My HijackThis (cont. from closed thred)

  1. 15-04-2007  #11
    ZTELPunk
    ZTELPunk is offline Junior Member

    Re: My HijackThis (cont. from closed thred)

    Hey VopThis

    As requested, I ran CCleaner and also navigated to those files in my Windows directory and deleted all of those.. also found a few others with the same ending of ".exe.tmp" (EDIT: I could not locate either C:\WINDOWS\System32\mstskmgr.exe --and-- C:\WINDOWS\wordpad.exe)

    I also un-installed BitTorrent and deleted its root folder.

    (EDIT: Also, since my last post, my system has been crashing within 15 minutes of being logged into Windows.. and ALOT of pop-ups for free ringtones and "free virus scans" have been opening when I log onto my dial-up connection)

    I used the Panda Software ActiveScan to scan my drives and it found alot of disgusting stuff..


    -------------------

    Incident Status Location

    Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\SYSTEM32\QXYMMBVH.DLL
    Adware:Adware/Winstat Not disinfected C:\WINDOWS\SYSTEM32\WinStat13.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\DUYXERWL.DLL
    Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\SYSTEM32\TOCPRUUI.DLL
    Adware:Adware/WUpd Not disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OLAF01UB\recital[1]
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\IHBSSALI.DLL
    Adware:adware/ipinsight Not disinfected C:\WINDOWS\FARMMEXT.INI
    Adware:adware/elitebar Not disinfected C:\WINDOWS\Downloaded Program Files\OSD149F.OSD
    Potentially unwanted tool:Application/SystemDoctor2006 Not disinfected C:\WINDOWS\Downloaded Program Files\USDR6_7777_BHLP0611NetInstaller.exe
    Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe
    Adware:Adware/EliteBar Not disinfected C:\WINDOWS\blocklist.reg
    Spyware:Spyware/Virtumonde Not disinfected C:\MSETUS.EXE
    Virus:Trj/Downloader.NUS Disinfected C:\NZCV.EXE
    Spyware:Cookie/RealMedia Not disinfected C:\FOUND.004\FILE0005.CHK
    Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe
    Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\defaultppp\Local Settings\Temporary Internet Files\Content.IE5\IX2DC1QX\installdrivecleanerstar t[1].cab[UDC6_0001_D19M1908NetInstaller.exe]
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\defaultppp\Desktop\SDFix.exe[SDFix\apps\Process.exe]
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\defaultppp\Desktop\SDFIX\SDFix\APPS\Proce ss.exe
    Spyware:Spyware/Media-motor Not disinfected C:\Documents and Settings\defaultppp\Desktop\SDFIX\SDFix\BACKUPS\BA CKUPS.ZIP[backups/m67m.inf]
    Virus:W32/Sdbot.KES.worm Disinfected C:\Documents and Settings\defaultppp\Desktop\SDFIX\SDFix\BACKUPS\BA CKUPS.ZIP[backups/svcchosst.exe]
    Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RLG9Z6KZ\acid[1].exe
    Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RLG9Z6KZ\acid[2].exe
    Virus:Trj/Downloader.NUS Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RJWXG2LJ\info[1].exe
    Virus:Trj/Downloader.NUS Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RJWXG2LJ\info[2].exe
    --------------------

    Also, a new HijackThis log was created:

    Logfile of HijackThis v1.99.1
    Scan saved at 4:48:18 AM, on 4/15/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\Go ogleToolbarNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\HijackThis\HijackThis.exe

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152567830\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\duyxerwl.dll",setvm
    O4 - HKCU\..\Run: [AOL Dialer] C:\Program Files\Common Files\AOL\ACS\AOlDial.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\Go ogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Microsoft Works\wksss.exe
    O4 - Global Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: AIM (R) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
    O12 - Plugin for .asx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdspl ay.dll
    O12 - Plugin for .wvx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdspl ay.dll
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...eBHInstall.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
    O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
    O23 - Service: Client Debug Manager - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
    O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Norton Internet Security\comHost.exe (file missing)
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
    O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


    Thanks again.

    John
    Last edited by ZTELPunk; 15-04-2007 at 11:15 AM. Reason: Forgot some details
  2. 15-04-2007  #12
    VopThis
    VopThis is offline Senior Member (Canada)
    The delays in dealing with your PC may have allowed certain new infections to occur and/or to return. Read over the following instructions and suggest you print them out.


    SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

    O4 - HKLM\..\Run: [SOUNDSERVICE] rundll32.exe "C:\WINDOWS\System32\duyxerwl.dll",setvm

    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...eBHInstall.cab
    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab

    Make sure that all browser windows and internet links are closed, even this one!
    CLICK ’FIX CHECKED’ with HijackThis.




    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt.

    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.




