 |  |  |  |  |  |  |  |
Non working windows explorer - hijack log file please help
 |
Hiya,
My first post, so please forgive any errors in posting this here-but seemed the obvious place.
My windows explorer stopped working all of a sudden- i cannot use anything from 'Start', or open my docs or recycle bin from the desktop.
I read in other threads that the first course of action was to get a hijack this log file which is below:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:05:36, on 20/04/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\keyhook.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINNT\system32\sistray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Administrator\Desktop\UltraTrader00015.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\sdtrayapp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.blueyonder.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINNT\system32\aseaptlg.dll
O2 - BHO: (no name) - {2F68DBD1-057A-49FF-943C-5EB7E98FFF88} - C:\WINNT\system32\ddmslvtr.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {9D7EF71F-92F4-4E1E-93DE-E21436E4C815} - C:\WINNT\system32\pmnmlml.dll
O2 - BHO: (no name) - {A5620B84-6CAD-44B9-B9B7-981C01374F12} - C:\WINNT\system32\ssttu.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINNT\system32\ggoyadys.dll",setvm
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1176049876859
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://flashcasino.ladbrokes.com/in...n/FlashAX2.cab
O20 - Winlogon Notify: pmnmlml - C:\WINNT\SYSTEM32\pmnmlml.dll
O20 - Winlogon Notify: ssttu - C:\WINNT\system32\ssttu.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
--
End of file - 6733 bytes
If anyone could help it would be much appreciated-thank you in advance.
My first post, so please forgive any errors in posting this here-but seemed the obvious place.
My windows explorer stopped working all of a sudden- i cannot use anything from 'Start', or open my docs or recycle bin from the desktop.
I read in other threads that the first course of action was to get a hijack this log file which is below:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:05:36, on 20/04/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\keyhook.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINNT\system32\sistray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Administrator\Desktop\UltraTrader00015.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\sdtrayapp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.blueyonder.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINNT\system32\aseaptlg.dll
O2 - BHO: (no name) - {2F68DBD1-057A-49FF-943C-5EB7E98FFF88} - C:\WINNT\system32\ddmslvtr.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {9D7EF71F-92F4-4E1E-93DE-E21436E4C815} - C:\WINNT\system32\pmnmlml.dll
O2 - BHO: (no name) - {A5620B84-6CAD-44B9-B9B7-981C01374F12} - C:\WINNT\system32\ssttu.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINNT\system32\ggoyadys.dll",setvm
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1176049876859
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://flashcasino.ladbrokes.com/in...n/FlashAX2.cab
O20 - Winlogon Notify: pmnmlml - C:\WINNT\SYSTEM32\pmnmlml.dll
O20 - Winlogon Notify: ssttu - C:\WINNT\system32\ssttu.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
--
End of file - 6733 bytes
If anyone could help it would be much appreciated-thank you in advance.
•
•
Join Date: May 2005
Posts: 3,204
Reputation: 
Solved Threads: 188
==download hijackthis: http://216.180.233.162/~merijn/files/HijackThis.exe
-install it to a new folder alongside your program files. Remove the Beta.
For a start you have a vundo infection... so just in case something else is hidden would you rename hijackthis.exe to.. umm... imabunny.exe for the next scan, please?
Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it, and click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will shutdown your computer - click OK.
Restart your computer and post the contents of C:\vundofix.txt plus a new HijackThis log run from imabunny.exe [or whatever..] this way:-
== start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-Click the Scan and Save a Logfile button. Post the log here.
-install it to a new folder alongside your program files. Remove the Beta.
For a start you have a vundo infection... so just in case something else is hidden would you rename hijackthis.exe to.. umm... imabunny.exe for the next scan, please?
Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it, and click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will shutdown your computer - click OK.
Restart your computer and post the contents of C:\vundofix.txt plus a new HijackThis log run from imabunny.exe [or whatever..] this way:-
== start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-Click the Scan and Save a Logfile button. Post the log here.
Thank you for your reply.
I'm running Vundo now.
I am unable to remove the beta version of Hijack as i can't accesssoftware removal with the problem i have.
