj Class -

                {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

                - C:\Program Files\Adobe\Acrobat

                6.0\Reader\ActiveX\AcroIEHelper.dll
                O2 - BHO: (no name) -

                {53707962-6F74-2D53-2644-206D7942484F} -

                C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                O2 - BHO: Yahoo! IE Services Button -

                {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}

                - C:\Program Files\Yahoo!\Common\yiesrvc.dll
                O2 - BHO: SSVHelper Class -

                {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

                - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                O2 - BHO: Google Toolbar Helper -

                {AA58ED58-01DD-4d91-8333-CF10577473F7} -

                c:\program files\google\googletoolbar1.dll
                O2 - BHO: Google Toolbar Notifier BHO -

                {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

                - C:\Program

                Files\Google\GoogleToolbarNotifier\2.0.301.7164\

                swg.dll
                O3 - Toolbar: &Google -

                {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

                c:\program files\google\googletoolbar1.dll
                O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI

                Technologies\ATI Control Panel\atiptaxx.exe
                O4 - HKLM\..\Run: [vptray] C:\Program

                Files\NavNT\vptray.exe
                O4 - HKLM\..\Run: [PopUpKiller] C:\Program

                Files\PopUp Killer\bak\PopUpKiller.EXE
                O4 - HKLM\..\Run: [Logitech Utility]

                Logi_MwX.Exe
                O4 - HKLM\..\Run: [ezShieldProtector for Px]

                C:\WINDOWS\System32\ezSP_Px.exe
                O4 - HKLM\..\Run: [TkBellExe] "C:\Program

                Files\Common

                Files\Real\Update_OB\realsched.exe"  -osboot
                O4 - HKLM\..\Run: [NvCplDaemon]

                RUNDLL32.EXE

                C:\WINDOWS\system32\NvCpl.dll,NvStartup
                O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                O4 - HKLM\..\Run: [NvMediaCenter]

                RUNDLL32.EXE

                C:\WINDOWS\system32\NvMcTray.dll,NvTaskba

                rInit
                O4 - HKLM\..\Run: [Zune Launcher] "C:\Program

                Files\Zune\ZuneLauncher.exe"
                O4 - HKLM\..\Run: [QuickTime Task]

                "E:\Program Files\QuickTime\bak\qttask.exe"

                -atboottime
                O4 - HKLM\..\Run: [SMSTray] C:\Program

                Files\Samsung\Samsung Media Studio

                5\SMSTray.exe
                O4 - HKLM\..\Run: [MAAgent] C:\Program

                Files\MarkAny\ContentSafer\MAAgent.exe
                O4 - HKLM\..\Run: [YSearchProtection]

                "C:\Program Files\Yahoo!\Search

                Protection\SearchProtection.exe"
                O4 - HKLM\..\Run: [SunJavaUpdateSched]

                "C:\Program

                Files\Java\jre1.6.0_02\bin\jusched.exe"
                O4 - HKCU\..\Run: [SsAAD.exe]

                C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
                O4 - HKCU\..\Run: [Yahoo! Pager]

                "E:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1

                .EXE" -quiet
                O4 - HKCU\..\Run: [YSearchProtection]

                C:\Program Files\Yahoo!\Search

                Protection\SearchProtection.exe
                O4 - HKCU\..\Run: [swg] C:\Program

                Files\Google\GoogleToolbarNotifier\GoogleToolba

                rNotifier.exe
                O4 - Global Startup: ClientManager3.lnk =

                C:\Program Files\BUFFALO\Client

                Manager3\cm3_tray.exe
                O9 - Extra button: (no name) -

                {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

                C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console -

                {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

                C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                O9 - Extra button: Yahoo! Services -

                {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}

                - C:\Program Files\Yahoo!\Common\yiesrvc.dll
                O9 - Extra button: Messenger -

                {FB5F1910-F110-11d2-BB9E-00C04F795683} -

                C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows

                Messenger -

                {FB5F1910-F110-11d2-BB9E-00C04F795683} -

                C:\Program Files\Messenger\msmsgs.exe
                O15 - Trusted Zone: *.whataboutarabit.com
                O16 - DPF:

                {00B71CFB-6864-4346-A978-C0A14556272C}

                (Checkers Class) -

                http://messenger.zone.msn.com/binary/msgrchkr

                .cab
                O16 - DPF:

                {01FE8D0A-51AD-459B-B62B-85E135128B32}

                (DD_v4.DDv4) -

                http://www.drivershq.com/DD_v4.CAB
                O16 - DPF:

