Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2] 3 4  All   Go Down

Author Topic: Rundll Error - HiJackThis Included  (Read 25059 times)

0 Members and 1 Guest are viewing this topic.

unlovedwarrior



    Guru

  • someday this name will be known
    • Thanked: 13
    Re: Rundll Error - HiJackThis Included
    « Reply #15 on: October 03, 2007, 11:51:33 PM »
    thats a trojan horse.. use superantispyware to remove it after you follow chris's advice
    Logged

    zjt228

    • Guest
    Re: Rundll Error - HiJackThis Included
    « Reply #16 on: October 05, 2007, 12:35:27 PM »
    New HiJack log

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\AOL\1140116236\ee\AOLSoftware.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\AIM6\aim6.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\AIM6\aolsoftware.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
    C:\Program Files\OneStepSearch\onestep.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\OneStepSearch\onestep.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    c:\program files\common files\aol\1140116236\ee\aexplore.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    C:\Documents and Settings\Zach\Desktop\HiJackThis.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2DC7C70A-B95D-4E0F-B49D-1C5D618D936C} - (no file)
    O2 - BHO: (no name) - {72BDBFC0-3394-4944-BE07-BC05CF5049BE} - C:\WINDOWS\system32\dmscrip.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {A8FA1E1D-29FD-4E81-9690-C75B4E3108A0} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140116236\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    Logged

    zjt228

    • Guest
    Re: Rundll Error - HiJackThis Included
    « Reply #17 on: October 05, 2007, 12:35:41 PM »
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: [email protected] = ?
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9/McUpdatePortal.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140100872952
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140100857546
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
    O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 10861 bytes
    Logged

    zjt228

    • Guest
    Re: Rundll Error - HiJackThis Included
    « Reply #18 on: October 05, 2007, 12:36:15 PM »
    Virtumondo Log

    [10/05/2007, 11:31:19] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Zach\Desktop\VirtumundoBeGone.exe" )
    [10/05/2007, 11:31:25] - Detected System Information:
    [10/05/2007, 11:31:25] -  Windows Version: 5.1.2600, Service Pack 2
    [10/05/2007, 11:31:25] -  Current Username: Zach (Admin)
    [10/05/2007, 11:31:25] -  Windows is in SAFE mode with Networking.
    [10/05/2007, 11:31:25] - Searching for Browser Helper Objects:
    [10/05/2007, 11:31:25] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [10/05/2007, 11:31:25] -  BHO 2: {2DC7C70A-B95D-4E0F-B49D-1C5D618D936C} ()
    [10/05/2007, 11:31:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [10/05/2007, 11:31:26] -  No filename found. Continuing.
    [10/05/2007, 11:31:26] -  BHO 3: {72BDBFC0-3394-4944-BE07-BC05CF5049BE} ()
    [10/05/2007, 11:31:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [10/05/2007, 11:31:26] -  Checking for HKLM\...\Winlogon\Notify\dmscrip
    [10/05/2007, 11:31:26] -  Key not found: HKLM\...\Winlogon\Notify\dmscrip, continuing.
    [10/05/2007, 11:31:26] -  BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [10/05/2007, 11:31:26] -  BHO 5: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
    [10/05/2007, 11:31:26] -  BHO 6: {A8FA1E1D-29FD-4E81-9690-C75B4E3108A0} ()
    [10/05/2007, 11:31:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [10/05/2007, 11:31:26] -  No filename found. Continuing.
    [10/05/2007, 11:31:26] -  BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [10/05/2007, 11:31:26] -  BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [10/05/2007, 11:31:26] -  BHO 9: {D377A374-A49E-4CFE-B00A-F0CCD1B80B10} ()
    [10/05/2007, 11:31:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [10/05/2007, 11:31:26] -  Checking for HKLM\...\Winlogon\Notify\awtqo
    [10/05/2007, 11:31:26] -  Key not found: HKLM\...\Winlogon\Notify\awtqo, continuing.
    [10/05/2007, 11:31:26] - Finished Searching Browser Helper Objects
    [10/05/2007, 11:31:26] - Finishing up...
    [10/05/2007, 11:31:26] - Nothing found! Exiting...
    Logged

    zjt228

    • Guest
    Re: Rundll Error - HiJackThis Included
    « Reply #19 on: October 05, 2007, 12:37:14 PM »
    VundoFix log