Initially i downloaded hijack and got a error message when i tried to launch the scan. I then downloaded the beta version to get the log file that i posted above.
I have downloaded another version of hijack this from your link and will do as you suggest and post a log file once everything else is completed.
Once again many thanks for your time and assistance.
I'm running Vundo now.
I am unable to remove the beta version of Hijack as i can't accesssoftware removal with the problem i have.
Initially i downloaded hijack and got a error message when i tried to launch the scan. I then downloaded the beta version to get the log file that i posted above.
I have downloaded another version of hijack this from your link and will do as you suggest and post a log file once everything else is completed.
Once again many thanks for your time and assistance.
After i clicked on Vundo to remove files i got the following error message:
Registry Editor
Cannot impoRT C:/VundoFix.reg:Error opening the file.There may be a disk or file system error.
It then shut down as you said and i ran hijack and obtained the following scan log file:
Logfile of HijackThis v1.99.1
Scan saved at 15:32:30, on 21/04/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\keyhook.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINNT\system32\sistray.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\imabunny.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.blueyonder.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINNT\system32\aseaptlg.dll
O2 - BHO: (no name) - {2F68DBD1-057A-49FF-943C-5EB7E98FFF88} - C:\WINNT\system32\ddmslvtr.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINNT\system32\aruqsfky.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {9D7EF71F-92F4-4E1E-93DE-E21436E4C815} - C:\WINNT\system32\pmnmlml.dll
O2 - BHO: (no name) - {B4DE4CC0-AC15-408C-B9B5-904325581A0A} - C:\WINNT\system32\ssttu.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINNT\system32\ggoyadys.dll",setvm
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1176049876859
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://flashcasino.ladbrokes.com/in...n/FlashAX2.cab
O20 - Winlogon Notify: pmnmlml - C:\WINNT\SYSTEM32\pmnmlml.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
Registry Editor
Cannot impoRT C:/VundoFix.reg:Error opening the file.There may be a disk or file system error.
It then shut down as you said and i ran hijack and obtained the following scan log file:
Logfile of HijackThis v1.99.1
Scan saved at 15:32:30, on 21/04/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\keyhook.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINNT\system32\sistray.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\imabunny.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.blueyonder.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINNT\system32\aseaptlg.dll
O2 - BHO: (no name) - {2F68DBD1-057A-49FF-943C-5EB7E98FFF88} - C:\WINNT\system32\ddmslvtr.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINNT\system32\aruqsfky.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {9D7EF71F-92F4-4E1E-93DE-E21436E4C815} - C:\WINNT\system32\pmnmlml.dll
O2 - BHO: (no name) - {B4DE4CC0-AC15-408C-B9B5-904325581A0A} - C:\WINNT\system32\ssttu.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINNT\system32\ggoyadys.dll",setvm
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1176049876859
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://flashcasino.ladbrokes.com/in...n/FlashAX2.cab
O20 - Winlogon Notify: pmnmlml - C:\WINNT\SYSTEM32\pmnmlml.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
It is fairly important to get VundoFix to clean up your infection - there are a lot of vundo files in there... I have added some lines to the instructions - follow these instead [if you see that warning again just close it and continue]; try to run vundo a few times, repeat the scan after it appears successful.
[Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4]
Double-click VundoFix.exe to start it, click the Scan for Vundo button.
****When the scan completes rclick inside the white text box, lclick the Addmore files? line, paste into the new window these two pathnames [one per line]:
C:\WINNT\system32\pmnmlml.dll
C:\WINNT\system32\lmlmnmp.*
Click the Add Files button, and next the Remove Vundo button.****
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.
Post the contents of C:\vundofix.txt plus a new HijackThis log.
[Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4]
Double-click VundoFix.exe to start it, click the Scan for Vundo button.
****When the scan completes rclick inside the white text box, lclick the Addmore files? line, paste into the new window these two pathnames [one per line]:
C:\WINNT\system32\pmnmlml.dll
C:\WINNT\system32\lmlmnmp.*
Click the Add Files button, and next the Remove Vundo button.****
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.
Post the contents of C:\vundofix.txt plus a new HijackThis log.
Last edited by gerbil; Apr 21st, 2007 at 11:18 pm.