                {2917297F-F02B-4B9D-81DF-494B6333150B}

                (Minesweeper Flags Class) -

                http://messenger.zone.msn.com/binary/MineSwe

                eper.cab
                O16 - DPF:

                {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

                (Installation Support) - C:\Program

                Files\Yahoo!\Common\Yinsthelper.dll
                O16 - DPF:

                {4F1E5B1A-2A80-42CA-8532-2D05CB959537}

                (MSN Photo Upload Tool) -

                http://by122fd.bay122.hotmail.msn.com/resource

                s/MsnPUpld.cab
                O16 - DPF:

                {6414512B-B978-451D-A0D8-FCFDF33E833C}

                (WUWebControl Class) -

                http://www.update.microsoft.com/microsoftupdat

                e/v6/V5Controls/en/x86/client/wuweb_site.cab?11

                90263651562
                O16 - DPF:

                {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

                (MUWebControl Class) -

                http://www.update.microsoft.com/microsoftupdat

                e/v6/V5Controls/en/x86/client/muweb_site.cab?1

                190263605609
                O16 - DPF:

                {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}

                (MessengerStatsClient Class) -

                http://messenger.zone.msn.com/binary/Messeng

                erStatsClient.cab
                O16 - DPF:

                {A90A5822-F108-45AD-8482-9BC8B12DD539}

                (Crucial cpcScan) -

                http://www.crucial.com/controls/cpcScanner.cab
                O16 - DPF:

                {B8BE5E93-A60C-4D26-A2DC-220313175592}

                (ZoneIntro Class) -

                http://cdn2.zone.msn.com/binFramework/v10/ZInt

                ro.cab34246.cab
                O18 - Protocol: livecall -

                {828030A1-22C1-4009-854F-8E305202313F} -

                C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                O18 - Protocol: msnim -

                {828030A1-22C1-4009-854F-8E305202313F} -

                C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                O20 - Winlogon Notify: NavLogon -

                C:\WINDOWS\System32\NavLogon.dll
                O20 - Winlogon Notify: WgaLogon -

                C:\WINDOWS\SYSTEM32\WgaLogon.dll
                O21 - SSODL: WPDShServiceObj -

                {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

                C:\WINDOWS\system32\WPDShServiceObj.dll
                O23 - Service: Ati HotKey Poller - Unknown

                owner - C:\WINDOWS\System32\Ati2evxx.exe
                O23 - Service: ATI Smart - Unknown owner -

                C:\WINDOWS\system32\ati2sgag.exe
                O23 - Service: Bwsvc - BUFFALO INC. -

                C:\Program Files\BUFFALO\Client

                Manager3\bwsvc\bwsvc.exe
                O23 - Service: DefWatch - Symantec

                Corporation - C:\Program

                Files\NavNT\defwatch.exe
                O23 - Service: Google Updater Service (gusvc) -

                Google - C:\Program

                Files\Google\Common\Google

                Updater\GoogleUpdaterService.exe
                O23 - Service: InstallDriver Table Manager

                (IDriverT) - Macrovision Corporation - C:\Program

                Files\Common Files\InstallShield\Driver\1150\Intel

                32\IDriverT.exe
                O23 - Service: MSCSPTISRV - Sony Corporation

                - C:\Program Files\Common Files\Sony

                Shared\AVLib\MSCSPTISRV.exe
                O23 - Service: Norton AntiVirus Client (Norton

                AntiVirus Server) - Symantec Corporation -

                C:\Program Files\NavNT\rtvscan.exe
                O23 - Service: NVIDIA Display Driver Service

                (NVSvc) - NVIDIA Corporation -

                C:\WINDOWS\system32\nvsvc32.exe
                O23 - Service: PACSPTISVR - Sony Corporation

                - C:\Program Files\Common Files\Sony

                Shared\AVLib\PACSPTISVR.exe
                O23 - Service: Sony SPTI Service (SPTISRV) -

                Sony Corporation - C:\Program Files\Common

                Files\Sony Shared\AVLib\SPTISRV.exe

                Logged

                queenbunnywitch

                  Topic Starter


                  Beginner

                  Re: Virus issues, Downloader, Trojan.Vundo, Trojan Horse
                  « Reply #25 on: September 28, 2007, 05:41:51 AM »
                  so....?
                  Logged

                  oddjob



                    Hopeful

                    Thanked: 4
                    • Experience: Beginner
                    • OS: Windows 7
                    Re: Virus issues, Downloader, Trojan.Vundo, Trojan Horse
                    « Reply #26 on: September 28, 2007, 07:37:22 AM »
                    Your latest log is difficult to read as the "Wordwrap" function on your Notepad program has been changed.