    VundoFix V6.5.9

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 11:20:52 AM 10/5/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\thlhxrnt.ini
    C:\WINDOWS\system32\tnrxhlht.dll
    C:\WINDOWS\system32\xnxmhehb.dll

    Beginning removal...

     Attempting to delete C:\WINDOWS\system32\thlhxrnt.ini
    C:\WINDOWS\system32\thlhxrnt.ini Has been deleted!

     Attempting to delete C:\WINDOWS\system32\tnrxhlht.dll
    C:\WINDOWS\system32\tnrxhlht.dll Has been deleted!

     Attempting to delete C:\WINDOWS\system32\xnxmhehb.dll
    C:\WINDOWS\system32\xnxmhehb.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
    Logged

    CBMatt

    • Mod & Malware Specialist


      • Prodigy

    • Sad and lonely...and loving every minute of it.
      • Thanked: 167
      • Yes
    • Experience: Experienced
    • OS: Windows 7
    Re: Rundll Error - HiJackThis Included
    « Reply #20 on: October 06, 2007, 01:13:22 AM »
    Your log looks a lot cleaner now.  How are things running?  Are you still having problems?
    Logged
    Quote
    An undefined problem has an infinite number of solutions.
    —Robert A. Humphrey

    zjt228

    • Guest
    Re: Rundll Error - HiJackThis Included
    « Reply #21 on: October 07, 2007, 03:49:22 PM »
    Actually yeah, I don't get it.  I still had my computer randomly re-start and something is also affecting my internet connection now, it's been out for about a day and right now I'm surprised it's even working. 

    Still running slow and I think I might have accidently deleted something from Nero in the registry because I get an "nmBg Monitor error." 

    I don't know what the h**l is going on, everything seems fine from the log files. 

    Oh, and I really do appreciate all the help so far, thank you.
    Logged

    zjt228

    • Guest
    Re: Rundll Error - HiJackThis Included
    « Reply #22 on: October 07, 2007, 04:00:01 PM »
    Just in case...new HiJack log...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:58:53 PM, on 10/7/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\OneStepSearch\onestep.exe
    C:\Program Files\Common Files\AOL\1140116236\ee\AOLSoftware.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Documents and Settings\Zach\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2DC7C70A-B95D-4E0F-B49D-1C5D618D936C} - (no file)
    O2 - BHO: (no name) - {72BDBFC0-3394-4944-BE07-BC05CF5049BE} - C:\WINDOWS\system32\dmscrip.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {A8FA1E1D-29FD-4E81-9690-C75B4E3108A0} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140116236\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    Logged

    zjt228

    • Guest
    Re: Rundll Error - HiJackThis Included
    « Reply #23 on: October 07, 2007, 04:00:13 PM »
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKLM\..\RunOnce: [vmc] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\vmc.dll
    O4 - HKLM\..\RunOnce: [Falcon] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Falcon.dll
    O4 - HKLM\..\RunOnce: [mswm] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\mswm.dll
    O4 - HKLM\..\RunOnce: [NetMD] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\NetMD.dll
    O4 - HKLM\..\RunOnce: [SPTISRVps] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SPTISR~1.DLL
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: [email protected] = ?
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9/McUpdatePortal.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140100872952
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140100857546
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 11190 bytes
    Logged

    zjt228

    • Guest
    Re: Rundll Error - HiJackThis Included
    « Reply #24 on: October 07, 2007, 06:32:47 PM »
    I also noticed this entry will NOT delete:

    O2 - BHO: (no name) - {72BBDBFC0-3394-4944-BE07-BC05CF5049BE} - C:\\WINDOWS\system32\dmscrip.dll

    I even tried to delete it manually and it doesn't work.

