 |  |  |  |  |  |  |  |
My Internet connection is screwy
 |
Good afternoon everyone,
I hope that everyone is having a fabulous day
I've been using the same modum and the same dial-up site for quite some time now, but I've been experiencing a problem for the last few weeks.
I connect to the Internet has usual and I'm able to access sites for about five minutes, and then all of a sudden, I can't access anything. My connection hasn't dropped, but both IE and Mozilla act like a connection isn't avalible. After this happens, I'm also unable to do live update on my virus sofeware. Any idea what might be causing this?
Thanks much,
avgoddess
I hope that everyone is having a fabulous day
I've been using the same modum and the same dial-up site for quite some time now, but I've been experiencing a problem for the last few weeks.
I connect to the Internet has usual and I'm able to access sites for about five minutes, and then all of a sudden, I can't access anything. My connection hasn't dropped, but both IE and Mozilla act like a connection isn't avalible. After this happens, I'm also unable to do live update on my virus sofeware. Any idea what might be causing this?
Thanks much,
avgoddess
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation: 
Solved Threads: 98
Well, Could be a virus preventing the browsers/programs from communitcating with the internet? But it also could be a firewall, or somthing similar. Have you recently installed a firewall of any kind?
If you want a virus check ( As malware can cause this problem often).
Download HijackThis (current verison is v1.99.1)
Make a new folder to put your HijackThis.exe into.
(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:
* C:\HijackThis\
* C:\Programs\hijackthis\
* C:\Windows\My Documents\HJT\
but feel free to use any name.)
Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.
When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.
If you want a virus check ( As malware can cause this problem often).
Download HijackThis (current verison is v1.99.1)
Make a new folder to put your HijackThis.exe into.
(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:
* C:\HijackThis\
* C:\Programs\hijackthis\
* C:\Windows\My Documents\HJT\
but feel free to use any name.)
Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.
When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Thanks for the suggestion, tayspen. No, I haven't installed a firewall, so it's probably a virus. Here's my Hijakthis log:
Logfile of HijackThis v1.99.1
Scan saved at 10:20:33 PM, on 5/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\lsass.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
Logfile of HijackThis v1.99.1
Scan saved at 10:20:33 PM, on 5/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\lsass.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation:
Solved Threads: 98
Hi, that log it missing a big chunk. Are you sure you copied the whole thing? Also be sure to run it in normal mode.
Also, as this seems to be taking the route of a virus....of to the virus/spyware forum we go
Also, as this seems to be taking the route of a virus....of to the virus/spyware forum we go
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Let me run it again tonight to make sure.... I'll post the results tomorrow.
Thanks so much for your help!
Thanks so much for your help!
Ok, you were right
Here's the complete report:
Logfile of HijackThis v1.99.1
Scan saved at 10:26:22 PM, on 5/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\lsass.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Amy\My Documents\My Deliveries\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.washingtonpost.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/...//my.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: DosSpecFolder Object - {FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67} - C:\WINDOWS\system32\ljjhi.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.freeemotes.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://aumail4.american.edu/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121029901491
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...mmapi_0727.dll
O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform.com/OF5/nsplugins/OFMailX.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.kontiki.com/kdx/v2.20...urrent/kdx.cab
O20 - Winlogon Notify: ljjhi - C:\WINDOWS\system32\ljjhi.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe (file missing)
Thank you!
Here's the complete report:
Logfile of HijackThis v1.99.1
Scan saved at 10:26:22 PM, on 5/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\lsass.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Amy\My Documents\My Deliveries\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.washingtonpost.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/...//my.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: DosSpecFolder Object - {FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67} - C:\WINDOWS\system32\ljjhi.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.freeemotes.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://aumail4.american.edu/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121029901491
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...mmapi_0727.dll
O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform.com/OF5/nsplugins/OFMailX.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.kontiki.com/kdx/v2.20...urrent/kdx.cab
O20 - Winlogon Notify: ljjhi - C:\WINDOWS\system32\ljjhi.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe (file missing)
Thank you!
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation:
Solved Threads: 98
Hi, please check these items in HJT.
O2 - BHO: DosSpecFolder Object - {FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67} - C:\WINDOWS\system32\ljjhi.dll
O15 - Trusted Zone: *.freeemotes.com
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://aumail4.american.edu/iNotes6W.cab
O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform.com/OF5/nsplugins/OFMailX.cab
O20 - Winlogon Notify: ljjhi - C:\WINDOWS\system32\ljjhi.dll
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
Click Fix Checked.
______________________________________________________
Please download VundoFix.exe to your desktop.
_____________________________________________________
Please download ewido anti-malware it is a free version of the program.
ewido manual updates
Once the updates are installed do the following:
Reboot.
______________________________________________________
Post the new HJT log, the ewido log, and teh vundo fix log, and we will continue the cleaning.