    O23 - Service: Client Debug Manager - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
    Run SDFix.exe again, please.

    Open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log.[/list]
    Last edited by VopThis; 15-04-2007 at 02:57 PM.
  3. 15-04-2007  #13
    ZTELPunk
    ZTELPunk is offline Junior Member
    Good day, VopThis..

    Since removing those three registries with HijackThis and running VundoFix, I have had a much faster start-up and experienced no pop-ups for about an hour of being online.. amazing! No freeze so far, either!
    I also ran the SDFix "RunThis" file in Safe Mode again.

    Here are the two logs from VundoFix and SDFix.. as well as a new HijackThis.. I believe that my computer is well again.. knock on wood..

    -------------------

    Run by defaultppp - Sun 04/15/2007 - 15:15:29.76

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\Documents and Settings\defaultppp\Desktop\SDFIX\SDFix

    Safe Mode:
    Checking Services:





    Restoring Windows Registry Entries
    Restoring Default Hosts File


    Rebooting...

    Normal Mode:
    Checking Files:

    Below files will be copied to Backups folder then removed:

    C:\WINDOWS\system32\setup_03722.exe - Deleted



    ADS Check:

    C:\WINDOWS\system32
    No streams found.


    Final Check:

    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTor rent"


    Remaining Files:
    ---------------

    Backups Folder: - C:\DOCUME~1\DEFAUL~2\Desktop\SDFIX\SDFix\backups\b ackups.zip

    Checking For Files with Hidden Attributes :

    C:\Program Files\Uninstall Information\IE40.Comctl32\AINF0000
    C:\Program Files\Uninstall Information\mshtml.DllReg\AINF0000
    C:\LOGO.SYS
    C:\3hoja6hw.sys
    C:\WINDOWS\COMMAND\EBD\winboot.sys

    Finished

    -------------------

    VundoFix V6.3.19

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Scan started at 207 PM 4/15/2007

    Listing files found while scanning....

    \System Volume Information\_restore{3A97EF85-959D-4C37-B1DD-9A8896C718B2}\RP116\A0050522.dll
    \WINDOWS\SYSTEM32\duyxerwl.dll
    \WINDOWS\SYSTEM32\efcaywv.dll
    \WINDOWS\SYSTEM32\egyxsrxa.dll
    \WINDOWS\SYSTEM32\hggeeeb.dll
    \WINDOWS\SYSTEM32\hgggddb.dll
    \WINDOWS\SYSTEM32\ihbssali.dll
    \WINDOWS\SYSTEM32\khfecbx.dll
    \WINDOWS\SYSTEM32\lwrexyud.ini
    \WINDOWS\SYSTEM32\mljkjkl.dll
    \WINDOWS\SYSTEM32\mppoq.ini
    \WINDOWS\SYSTEM32\qoppm.dll
    \WINDOWS\SYSTEM32\qxymmbvh.dll
    \WINDOWS\SYSTEM32\ssqoolk.dll
    \WINDOWS\SYSTEM32\tocpruui.dll
    \WINDOWS\SYSTEM32\tvuvw.bak1
    \WINDOWS\SYSTEM32\tvuvw.bak2
    \WINDOWS\SYSTEM32\tvuvw.ini
    \WINDOWS\SYSTEM32\tvuvw.ini2
    \WINDOWS\SYSTEM32\tvuvw.tmp
    \WINDOWS\SYSTEM32\wvurspq.dll
    \WINDOWS\SYSTEM32\wvuvt.dll
    C:\WINDOWS\SYSTEM32\duyxerwl.dll
    C:\WINDOWS\SYSTEM32\efcaywv.dll
    C:\WINDOWS\SYSTEM32\egyxsrxa.dll
    C:\WINDOWS\SYSTEM32\hggeeeb.dll
    C:\WINDOWS\SYSTEM32\hgggddb.dll
    C:\WINDOWS\SYSTEM32\ihbssali.dll
    C:\WINDOWS\SYSTEM32\khfecbx.dll
    C:\WINDOWS\SYSTEM32\lwrexyud.ini
    C:\WINDOWS\SYSTEM32\mljkjkl.dll
    C:\WINDOWS\SYSTEM32\mppoq.ini
    C:\WINDOWS\SYSTEM32\qoppm.dll
    C:\WINDOWS\SYSTEM32\qxymmbvh.dll
    C:\WINDOWS\SYSTEM32\ssqoolk.dll
    C:\WINDOWS\SYSTEM32\tocpruui.dll
    C:\WINDOWS\SYSTEM32\tvuvw.bak1
    C:\WINDOWS\SYSTEM32\tvuvw.bak2
    C:\WINDOWS\SYSTEM32\tvuvw.ini
    C:\WINDOWS\SYSTEM32\tvuvw.ini2
    C:\WINDOWS\SYSTEM32\tvuvw.tmp
    C:\WINDOWS\SYSTEM32\wvurspq.dll
    C:\WINDOWS\System32\wvuvt.dll

    Beginning removal...