    I have also received errors from these processes:

    LogOnHook
    reader_Sl
    NetMDSB

    « Last Edit: October 07, 2007, 06:52:41 PM by zjt228 »
    Logged

    CBMatt

    • Mod & Malware Specialist


      • Prodigy

    • Sad and lonely...and loving every minute of it.
      • Thanked: 167
      • Yes
    • Experience: Experienced
    • OS: Windows 7
    Re: Rundll Error - HiJackThis Included
    « Reply #25 on: October 08, 2007, 01:49:57 AM »
    Here, let's giving something else a try...  Download ComboFix and save it to your desktop.  Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says.  Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt.  Go ahead and post that here.  Note: Don't click on the window while it's running; this may cause stalls.
    Logged
    Quote
    An undefined problem has an infinite number of solutions.
    —Robert A. Humphrey

    zjt228

    • Guest
    Re: Rundll Error - HiJackThis Included
    « Reply #26 on: October 08, 2007, 03:00:11 PM »
    ComboFix log

    ComboFix 07-10-07.2 - Zach 2007-10-08 16:38:19.1 - NTFSx86 NETWORK
    Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.726 [GMT -4:00]
    Running from: C:\Documents and Settings\Zach\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\d.exe
    C:\Documents and Settings\Guest\Desktop\internet.lnk
    C:\Documents and Settings\Mom\Application Data\Starware
    C:\Documents and Settings\Mom\Desktop\internet.lnk
    C:\Program Files\ShoppingReport
    C:\Program Files\ShoppingReport\cs\persist.dbs
    C:\Program Files\ShoppingReport\Uninst.exe
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\bjsjswvx.dll
    C:\WINDOWS\system32\doymvccn.ini
    C:\WINDOWS\system32\fbnndjau.dll
    C:\WINDOWS\system32\fxpcyljv.dll
    C:\WINDOWS\system32\gemdocyu.dll
    C:\WINDOWS\system32\ghcvvtvj.ini
    C:\WINDOWS\system32\grgetlct.ini
    C:\WINDOWS\system32\gurmeydk.ini
    C:\WINDOWS\system32\hdajhfux.dll
    C:\WINDOWS\system32\isjmkdiw.dll
    C:\WINDOWS\system32\jvtvvchg.dll
    C:\WINDOWS\system32\kdyemrug.dll
    C:\WINDOWS\system32\nccvmyod.dll
    C:\WINDOWS\system32\tcltegrg.dll
    C:\WINDOWS\system32\uajdnnbf.ini
    C:\WINDOWS\system32\uycodmeg.ini
    C:\WINDOWS\system32\vjlycpxf.ini
    C:\WINDOWS\system32\widkmjsi.ini
    C:\WINDOWS\system32\xufhjadh.ini
    C:\WINDOWS\system32\xvwsjsjb.ini
    C:\wsusupd.exe

    .
    (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_LDRSVC
    -------\ldrsvc


    (((((((((((((((((((((((((   Files Created from 2007-09-08 to 2007-10-08  )))))))))))))))))))))))))))))))
    .