O2 - BHO: DosSpecFolder Object - {FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67} - C:\WINDOWS\system32\ljjhi.dll
O15 - Trusted Zone: *.freeemotes.com
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://aumail4.american.edu/iNotes6W.cab
O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform.com/OF5/nsplugins/OFMailX.cab
O20 - Winlogon Notify: ljjhi - C:\WINDOWS\system32\ljjhi.dll
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
Click Fix Checked.
______________________________________________________
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to run it.
- Put a check next to Run VundoFix as a task.
- You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
- When VundoFix re-opens, click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will shutdown your computer, click OK.
- Turn your computer back on.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
_____________________________________________________
Please download ewido anti-malware it is a free version of the program.
- Install ewido anti-malware
- When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
- Launch ewido, there should be an icon on your desktop, double-click it.
- The program will now open to the main screen.
- When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
- You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
- The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful" )
ewido manual updates
Once the updates are installed do the following:
- Open up Ewido
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- You will be prompted to clean the first infection.
- Select "Perform action on all infections", then proceed.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop or a location where you can find it easily.
- Close ewido anti-malware.
Reboot.
______________________________________________________
Post the new HJT log, the ewido log, and teh vundo fix log, and we will continue the cleaning.
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Thanks! I did everything that you suggested here are the logs:
From Hijack This:
Logfile of HijackThis v1.99.1
Scan saved at 9:08:26 PM, on 5/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\lsass.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Amy\My Documents\My Deliveries\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.washingtonpost.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/...//my.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121029901491
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...mmapi_0727.dll
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.kontiki.com/kdx/v2.20...urrent/kdx.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe (file missing)
VundoFix V4.2.74
Running as SYSTEM
from c:\windows\system32\VundoFix.exe
Checking Java version...
Sun Java not detected
Scan started at 7:46:43 PM 5/25/2006
Listing files found while scanning....
C:\WINDOWS\system32\ljjhi.dll
C:\WINDOWS\system32\ihjjl.ini
C:\WINDOWS\system32\ihjjl.bak1
C:\WINDOWS\system32\ihjjl.bak2
C:\WINDOWS\system32\ihjjl.ini2
C:\WINDOWS\system32\ihjjl.tmp
C:\WINDOWS\SYSTEM32\ihjjl.bak1
C:\WINDOWS\SYSTEM32\ihjjl.bak2
C:\WINDOWS\SYSTEM32\ihjjl.tmp
C:\WINDOWS\SYSTEM32\ihjjl.ini
C:\WINDOWS\SYSTEM32\ihjjl.ini2
C:\WINDOWS\SYSTEM32\ljjhi.dll
C:\WINDOWS\SYSTEM32\ihjjl.ini2
C:\WINDOWS\SYSTEM32\ihjjl.bak2
C:\WINDOWS\SYSTEM32\ihjjl.tmp
C:\WINDOWS\SYSTEM32\ihjjl.ini
C:\WINDOWS\SYSTEM32\ihjjl.ini2
C:\WINDOWS\SYSTEM32\ljjhi.dll
Attempting to delete C:\WINDOWS\system32\ljjhi.dll
C:\WINDOWS\system32\ljjhi.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ihjjl.ini
C:\WINDOWS\system32\ihjjl.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ihjjl.bak1
C:\WINDOWS\system32\ihjjl.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ihjjl.bak2
C:\WINDOWS\system32\ihjjl.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ihjjl.ini2
C:\WINDOWS\system32\ihjjl.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ihjjl.tmp
C:\WINDOWS\system32\ihjjl.tmp Has been deleted!
Performing Repairs to the registry.
Done!
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 9:06:55 PM, 5/25/2006
+ Report-Checksum: 21575A5D
+ Scan result:
C:\a.exe -> Trojan.Small.gf : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\809GT7RI\a[1].exe -> Trojan.Small.gf : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\809GT7RI\a[2].exe -> Trojan.Small.gf : Cleaned with backup
C:\WINDOWS\SYSTEM32\byvwx.dll -> Downloader.ConHook.z : Cleaned with backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\firedaemon.exe.tcf -> Not-A-Virus.RemoteAdmin.Win32.RA.3826 : Cleaned with backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\JAcheck.dll -> Trojan.Warzpak.A : Cleaned with backup
C:\WINDOWS\SYSTEM32\Media\Microsoft\MediaPlayer\Users\MSTASK_OLD.EXE.tcf -> Backdoor.Iroffer.b : Cleaned with backup
C:\WINDOWS\SYSTEM32\Media\Microsoft\MediaPlayer\Users\OPEN_OLD.EXE.tcf -> Backdoor.Hupigon.hk : Cleaned with backup
C:\WINDOWS\SYSTEM32\ssqrr.dll -> Downloader.ConHook.z : Cleaned with backup
C:\WINDOWS\SYSTEM32\tusro.dll -> Downloader.ConHook.z : Cleaned with backup
C:\WINDOWS\SYSTEM32\vtspp.dll -> Downloader.ConHook.z : Cleaned with backup
C:\WINDOWS\SYSTEM32\wvwww.dll -> Downloader.ConHook.z : Cleaned with backup
C:\WINDOWS\SYSTEM32\xxyww.dll -> Downloader.ConHook.z : Cleaned with backup
From Hijack This:
Logfile of HijackThis v1.99.1
Scan saved at 9:08:26 PM, on 5/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\lsass.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Amy\My Documents\My Deliveries\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.washingtonpost.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/...//my.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121029901491
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...mmapi_0727.dll
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.kontiki.com/kdx/v2.20...urrent/kdx.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe (file missing)
VundoFix V4.2.74
Running as SYSTEM
from c:\windows\system32\VundoFix.exe
Checking Java version...