I have tried to run VundoFix a few times and continually get the error message i mentioned the first time round.
I am unable to access the VundoFix txt,with the problem i have.
I have run another hijackthis log and here is the log:
Logfile of HijackThis v1.99.1
Scan saved at 12:30:02, on 22/04/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\keyhook.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINNT\system32\sistray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\taskmgr.exe
C:\Documents and Settings\Administrator\Desktop\imabunny.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.blueyonder.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINNT\system32\aseaptlg.dll
O2 - BHO: (no name) - {2F68DBD1-057A-49FF-943C-5EB7E98FFF88} - C:\WINNT\system32\ddmslvtr.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: (no name) - {604A0F9C-F7E8-4CC1-9F07-4C81E1CE1200} - C:\WINNT\system32\jkklj.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINNT\system32\aruqsfky.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {9D7EF71F-92F4-4E1E-93DE-E21436E4C815} - C:\WINNT\system32\pmnmlml.dll (file missing)
O2 - BHO: (no name) - {B4DE4CC0-AC15-408C-B9B5-904325581A0A} - C:\WINNT\system32\ssttu.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINNT\system32\ggoyadys.dll",setvm
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1176049876859
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://flashcasino.ladbrokes.com/in...n/FlashAX2.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
Is there an issue perhaps with VundoFix that is causing the error message during running the removal and should i try and find a different version perhaps?
I loaded the files into Vundo after the scan and clicked on remove Vundo, It seems to start going and then the error message appears. But it continues and i get to the reboot and continue. The system starts up and then Vundo runs from boot, but again the error message appears?
Thanx once again for your help - getting close to pulling hair out stage now lol.
I am unable to access the VundoFix txt,with the problem i have.
I have run another hijackthis log and here is the log:
Logfile of HijackThis v1.99.1
Scan saved at 12:30:02, on 22/04/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\keyhook.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINNT\system32\sistray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\taskmgr.exe
C:\Documents and Settings\Administrator\Desktop\imabunny.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.blueyonder.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINNT\system32\aseaptlg.dll
O2 - BHO: (no name) - {2F68DBD1-057A-49FF-943C-5EB7E98FFF88} - C:\WINNT\system32\ddmslvtr.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: (no name) - {604A0F9C-F7E8-4CC1-9F07-4C81E1CE1200} - C:\WINNT\system32\jkklj.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINNT\system32\aruqsfky.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {9D7EF71F-92F4-4E1E-93DE-E21436E4C815} - C:\WINNT\system32\pmnmlml.dll (file missing)
O2 - BHO: (no name) - {B4DE4CC0-AC15-408C-B9B5-904325581A0A} - C:\WINNT\system32\ssttu.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINNT\system32\ggoyadys.dll",setvm
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1176049876859
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://flashcasino.ladbrokes.com/in...n/FlashAX2.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
Is there an issue perhaps with VundoFix that is causing the error message during running the removal and should i try and find a different version perhaps?
I loaded the files into Vundo after the scan and clicked on remove Vundo, It seems to start going and then the error message appears. But it continues and i get to the reboot and continue. The system starts up and then Vundo runs from boot, but again the error message appears?
Thanx once again for your help - getting close to pulling hair out stage now lol.
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
Be cool, VundoFix did its job in those runs, even with that msg. Now to fish out some others. But first, you can open Task Manager with CtrlAlt Del; with any tab other than Networking you can use File > New task to get a run box. Type explorer into that. Dija get windows explorer opening? Can i have that vundo log now?
Anyway, Combofix: I'd like you to run this just so that I can see a bit of what went on in your sys; It may find a few malware issues also.
===Download this file: http://www.techsupportforum.com/sect...s/ComboFix.exe
...or from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Back to hijackthis...rescan [Scan Only] and place checkmarks against the following if they exist, and press Fix Checked.