    2007-10-08 16:37   51,420   --a------   C:\dcksdix.exe
    2007-10-08 16:37   50,176   --a------   C:\WINDOWS\system32\btasv.dll
    2007-10-08 16:37   25,600   --a------   C:\WINDOWS\system32\drivers\df401e41.sys
    2007-10-08 16:37   1,918   --a------   C:\WINDOWS\system32\conf.dat
    2007-10-08 16:22   62,464   --a------   C:\WINDOWS\NirCmd.exe
    2007-10-07 21:47   <DIR>   d--------   C:\Program Files\iTunes
    2007-10-07 21:47   <DIR>   d--------   C:\Program Files\iPod
    2007-10-07 21:45   <DIR>   d--------   C:\Program Files\Apple Software Update
    2007-10-07 21:41   <DIR>   d--------   C:\Program Files\QuickTime
    2007-10-07 20:24   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\McAfee
    2007-10-07 19:59   <DIR>   d--------   C:\WINDOWS\system32\NtmsData
    2007-10-07 19:56   <DIR>   d--------   C:\Documents and Settings\Zach\Application Data\MailFrontier
    2007-10-07 15:31   512   --a------   C:\ScanSectorLog.dat
    2007-10-07 13:07   37,920   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-10-07 13:07   1,175,584   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
    2007-10-06 16:26   32,256   --a------   C:\whekdwjb.exe
    2007-10-06 16:26   25,600   --a------   C:\WINDOWS\system32\drivers\7de30189.sys
    2007-10-06 16:26   25,088   --a------   C:\WINDOWS\system32\sipov.dll
    2007-10-06 16:23   <DIR>   d--------   C:\Documents and Settings\Zach\Application Data\McAfee
    2007-10-06 11:33   158,432   --a------   C:\WINDOWS\system32\71151f2.sys
    2007-10-05 16:35   <DIR>   d--------   C:\Documents and Settings\Zach\Application Data\Uniblue
    2007-10-05 16:17   112,292   --a------   C:\cc_20071005_1617.reg
    2007-10-05 15:42   5,120      C:\WINDOWS\system32\drivers\wbkpwguh.dat
    2007-10-05 15:42   17,664      C:\WINDOWS\system32\drivers\ctnluuwh.dat
    2007-10-05 11:01   158,432   --a------   C:\WINDOWS\system32\6181b4a9.sys
    2007-10-05 10:58   158,432   --a------   C:\WINDOWS\system32\b728bbdf.sys
    2007-10-05 10:58   158,432   --a------   C:\WINDOWS\system32\51efee4c.sys
    2007-10-05 10:56   158,432   --a------   C:\WINDOWS\system32\27a88faa.sys
    2007-10-05 10:54   65,024   --a------   C:\hmwbeiik.exe
    2007-10-05 10:41   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
    2007-10-05 10:41   <DIR>   d--------   C:\Documents and Settings\Zach\Application Data\SUPERAntiSpyware.com
    2007-10-05 10:41   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-10-04 10:35   158,432   --a------   C:\WINDOWS\system32\ccedba40.sys
    2007-10-04 00:53   158,432   --a------   C:\WINDOWS\system32\112e9cd5.sys
    2007-10-03 16:05   39,452   --a------   C:\qewtcr.exe
    2007-10-01 08:53   158,432   --a------   C:\WINDOWS\system32\5516a3.sys
    2007-09-27 07:46   158,432   --a------   C:\WINDOWS\system32\7c82ea07.sys
    2007-09-26 22:05   153   --a------   C:\WINDOWS\system32\delFSF.bat
    2007-09-26 16:53   58,155   --a------   C:\pgwgygwn.exe
    2007-09-26 16:53   39,452   --a------   C:\uvbbeuu.exe
    2007-09-25 16:36   58,155   --a------   C:\nawf.exe
    2007-09-25 16:36   206,866   --a------   C:\slrce.exe
    2007-09-25 16:27   <DIR>   d--------   C:\VundoFix Backups
    2007-09-24 17:40   591,136   --a------   C:\Program Files\DMSetup-Serial.exe
    2007-09-23 22:21   <DIR>   d--------   C:\Program Files\CCleaner
    2007-09-23 22:04   <DIR>   d--------   C:\Program Files\Windows Defender
    2007-09-23 20:51   <DIR>   d--------   C:\WINDOWS\pss
    2007-09-23 20:42   1,476,658   ---hs----   C:\WINDOWS\system32\oqtwa.bak2
    2007-09-23 19:10   1,976,534   ---hs----   C:\WINDOWS\system32\oqtwa.bak1
    2007-09-23 15:59   1,978,634   ---hs----   C:\WINDOWS\system32\hhkmp.bak2
    2007-09-23 15:03   57,856   --a------   C:\WINDOWS\system32\bootvi.dll
    2007-09-22 16:14   1,976,494   ---hs----   C:\WINDOWS\system32\hhkmp.bak1
    2007-09-22 15:54   107,409   --a------   C:\WINDOWS\system32\dmscrip.dll
    2007-09-22 15:53   57,856   --a------   C:\WINDOWS\system32\drmclie.dll
    2007-09-22 14:33   1,977,762   ---hs----   C:\WINDOWS\system32\kjkkj.ini2
    2007-09-22 14:27   1,977,950   ---hs----   C:\WINDOWS\system32\kjkkj.bak2
    2007-09-22 11:36   1,976,494   ---hs----   C:\WINDOWS\system32\kjkkj.bak1
    2007-09-22 11:16   88,064   --a------   C:\WINDOWS\system32\cmcfg3.dll
    2007-09-22 11:15   17,280   --a------   C:\WINDOWS\system32\drivers\ctnluuwh.sys
    Logged