Sun Java not detected
Scan started at 7:46:43 PM 5/25/2006
Listing files found while scanning....
C:\WINDOWS\system32\ljjhi.dll
C:\WINDOWS\system32\ihjjl.ini
C:\WINDOWS\system32\ihjjl.bak1
C:\WINDOWS\system32\ihjjl.bak2
C:\WINDOWS\system32\ihjjl.ini2
C:\WINDOWS\system32\ihjjl.tmp
C:\WINDOWS\SYSTEM32\ihjjl.bak1
C:\WINDOWS\SYSTEM32\ihjjl.bak2
C:\WINDOWS\SYSTEM32\ihjjl.tmp
C:\WINDOWS\SYSTEM32\ihjjl.ini
C:\WINDOWS\SYSTEM32\ihjjl.ini2
C:\WINDOWS\SYSTEM32\ljjhi.dll
C:\WINDOWS\SYSTEM32\ihjjl.ini2
C:\WINDOWS\SYSTEM32\ihjjl.bak2
C:\WINDOWS\SYSTEM32\ihjjl.tmp
C:\WINDOWS\SYSTEM32\ihjjl.ini
C:\WINDOWS\SYSTEM32\ihjjl.ini2
C:\WINDOWS\SYSTEM32\ljjhi.dll
Attempting to delete C:\WINDOWS\system32\ljjhi.dll
C:\WINDOWS\system32\ljjhi.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ihjjl.ini
C:\WINDOWS\system32\ihjjl.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ihjjl.bak1
C:\WINDOWS\system32\ihjjl.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ihjjl.bak2
C:\WINDOWS\system32\ihjjl.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ihjjl.ini2
C:\WINDOWS\system32\ihjjl.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ihjjl.tmp
C:\WINDOWS\system32\ihjjl.tmp Has been deleted!
Performing Repairs to the registry.
Done!
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 9:06:55 PM, 5/25/2006
+ Report-Checksum: 21575A5D
+ Scan result:
C:\a.exe -> Trojan.Small.gf : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\809GT7RI\a[1].exe -> Trojan.Small.gf : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\809GT7RI\a[2].exe -> Trojan.Small.gf : Cleaned with backup
C:\WINDOWS\SYSTEM32\byvwx.dll -> Downloader.ConHook.z : Cleaned with backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\firedaemon.exe.tcf -> Not-A-Virus.RemoteAdmin.Win32.RA.3826 : Cleaned with backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\JAcheck.dll -> Trojan.Warzpak.A : Cleaned with backup
C:\WINDOWS\SYSTEM32\Media\Microsoft\MediaPlayer\Users\MSTASK_OLD.EXE.tcf -> Backdoor.Iroffer.b : Cleaned with backup
C:\WINDOWS\SYSTEM32\Media\Microsoft\MediaPlayer\Users\OPEN_OLD.EXE.tcf -> Backdoor.Hupigon.hk : Cleaned with backup
C:\WINDOWS\SYSTEM32\ssqrr.dll -> Downloader.ConHook.z : Cleaned with backup
C:\WINDOWS\SYSTEM32\tusro.dll -> Downloader.ConHook.z : Cleaned with backup
C:\WINDOWS\SYSTEM32\vtspp.dll -> Downloader.ConHook.z : Cleaned with backup
C:\WINDOWS\SYSTEM32\wvwww.dll -> Downloader.ConHook.z : Cleaned with backup
C:\WINDOWS\SYSTEM32\xxyww.dll -> Downloader.ConHook.z : Cleaned with backup
|
Similar Threads
- Internet Connection Time Out (Windows NT / 2000 / XP)
- Internet Connection Sharing won't work! (Windows NT / 2000 / XP)
- internet connection dissappears every few minutes (Networking Hardware Configuration)
- Got an Internet Connection but nothing works (Windows 95 / 98 / Me)
- Internet Connection Sharing (Windows tips 'n' tweaks)
- Enable Services to Work Through Internet Connection Firewall (Windows tips 'n' tweaks)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: huge annoying antispylab problem requiring help
- Next Thread: HJT Report/IE 6 SP2 Popups
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