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINNT\system32\aseaptlg.dll
O2 - BHO: (no name) - {2F68DBD1-057A-49FF-943C-5EB7E98FFF88} - C:\WINNT\system32\ddmslvtr.dl
O2 - BHO: (no name) - {604A0F9C-F7E8-4CC1-9F07-4C81E1CE1200} - C:\WINNT\system32\jkklj.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINNT\system32\aruqsfky.dll (file missing)
O2 - BHO: (no name) - {9D7EF71F-92F4-4E1E-93DE-E21436E4C815} - C:\WINNT\system32\pmnmlml.dll (file missing)
O2 - BHO: (no name) - {B4DE4CC0-AC15-408C-B9B5-904325581A0A} - C:\WINNT\system32\ssttu.dll (file missing)
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINNT\system32\ggoyadys.dll",setvm
You must be in an Administrator-privileged account to run this next procedure...
==Download Avenger from http://swandog46.geekstogo.com/avenger.zip
-unzip it to your desktop and start it; select “Input script manually” and then click the magnifying glass icon. Paste into the box this line:-
C:\WINNT\system32\aseaptlg.dll
C:\WINNT\system32\ddmslvtr.dl
C:\WINNT\system32\ggoyadys.dll
...and click Done, and finally the green light.
Follow promps to reboot your machine.
[The files, etc., that you asked Avenger to delete are zipped to C:\avenger\backup.zip.]
Avenger creates a log file that should open with the results of its actions. This file is located at C:\avenger.txt
Please post that log file, along with a new HT log, of course..
Anyway, Combofix: I'd like you to run this just so that I can see a bit of what went on in your sys; It may find a few malware issues also.
===Download this file: http://www.techsupportforum.com/sect...s/ComboFix.exe
...or from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Back to hijackthis...rescan [Scan Only] and place checkmarks against the following if they exist, and press Fix Checked.
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINNT\system32\aseaptlg.dll
O2 - BHO: (no name) - {2F68DBD1-057A-49FF-943C-5EB7E98FFF88} - C:\WINNT\system32\ddmslvtr.dl
O2 - BHO: (no name) - {604A0F9C-F7E8-4CC1-9F07-4C81E1CE1200} - C:\WINNT\system32\jkklj.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINNT\system32\aruqsfky.dll (file missing)
O2 - BHO: (no name) - {9D7EF71F-92F4-4E1E-93DE-E21436E4C815} - C:\WINNT\system32\pmnmlml.dll (file missing)
O2 - BHO: (no name) - {B4DE4CC0-AC15-408C-B9B5-904325581A0A} - C:\WINNT\system32\ssttu.dll (file missing)
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINNT\system32\ggoyadys.dll",setvm
You must be in an Administrator-privileged account to run this next procedure...
==Download Avenger from http://swandog46.geekstogo.com/avenger.zip
-unzip it to your desktop and start it; select “Input script manually” and then click the magnifying glass icon. Paste into the box this line:-
C:\WINNT\system32\aseaptlg.dll
C:\WINNT\system32\ddmslvtr.dl
C:\WINNT\system32\ggoyadys.dll
...and click Done, and finally the green light.
Follow promps to reboot your machine.
[The files, etc., that you asked Avenger to delete are zipped to C:\avenger\backup.zip.]
Avenger creates a log file that should open with the results of its actions. This file is located at C:\avenger.txt
Please post that log file, along with a new HT log, of course..
Last edited by gerbil; Apr 22nd, 2007 at 9:43 am.
Tries task manager to access explorer-still no good there.