    Attempting to delete \System Volume Information\_restore{3A97EF85-959D-4C37-B1DD-9A8896C718B2}\RP116\A0050522.dll
    \System Volume Information\_restore{3A97EF85-959D-4C37-B1DD-9A8896C718B2}\RP116\A0050522.dll Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\duyxerwl.dll
    \WINDOWS\SYSTEM32\duyxerwl.dll Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\efcaywv.dll
    \WINDOWS\SYSTEM32\efcaywv.dll Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\egyxsrxa.dll
    \WINDOWS\SYSTEM32\egyxsrxa.dll Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\hggeeeb.dll
    \WINDOWS\SYSTEM32\hggeeeb.dll Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\hgggddb.dll
    \WINDOWS\SYSTEM32\hgggddb.dll Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\ihbssali.dll
    \WINDOWS\SYSTEM32\ihbssali.dll Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\khfecbx.dll
    \WINDOWS\SYSTEM32\khfecbx.dll Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\lwrexyud.ini
    \WINDOWS\SYSTEM32\lwrexyud.ini Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\mljkjkl.dll
    \WINDOWS\SYSTEM32\mljkjkl.dll Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\mppoq.ini
    \WINDOWS\SYSTEM32\mppoq.ini Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\qoppm.dll
    \WINDOWS\SYSTEM32\qoppm.dll Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\qxymmbvh.dll
    \WINDOWS\SYSTEM32\qxymmbvh.dll Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\ssqoolk.dll
    \WINDOWS\SYSTEM32\ssqoolk.dll Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\tocpruui.dll
    \WINDOWS\SYSTEM32\tocpruui.dll Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\tvuvw.bak1
    \WINDOWS\SYSTEM32\tvuvw.bak1 Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\tvuvw.bak2
    \WINDOWS\SYSTEM32\tvuvw.bak2 Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\tvuvw.ini
    \WINDOWS\SYSTEM32\tvuvw.ini Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\tvuvw.ini2
    \WINDOWS\SYSTEM32\tvuvw.ini2 Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\tvuvw.tmp
    \WINDOWS\SYSTEM32\tvuvw.tmp Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\wvurspq.dll
    \WINDOWS\SYSTEM32\wvurspq.dll Has been deleted!

    Attempting to delete \WINDOWS\SYSTEM32\wvuvt.dll
    \WINDOWS\SYSTEM32\wvuvt.dll Has been deleted!

    Performing Repairs to the registry.
    Done!


    -------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 3:22:30 PM, on 4/15/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\Go ogleToolbarNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\HijackThis\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\System32\ihbssali.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {834B5A8A-585F-4F04-9439-787ECD56D9B3} - C:\WINDOWS\System32\wvuvt.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {B1D73E5E-B80B-454F-BDB2-985AFC4FFCD0} - C:\WINDOWS\System32\hggeeeb.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152567830\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [AOL Dialer] C:\Program Files\Common Files\AOL\ACS\AOlDial.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\Go ogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Microsoft Works\wksss.exe
    O4 - Global Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: AIM (R) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
    O12 - Plugin for .asx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdspl ay.dll
    O12 - Plugin for .wvx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdspl ay.dll
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
    O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
    O23 - Service: Client Debug Manager - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)
    O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Norton Internet Security\comHost.exe (file missing)
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
    O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



    -------------------

    I believe that's all my friend.

    Thanks again.. it means a ton and a half.


    John
  4. 15-04-2007  #14
    VopThis
    VopThis is offline Senior Member (Canada)
    Save 20% on AVG Internet Security 2012 Suite!
    Keep in mind that a P2P tool environment like 'BitTorrent' is a risky enviroment and was likely a contributing or main factor in the infections to your PC.


    SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\System32\ihbssali.dll (file missing)
    O2 - BHO: (no name) - {834B5A8A-585F-4F04-9439-787ECD56D9B3} - C:\WINDOWS\System32\wvuvt.dll (file missing)
    O2 - BHO: (no name) - {B1D73E5E-B80B-454F-BDB2-985AFC4FFCD0} - C:\WINDOWS\System32\hggeeeb.dll (file missing)

    O23 - Service: Client Debug Manager - Unknown owner - C:\WINDOWS\system32\spoolvc.exe (file missing)

    Make sure that all browser windows and internet links are closed, even this one!
    CLICK ’FIX CHECKED’ with HijackThis.






    Lets look for any potential remaining issues, here:

    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
« I have pop ups that won't go away | Unknown Registry Entry »