    zjt228

    • Guest
    Re: Rundll Error - HiJackThis Included
    « Reply #27 on: October 08, 2007, 03:02:14 PM »

    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-08 16:23   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-10-08 05:26   6692   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
    2007-10-08 05:26   4412   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-10-07 14:38   ---------   d--------   C:\Program Files\McAfee
    2007-10-07 11:17   ---------   d--------   C:\Program Files\FinePixViewer
    2007-10-06 11:27   ---------   d--------   C:\Documents and Settings\All Users\Application Data\McAfee
    2007-10-05 11:10   ---------   d--------   C:\Program Files\Viewpoint
    2007-10-05 11:10   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Viewpoint
    2007-10-03 16:41   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-03 16:36   ---------   d--------   C:\Program Files\DoctorCleaner
    2007-09-30 12:53   ---------   d--------   C:\Program Files\Common Files\Ahead
    2007-09-30 12:15   ---------   d--------   C:\Documents and Settings\Zach\Application Data\Ahead
    2007-09-30 09:24   ---------   d--------   C:\Program Files\OneStepSearch
    2007-09-30 09:23   ---------   d--------   C:\Program Files\LimeWire
    2007-09-30 09:21   ---------   d--------   C:\Program Files\foobar2000
    2007-09-30 09:10   ---------   d--------   C:\Program Files\AC3Filter
    2007-09-23 15:33   ---------   d--------   C:\Program Files\Bonjour
    2007-09-22 14:46   ---------   d--------   C:\Program Files\Xvid
    2007-09-22 14:46   ---------   d--------   C:\Program Files\Hardwood Euchre
    2007-09-22 14:46   ---------   d--------   C:\Program Files\AudioRetoucher
    2007-09-22 14:46   ---------   d--------   C:\Program Files\Audacity
    2007-09-16 20:01   ---------   d--------   C:\Documents and Settings\Zach\Application Data\foobar2000
    2007-08-14 20:40   ---------   d-a------   C:\Documents and Settings\All Users\Application Data\TEMP
    2007-08-13 17:13   ---------   d--------   C:\Program Files\Google
    2007-08-13 14:16   ---------   d--------   C:\Program Files\RegistryCleanerXP
    2007-07-30 19:19   92504   --a------   C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19   549720   --a------   C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19   53080   --a------   C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19   43352   --a------   C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19   325976   --a------   C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19   271224   --a------   C:\WINDOWS\system32\mucltui.dll
    2007-07-30 19:19   207736   --a------   C:\WINDOWS\system32\muweb.dll
    2007-07-30 19:19   203096   --a------   C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19   1712984   --a------   C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18   33624   --a------   C:\WINDOWS\system32\wups.dll
    .