Ran combo fix to produce the following log file:
C:\WINNT\system32\aseaptlg.dll
C:\WINNT\system32\ddmslvtr.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2000-01-07 to 20/04/2007 ))))))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2012/12/02 00:14 7424 --a------ C:\WINNT\system32\drivers\mskssrv.sys
2012/12/02 00:14 5504 --a------ C:\WINNT\system32\drivers\mstee.sys
2012/12/02 00:14 5248 --a------ C:\WINNT\system32\drivers\mspclock.sys
2012/12/02 00:14 4096 --a------ C:\WINNT\system32\drivers\swenum.sys
2012/12/02 00:14 130304 --a------ C:\WINNT\system32\drivers\ks.sys
2011/01/06 13:58 54840 --a------ C:\WINNT\system32\drivers\FreeTdi.sys
2009/07/04 04:27 48512 --a------ C:\WINNT\system32\drivers\stream.sys
2009/07/04 02:58 83968 --a------ C:\WINNT\system32\drivers\nabtsfec.sys
2009/07/04 02:58 56832 --a------ C:\WINNT\system32\drivers\msdv.sys
2009/07/04 02:58 18688 --a------ C:\WINNT\system32\drivers\wstcodec.sys
2009/07/04 02:58 16384 --a------ C:\WINNT\system32\drivers\ccdecode.sys
2009/07/04 02:58 15104 --a------ C:\WINNT\system32\drivers\mpe.sys
2009/07/04 02:58 14976 --a------ C:\WINNT\system32\drivers\streamip.sys
2009/07/04 02:58 11392 --a------ C:\WINNT\system32\drivers\bdasup.sys
2009/07/04 02:58 10880 --a------ C:\WINNT\system32\drivers\slip.sys
2009/07/04 02:58 10112 --a------ C:\WINNT\system32\drivers\ndisip.sys
2007/12/99 13:00 9680 --a------ C:\WINNT\system32\drivers\netdtect.sys
2007/12/99 13:00 88816 --a------ C:\WINNT\system32\drivers\lvcam.sys
2007/12/99 13:00 8016 --a------ C:\WINNT\system32\drivers\rasacd.sys
2007/12/99 13:00 79120 --a------ C:\WINNT\system32\drivers\lvcodek.sys
2007/12/99 13:00 6512 --a------ C:\WINNT\system32\drivers\parvdm.sys
2007/12/99 13:00 6032 --a------ C:\WINNT\system32\drivers\rootmdm.sys
2007/12/99 13:00 59280 --a------ C:\WINNT\system32\drivers\vdmindvd.sys
2007/12/99 13:00 58480 --a------ C:\WINNT\system32\drivers\nwlnkspx.sys
2007/12/99 13:00 57904 --a------ C:\WINNT\system32\drivers\atmarpc.sys
2007/12/99 13:00 52048 --a------ C:\WINNT\system32\drivers\tosdvd.sys
2007/12/99 13:00 4240 --a------ C:\WINNT\system32\drivers\wmilib.sys
2007/12/99 13:00 4240 --a------ C:\WINNT\system32\drivers\mnmdd.sys
2007/12/99 13:00 4080 --a------ C:\WINNT\system32\drivers\beep.sys
2007/12/99 13:00 40432 --a------ C:\WINNT\system32\drivers\ndproxy.sys
2007/12/99 13:00 37040 --a------ C:\WINNT\system32\drivers\npfs.sys
2007/12/99 13:00 35344 --a------ C:\WINNT\system32\drivers\nwlnkfwd.sys
2007/12/99 13:00 35024 --a------ C:\WINNT\system32\drivers\rawwan.sys
2007/12/99 13:00 34416 --a------ C:\WINNT\system32\drivers\ipfltdrv.sys
2007/12/99 13:00 33456 --a------ C:\WINNT\system32\drivers\netbios.sys
2007/12/99 13:00 2800 --a------ C:\WINNT\system32\drivers\null.sys
2007/12/99 13:00 272496 --a------ C:\WINNT\system32\drivers\cinemst2.sys
2007/12/99 13:00 23888 --a------ C:\WINNT\system32\drivers\usbcamd.sys
2007/12/99 13:00 22000 --a------ C:\WINNT\system32\drivers\tsbvcap.sys
2007/12/99 13:00 21712 --a------ C:\WINNT\system32\drivers\rca.sys
2007/12/99 13:00 21328 --a------ C:\WINNT\system32\drivers\msfs.sys
2007/12/99 13:00 19984 --a------ C:\WINNT\system32\drivers\ipinip.sys
2007/12/99 13:00 19088 --a------ C:\WINNT\system32\drivers\cdaudio.sys
2007/12/99 13:00 17424 --a------ C:\WINNT\system32\drivers\lvsound.sys
2007/12/99 13:00 16880 --a------ C:\WINNT\system32\drivers\raspti.sys
2007/12/99 13:00 15120 --a------ C:\WINNT\system32\drivers\usbintel.sys
2007/12/99 13:00 14832 --a------ C:\WINNT\system32\drivers\smclib.sys
2007/12/99 13:00 13968 --a------ C:\WINNT\system32\drivers\vga.sys
2007/12/99 13:00 12880 --a------ C:\WINNT\system32\drivers\class2.sys