                    If you look at your previous logs they were laid out differently.

                    Please UNcheck Word Wrap in Notepad (Click on Format > UNcheck Word Wrap) then rescan & repost a new log.

                    Bear with us. We're not online all the time. Someone will get back to you as soon as possible.


                    OJ
                    Logged

                    CBMatt

                    • Mod & Malware Specialist


                      • Prodigy

                    • Sad and lonely...and loving every minute of it.
                      • Thanked: 167
                      • Yes
                    • Experience: Experienced
                    • OS: Windows 7
                    Re: Virus issues, Downloader, Trojan.Vundo, Trojan Horse
                    « Reply #27 on: September 28, 2007, 09:31:46 AM »
                    oddjob is right; your log is very difficult to read, which makes it difficult to clearly see if you're clean or not.  I can see that you still have this entry, though...

                    O15 - Trusted Zone: *.whataboutarabit.com

                    Check that entry and remove it (just like you removed the other entries), and then please repost your log.
                    Logged
                    Quote
                    An undefined problem has an infinite number of solutions.
                    由obert A. Humphrey

                    queenbunnywitch

                      Topic Starter


                      Beginner

                      Re: Virus issues, Downloader, Trojan.Vundo, Trojan Horse
                      « Reply #28 on: September 28, 2007, 10:05:50 PM »
                      ok sorry for getting impatient i thought responses were gonna go dead or something. heres the log again


                      Logfile of HijackThis v1.99.1
                      Scan saved at 11:04:09 PM, on 9/28/2007
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
                      C:\Program Files\NavNT\defwatch.exe
                      C:\Program Files\NavNT\rtvscan.exe
                      C:\WINDOWS\system32\nvsvc32.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\WINDOWS\system32\MsgSys.EXE
                      C:\WINDOWS\system32\WgaTray.exe
                      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                      C:\Program Files\PopUp Killer\bak\PopUpKiller.EXE
                      C:\WINDOWS\System32\ezSP_Px.exe
                      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
                      C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
                      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
                      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
                      C:\WINDOWS\System32\svchost.exe
                      E:\PROGRA~2\Yahoo!\MESSEN~1\ymsgr_tray.exe
                      C:\WINDOWS\system32\wuauclt.exe
                      c:\program files\internet explorer\iexplore.exe
                      C:\Program Files\analyse\analyse.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://firstdatajobs.com/
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
                      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                      O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
                      O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\bak\PopUpKiller.EXE
                      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
                      O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
                      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
                      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                      O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
                      O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\bak\qttask.exe" -atboottime
                      O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
                      O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
                      O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
                      O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
                      O4 - HKCU\..\Run: [Yahoo! Pager] "E:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
                      O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
                      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                      O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
                      O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
                      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
                      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
                      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.com/resources/MsnPUpld.cab
                      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190263651562
                      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190263605609
                      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
                      O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
                      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
                      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                      O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
                      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
                      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
                      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
                      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                      O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
                      O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
                      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                      O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
                      O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
                      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                      O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
                      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

                      that whataboutarabit thing  isnt there right now but every time i restart my computer it comes back.
                      Logged

                      CBMatt

                      • Mod & Malware Specialist


                        • Prodigy

                      • Sad and lonely...and loving every minute of it.
                        • Thanked: 167
                        • Yes
                      • Experience: Experienced
                      • OS: Windows 7
                      Re: Virus issues, Downloader, Trojan.Vundo, Trojan Horse
                      « Reply #29 on: September 29, 2007, 09:37:22 AM »
                      No need to apologize.  Your concerns are understandable.  We just get a little busy with things from time to time.  Let's go ahead and try something that oddjob has suggested to me via PM...

                      Download FindAWF here and double-click on it.
                      • When prompted, press any key to continue.
                      • You will be presented with a menu.  On your keyboard, press 1 and then Enter.
                      • The scan will take several minutes.  When it has completed, a Notepad file will open with your results.  Paste the contents here in a new post.

                       
                      Also...
                      • Open HijackThis and click on Open the Misc Tools section.
                      • Click on Open Uninstall Manager and then on Save list.
                      • Save it to your desktop and then paste the contents of the file in your next post.
                      Logged
                      Quote
                      An undefined problem has an infinite number of solutions.
                      由obert A. Humphrey
                      Pages: 1 [2] 3  All   Go Up
                      « previous next »