    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2DC7C70A-B95D-4E0F-B49D-1C5D618D936C}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72BDBFC0-3394-4944-BE07-BC05CF5049BE}]
    2004-08-04 03:56   107409   --a------   C:\WINDOWS\system32\dmscrip.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FA1E1D-29FD-4E81-9690-C75B4E3108A0}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF50F976-592A-47a4-81C7-AD34D5A3A947}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HostManager"="C:\Program Files\Common Files\AOL\1140116236\ee\AOLSoftware.exe" [2006-05-09 20:24]
    "SoundMan"="SOUNDMAN.EXE" [2004-09-16 08:39 C:\WINDOWS\SOUNDMAN.EXE]
    "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-07 12:57]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
    "NWEReboot"="" []
    "ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 11:29]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
    "McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59]
    "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-10-05 16:04]
    "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
    [email protected] - C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe [2007-03-21 17:48:41]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-13 17:13:16]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 05:01:04]
    VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2006-02-18 13:04:30]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    R0 rlgujhvq;rlgujhvq;C:\WINDOWS\system32\drivers\ctnluuwh.dat
    R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
    R1 df401e41.sys;df401e41.sys;\??\C:\WINDOWS\system32\drivers\df401e41.sys
    R2 DVDAccss;DVDAccss;C:\WINDOWS\system32\drivers\DVDAccss.sys
    S4 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-08 01:46:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-09-15 05:34:29 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    "2007-10-01 05:01:22 C:\WINDOWS\Tasks\McQcTask.job"
    "2007-10-08 20:47:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-08 16:45:24
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwOpenFile

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-08 16:50:38 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-10-08 16:50
    .
       --- E O F ---



    On start up, I still get the Nero NMBg Error, the McAfee LogOnHook error, a Zone Alarm trial, and a lot of crap relating to the "MG Secure Module."  There is an automatic attempted installation that takes place while the computer is loading, and no matter how many times you click "finish" it keeps restarting itself.

     
    Logged

    CBMatt

    • Mod & Malware Specialist


      • Prodigy

    • Sad and lonely...and loving every minute of it.
      • Thanked: 167
      • Yes
    • Experience: Experienced
    • OS: Windows 7
    Re: Rundll Error - HiJackThis Included
    « Reply #28 on: October 09, 2007, 06:12:23 AM »
    We've still got a little bit of work to do, but we should be getting close.  Below is a quote box with some text.  Please copy everything inside of the box...

    Quote
    File::
    C:\WINDOWS\system32\btasv.dll
    C:\whekdwjb.exe
    C:\WINDOWS\system32\sipov.dll
    C:\WINDOWS\system32\drivers\wbkpwguh.dat
    C:\WINDOWS\system32\drivers\ctnluuwh.dat
    C:\hmwbeiik.exe
    C:\qewtcr.exe
    C:\pgwgygwn.exe
    C:\uvbbeuu.exe
    C:\nawf.exe
    C:\slrce.exe
    C:\WINDOWS\system32\oqtwa.bak2
    C:\WINDOWS\system32\oqtwa.bak1
    C:\WINDOWS\system32\hhkmp.bak2
    C:\WINDOWS\system32\bootvi.dll
    C:\WINDOWS\system32\hhkmp.bak1
    C:\WINDOWS\system32\dmscrip.dll
    C:\WINDOWS\system32\drmclie.dll
    C:\WINDOWS\system32\kjkkj.ini2
    C:\WINDOWS\system32\kjkkj.bak2
    C:\WINDOWS\system32\kjkkj.bak1
    C:\WINDOWS\system32\drivers\ctnluuwh.sys

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2DC7C70A-B95D-4E0F-B49D-1C5D618D936C}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72BDBFC0-3394-4944-BE07-BC05CF5049BE}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FA1E1D-29FD-4E81-9690-C75B4E3108A0}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF50F976-592A-47a4-81C7-AD34D5A3A947}]

    Paste the contents into Notepad and save the file as CFScript.txt.  Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    This will start ComboFix again.  After reboot, (in case it asks to reboot) post the contents of Combofix.txt in your next reply together with a new HijackThis log.