2007/12/99 13:00 12560 --a------ C:\WINNT\system32\drivers\nwlnkflt.sys
2007/12/99 13:00 12368 --a------ C:\WINNT\system32\drivers\fsvga.sys
2007/12/99 13:00 12016 --a------ C:\WINNT\system32\drivers\ws2ifsl.sys
2007/12/99 13:00 105840 --a------ C:\WINNT\system32\drivers\streams.sys
2007/12/99 13:00 102160 --a------ C:\WINNT\system32\drivers\nbf.sys
2006/11/99 11:11 44528 --a------ C:\WINNT\system32\drivers\es1371mp.sys
2005/06/06 14:30 829008 -ra------ C:\WINNT\system32\drivers\css-dvp.sys
2004/04/07 13:19 59984 --a------ C:\WINNT\system32\drivers\iksysflt.sys
2002/08/02 03:30 35427 -ra------ C:\WINNT\system32\drivers\sisnic.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINNT\system32\aseaptlg.dll [x]
{2F68DBD1-057A-49FF-943C-5EB7E98FFF88} C:\WINNT\system32\ddmslvtr.dll [x]
{3C060EA2-E6A9-4E49-A530-D4657B8C449A} C:\Program Files\Virgin Broadband\PCguard\pkR.dll
{56071E0D-C61B-11D3-B41C-00E02927A304} C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
{604A0F9C-F7E8-4CC1-9F07-4C81E1CE1200} C:\WINNT\system32\jkklj.dll [x]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{B4DE4CC0-AC15-408C-B9B5-904325581A0A} C:\WINNT\system32\ssttu.dll [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"SiS Windows KeyHook"="C:\\WINNT\\System32\\keyhook.exe"
"Broadbandadvisor.exe"="\"C:\\Program Files\\Virgin Broadband\\advisor\\Broadbandadvisor.exe\" /AUTORUN"
"PCguard"="\"C:\\Program Files\\Virgin Broadband\\PCguard\\Rps.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"pdfSaver3"=""
"602PC SUITE PDF Saver"="\"C:\\Program Files\\Common Files\\soft602\\pdfSaver.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
"pdfSaver3"="\"C:\\Program Files\\PDF\\pdfSaver\\pdfSaver3.exe\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0
hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
WmdmPmSN
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-22 14:15:23
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: Sun 22/04/2007 14:15:28
C:\ComboFix-quarantined-files.txt ... 22/04/07 14:15
Now going to run through the hijackthis part and will post finished log file as soon as complete.
Ran combo fix to produce the following log file:
C:\WINNT\system32\aseaptlg.dll
C:\WINNT\system32\ddmslvtr.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2000-01-07 to 20/04/2007 ))))))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2012/12/02 00:14 7424 --a------ C:\WINNT\system32\drivers\mskssrv.sys
2012/12/02 00:14 5504 --a------ C:\WINNT\system32\drivers\mstee.sys
2012/12/02 00:14 5248 --a------ C:\WINNT\system32\drivers\mspclock.sys
2012/12/02 00:14 4096 --a------ C:\WINNT\system32\drivers\swenum.sys
2012/12/02 00:14 130304 --a------ C:\WINNT\system32\drivers\ks.sys
2011/01/06 13:58 54840 --a------ C:\WINNT\system32\drivers\FreeTdi.sys
2009/07/04 04:27 48512 --a------ C:\WINNT\system32\drivers\stream.sys
2009/07/04 02:58 83968 --a------ C:\WINNT\system32\drivers\nabtsfec.sys
2009/07/04 02:58 56832 --a------ C:\WINNT\system32\drivers\msdv.sys
2009/07/04 02:58 18688 --a------ C:\WINNT\system32\drivers\wstcodec.sys
2009/07/04 02:58 16384 --a------ C:\WINNT\system32\drivers\ccdecode.sys
2009/07/04 02:58 15104 --a------ C:\WINNT\system32\drivers\mpe.sys
2009/07/04 02:58 14976 --a------ C:\WINNT\system32\drivers\streamip.sys
2009/07/04 02:58 11392 --a------ C:\WINNT\system32\drivers\bdasup.sys
2009/07/04 02:58 10880 --a------ C:\WINNT\system32\drivers\slip.sys
2009/07/04 02:58 10112 --a------ C:\WINNT\system32\drivers\ndisip.sys
2007/12/99 13:00 9680 --a------ C:\WINNT\system32\drivers\netdtect.sys
2007/12/99 13:00 88816 --a------ C:\WINNT\system32\drivers\lvcam.sys