    Quote from: zjt228 on October 08, 2007, 03:02:14 PM
    On start up, I still get the Nero NMBg Error, the McAfee LogOnHook error, a Zone Alarm trial, and a lot of crap relating to the "MG Secure Module."  There is an automatic attempted installation that takes place while the computer is loading, and no matter how many times you click "finish" it keeps restarting itself.
    If you're still having problems with Nero, McAfee, and ZoneAlarm, you may need to reinstall them.  MG Secure Module appears to be related to SonicStage.  Do you have this program on your computer?  Also, which program is trying to install itself?  If you continue to receive error messages, please write down exactly what they say.
    « Last Edit: October 09, 2007, 06:30:55 AM by CBMatt »
    Logged
    Quote
    An undefined problem has an infinite number of solutions.
    —Robert A. Humphrey

    zjt228

    • Guest
    Re: Rundll Error - HiJackThis Included
    « Reply #29 on: October 09, 2007, 09:29:32 AM »
    New ComboFix log:

    ComboFix 07-10-07.2 - Zach 2007-10-09 11:20:34.2 - NTFSx86
    Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.514 [GMT -4:00]
    Running from: C:\Documents and Settings\Zach\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Zach\Desktop\CFScript.txt
     * Created a new restore point
    .

    (((((((((((((((((((((((((   Files Created from 2007-09-09 to 2007-10-09  )))))))))))))))))))))))))))))))
    .