2007/12/99 13:00 8016 --a------ C:\WINNT\system32\drivers\rasacd.sys
2007/12/99 13:00 79120 --a------ C:\WINNT\system32\drivers\lvcodek.sys
2007/12/99 13:00 6512 --a------ C:\WINNT\system32\drivers\parvdm.sys
2007/12/99 13:00 6032 --a------ C:\WINNT\system32\drivers\rootmdm.sys
2007/12/99 13:00 59280 --a------ C:\WINNT\system32\drivers\vdmindvd.sys
2007/12/99 13:00 58480 --a------ C:\WINNT\system32\drivers\nwlnkspx.sys
2007/12/99 13:00 57904 --a------ C:\WINNT\system32\drivers\atmarpc.sys
2007/12/99 13:00 52048 --a------ C:\WINNT\system32\drivers\tosdvd.sys
2007/12/99 13:00 4240 --a------ C:\WINNT\system32\drivers\wmilib.sys
2007/12/99 13:00 4240 --a------ C:\WINNT\system32\drivers\mnmdd.sys
2007/12/99 13:00 4080 --a------ C:\WINNT\system32\drivers\beep.sys
2007/12/99 13:00 40432 --a------ C:\WINNT\system32\drivers\ndproxy.sys
2007/12/99 13:00 37040 --a------ C:\WINNT\system32\drivers\npfs.sys
2007/12/99 13:00 35344 --a------ C:\WINNT\system32\drivers\nwlnkfwd.sys
2007/12/99 13:00 35024 --a------ C:\WINNT\system32\drivers\rawwan.sys
2007/12/99 13:00 34416 --a------ C:\WINNT\system32\drivers\ipfltdrv.sys
2007/12/99 13:00 33456 --a------ C:\WINNT\system32\drivers\netbios.sys
2007/12/99 13:00 2800 --a------ C:\WINNT\system32\drivers\null.sys
2007/12/99 13:00 272496 --a------ C:\WINNT\system32\drivers\cinemst2.sys
2007/12/99 13:00 23888 --a------ C:\WINNT\system32\drivers\usbcamd.sys
2007/12/99 13:00 22000 --a------ C:\WINNT\system32\drivers\tsbvcap.sys
2007/12/99 13:00 21712 --a------ C:\WINNT\system32\drivers\rca.sys
2007/12/99 13:00 21328 --a------ C:\WINNT\system32\drivers\msfs.sys
2007/12/99 13:00 19984 --a------ C:\WINNT\system32\drivers\ipinip.sys
2007/12/99 13:00 19088 --a------ C:\WINNT\system32\drivers\cdaudio.sys
2007/12/99 13:00 17424 --a------ C:\WINNT\system32\drivers\lvsound.sys
2007/12/99 13:00 16880 --a------ C:\WINNT\system32\drivers\raspti.sys
2007/12/99 13:00 15120 --a------ C:\WINNT\system32\drivers\usbintel.sys
2007/12/99 13:00 14832 --a------ C:\WINNT\system32\drivers\smclib.sys
2007/12/99 13:00 13968 --a------ C:\WINNT\system32\drivers\vga.sys
2007/12/99 13:00 12880 --a------ C:\WINNT\system32\drivers\class2.sys
2007/12/99 13:00 12560 --a------ C:\WINNT\system32\drivers\nwlnkflt.sys
2007/12/99 13:00 12368 --a------ C:\WINNT\system32\drivers\fsvga.sys
2007/12/99 13:00 12016 --a------ C:\WINNT\system32\drivers\ws2ifsl.sys
2007/12/99 13:00 105840 --a------ C:\WINNT\system32\drivers\streams.sys
2007/12/99 13:00 102160 --a------ C:\WINNT\system32\drivers\nbf.sys
2006/11/99 11:11 44528 --a------ C:\WINNT\system32\drivers\es1371mp.sys
2005/06/06 14:30 829008 -ra------ C:\WINNT\system32\drivers\css-dvp.sys
2004/04/07 13:19 59984 --a------ C:\WINNT\system32\drivers\iksysflt.sys
2002/08/02 03:30 35427 -ra------ C:\WINNT\system32\drivers\sisnic.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINNT\system32\aseaptlg.dll [x]
{2F68DBD1-057A-49FF-943C-5EB7E98FFF88} C:\WINNT\system32\ddmslvtr.dll [x]
{3C060EA2-E6A9-4E49-A530-D4657B8C449A} C:\Program Files\Virgin Broadband\PCguard\pkR.dll
{56071E0D-C61B-11D3-B41C-00E02927A304} C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
{604A0F9C-F7E8-4CC1-9F07-4C81E1CE1200} C:\WINNT\system32\jkklj.dll [x]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{B4DE4CC0-AC15-408C-B9B5-904325581A0A} C:\WINNT\system32\ssttu.dll [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"SiS Windows KeyHook"="C:\\WINNT\\System32\\keyhook.exe"
"Broadbandadvisor.exe"="\"C:\\Program Files\\Virgin Broadband\\advisor\\Broadbandadvisor.exe\" /AUTORUN"
"PCguard"="\"C:\\Program Files\\Virgin Broadband\\PCguard\\Rps.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"pdfSaver3"=""