    2007-10-08 16:58   1   --a------   C:\WINDOWS\system32\rc.dat
    2007-10-08 16:58   1   --a------   C:\WINDOWS\system32\ps1.dat
    2007-10-08 16:58   1   --a------   C:\WINDOWS\system32\cookie1.dat
    2007-10-08 16:37   51,420   --a------   C:\dcksdix.exe
    2007-10-08 16:37   50,176   --a------   C:\WINDOWS\system32\btasv.dll
    2007-10-08 16:37   25,600   --a------   C:\WINDOWS\system32\drivers\df401e41.sys
    2007-10-08 16:37   1,918   --a------   C:\WINDOWS\system32\conf.dat
    2007-10-08 16:22   51,200   --a------   C:\WINDOWS\NirCmd.exe
    2007-10-07 21:47   <DIR>   d--------   C:\Program Files\iTunes
    2007-10-07 21:47   <DIR>   d--------   C:\Program Files\iPod
    2007-10-07 21:45   <DIR>   d--------   C:\Program Files\Apple Software Update
    2007-10-07 21:41   <DIR>   d--------   C:\Program Files\QuickTime
    2007-10-07 20:24   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\McAfee
    2007-10-07 19:59   <DIR>   d--------   C:\WINDOWS\system32\NtmsData
    2007-10-07 19:56   <DIR>   d--------   C:\Documents and Settings\Zach\Application Data\MailFrontier
    2007-10-07 15:31   512   --a------   C:\ScanSectorLog.dat
    2007-10-07 13:07   44,320   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-10-07 13:07   1,175,584   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
    2007-10-06 16:26   32,256   --a------   C:\whekdwjb.exe
    2007-10-06 16:26   25,600   --a------   C:\WINDOWS\system32\drivers\7de30189.sys
    2007-10-06 16:26   25,088   --a------   C:\WINDOWS\system32\sipov.dll
    2007-10-06 16:23   <DIR>   d--------   C:\Documents and Settings\Zach\Application Data\McAfee
    2007-10-06 11:33   158,432   --a------   C:\WINDOWS\system32\71151f2.sys
    2007-10-05 16:35   <DIR>   d--------   C:\Documents and Settings\Zach\Application Data\Uniblue
    2007-10-05 16:17   112,292   --a------   C:\cc_20071005_1617.reg
    2007-10-05 15:42   5,120      C:\WINDOWS\system32\drivers\wbkpwguh.dat
    2007-10-05 15:42   17,664      C:\WINDOWS\system32\drivers\ctnluuwh.dat
    2007-10-05 11:01   158,432   --a------   C:\WINDOWS\system32\6181b4a9.sys
    2007-10-05 10:58   158,432   --a------   C:\WINDOWS\system32\b728bbdf.sys
    2007-10-05 10:58   158,432   --a------   C:\WINDOWS\system32\51efee4c.sys
    2007-10-05 10:56   158,432   --a------   C:\WINDOWS\system32\27a88faa.sys
    2007-10-05 10:54   65,024   --a------   C:\hmwbeiik.exe
    2007-10-05 10:41   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
    2007-10-05 10:41   <DIR>   d--------   C:\Documents and Settings\Zach\Application Data\SUPERAntiSpyware.com
    2007-10-05 10:41   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-10-04 10:35   158,432   --a------   C:\WINDOWS\system32\ccedba40.sys
    2007-10-04 00:53   158,432   --a------   C:\WINDOWS\system32\112e9cd5.sys
    2007-10-03 16:05   39,452   --a------   C:\qewtcr.exe
    2007-10-01 08:53   158,432   --a------   C:\WINDOWS\system32\5516a3.sys
    2007-09-27 07:46   158,432   --a------   C:\WINDOWS\system32\7c82ea07.sys
    2007-09-26 22:05   153   --a------   C:\WINDOWS\system32\delFSF.bat
    2007-09-26 16:53   58,155   --a------   C:\pgwgygwn.exe
    2007-09-26 16:53   39,452   --a------   C:\uvbbeuu.exe
    2007-09-25 16:36   58,155   --a------   C:\nawf.exe
    2007-09-25 16:36   206,866   --a------   C:\slrce.exe
    2007-09-25 16:27   <DIR>   d--------   C:\VundoFix Backups
    2007-09-24 17:40   591,136   --a------   C:\Program Files\DMSetup-Serial.exe
    2007-09-23 22:21   <DIR>   d--------   C:\Program Files\CCleaner
    2007-09-23 22:04   <DIR>   d--------   C:\Program Files\Windows Defender
    2007-09-23 20:51   <DIR>   d--------   C:\WINDOWS\pss
    2007-09-23 20:42   1,476,658   ---hs----   C:\WINDOWS\system32\oqtwa.bak2
    2007-09-23 19:10   1,976,534   ---hs----   C:\WINDOWS\system32\oqtwa.bak1
    2007-09-23 15:59   1,978,634   ---hs----   C:\WINDOWS\system32\hhkmp.bak2
    2007-09-23 15:03   57,856   --a------   C:\WINDOWS\system32\bootvi.dll
    2007-09-22 16:14   1,976,494   ---hs----   C:\WINDOWS\system32\hhkmp.bak1
    2007-09-22 15:54   107,409   --a------   C:\WINDOWS\system32\dmscrip.dll
    2007-09-22 15:53   57,856   --a------   C:\WINDOWS\system32\drmclie.dll
    2007-09-22 14:33   1,977,762   ---hs----   C:\WINDOWS\system32\kjkkj.ini2
    2007-09-22 14:27   1,977,950   ---hs----   C:\WINDOWS\system32\kjkkj.bak2
    2007-09-22 11:36   1,976,494   ---hs----   C:\WINDOWS\system32\kjkkj.bak1
    2007-09-22 11:16   88,064   --a------   C:\WINDOWS\system32\cmcfg3.dll
    2007-09-22 11:15   17,280   --a------   C:\WINDOWS\system32\drivers\ctnluuwh.sys
    Logged
    Pages: 1 [2] 3 4  All   Go Up
    « previous next »