"602PC SUITE PDF Saver"="\"C:\\Program Files\\Common Files\\soft602\\pdfSaver.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
"pdfSaver3"="\"C:\\Program Files\\PDF\\pdfSaver\\pdfSaver3.exe\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0
hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
WmdmPmSN
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-22 14:15:23
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: Sun 22/04/2007 14:15:28
C:\ComboFix-quarantined-files.txt ... 22/04/07 14:15
Now going to run through the hijackthis part and will post finished log file as soon as complete.
Ok i downloaded and ran Avenger, got an error message to say the selected file wasn't a valid script?
It then said runtime error 1813.
I have done another HT log file:
Logfile of HijackThis v1.99.1
Scan saved at 14:27:59, on 22/04/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\keyhook.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINNT\system32\sistray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\imabunny.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.blueyonder.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1176049876859
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://flashcasino.ladbrokes.com/in...n/FlashAX2.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
Thanks again.
It then said runtime error 1813.
I have done another HT log file:
Logfile of HijackThis v1.99.1
Scan saved at 14:27:59, on 22/04/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\keyhook.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINNT\system32\sistray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\imabunny.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.blueyonder.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1176049876859
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://flashcasino.ladbrokes.com/in...n/FlashAX2.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
Thanks again.
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
Avenger put up the error because ComoFix got two of the files previously. I cannot see yet that it got this one, so please try Avenger again, but only enter this pathname into the script box...
C:\WINNT\system32\ggoyadys.dll
Next, download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
===GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5 -the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and UPDATE it.
Start AVG a-s 7.5; under Scanner/ Settings set Recommended actions to Quarantine, and run the scan. Save the log file and only then click Apply all actions. Post the log file.
...we are getting there, the HT log is clean...
C:\WINNT\system32\ggoyadys.dll
Next, download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
===GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5 -the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and UPDATE it.
Start AVG a-s 7.5; under Scanner/ Settings set Recommended actions to Quarantine, and run the scan. Save the log file and only then click Apply all actions. Post the log file.
...we are getting there, the HT log is clean...
Deep, deep in the woods, but walking about.
|
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: i have no idea what is wrong...hijack this log
- Next Thread: Hijack This log analysis
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exploit facebook fake gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirecting reliability report research risk rogueantivirus samhain sans scareware school search security sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted usa virus viruses war warning windows worm yahoo zeroday
