0

gerbil,
Thanks again, I have completed the different scans: ATF, AVG and HijackThis. Please review the logs for AVG and HijackThis.


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:59:55 AM 6/22/2007

+ Scan result:

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000383.dll -> Adware.Agent : Cleaned.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000382.dll -> Adware.TTC : Cleaned.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000376.exe -> Downloader.Agent.bls : Cleaned.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000377.exe -> Downloader.Agent.bls : Cleaned.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000373.exe -> Downloader.Agent.brf : Cleaned.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000374.exe -> Downloader.Agent.brf : Cleaned.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000372.exe -> Downloader.PurityScan.eg : Cleaned.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000378.exe -> Downloader.Small.nqj : Cleaned.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000379.exe -> Downloader.VB.awj : Cleaned.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000375.exe -> Downloader.VB.aya : Cleaned.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000380.exe -> Dropper.Agent.bfr : Cleaned.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000381.dll -> Logger.VBStat.c : Cleaned.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000384.exe -> Not-A-Virus.Downloader.Win32.WinFixer.x : Cleaned.
C:\Documents and Settings\Go\Cookies\go@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Go\Cookies\go@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Go\Cookies\go@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\Go\Cookies\go@www.abcsearch[2].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\Go\Cookies\go@4.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Go\Cookies\go@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Go\Cookies\go@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Go\Cookies\go@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Go\Cookies\go@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Go\Cookies\go@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Go\Cookies\go@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Go\Cookies\go@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Go\Cookies\go@doubleclick[3].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Go\Cookies\go@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned.
C:\Documents and Settings\Go\Cookies\go@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Go\Cookies\go@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Go\Cookies\go@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 11:04:56 AM, on 6/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\RegistrySmart\RegistrySmart.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\1143984115\ee\aolsoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Common Files\AOL\1143984115\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\AOL\1143984115\ee\aolsoftware.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Rar$EX06.172\bunny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ajxgjla.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: (no name) - {694CDA59-0CF1-4164-95B5-F00A6967B8AD} - C:\WINDOWS\system32\awtqp.dll (file missing)
O2 - BHO: (no name) - {723a75d1-4266-4cd4-a64e-d9a56dff5e44} - C:\WINDOWS\system32\agerdnm.dll (file missing)
O2 - BHO: (no name) - {88C91A94-FC53-4313-AF73-3D28EA7195C8} - C:\Program Files\Common Files\rymyd.dll (file missing)
O2 - BHO: (no name) - {9A684959-C5A9-4487-8693-315C7D53DB84} - C:\Program Files\Windows NT\ryfynoxul58441.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (file missing)
O4 - HKLM\..\Run: [xvepxe] C:\WINDOWS\system32\yeaxyg.exe reg_run
O4 - HKLM\..\Run: [win320495967] C:\WINDOWS\win320495967.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1143984115\ee\SSCRun.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1143984115\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1143984115\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.7.4\webbuying.exe
O4 - HKCU\..\Run: [uskqa] C:\WINDOWS\system32\yeaxyg.exe reg_run
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPluginNOSSO.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182392063968
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O20 - Winlogon Notify: awtsp - C:\WINDOWS\system32\awtsp.dll (file missing)
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\wkdsp.dll (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\wrapi.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online, Inc - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Microsoft SCC Host Protocol (POOLSVR) - Unknown owner - C:\WINDOWS\poolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

2
Contributors
5
Replies
6
Views
10 Years
Discussion Span
Last Post by gerbil
0

Ok, goman, sre you ready to work?
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ajxgjla.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: (no name) - {694CDA59-0CF1-4164-95B5-F00A6967B8AD} - C:\WINDOWS\system32\awtqp.dll (file missing)
O2 - BHO: (no name) - {723a75d1-4266-4cd4-a64e-d9a56dff5e44} - C:\WINDOWS\system32\agerdnm.dll (file missing)
O2 - BHO: (no name) - {88C91A94-FC53-4313-AF73-3D28EA7195C8} - C:\Program Files\Common Files\rymyd.dll (file missing)
O2 - BHO: (no name) - {9A684959-C5A9-4487-8693-315C7D53DB84} - C:\Program Files\Windows NT\ryfynoxul58441.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (file missing)
O4 - HKLM\..\Run: [xvepxe] C:\WINDOWS\system32\yeaxyg.exe reg_run
O4 - HKLM\..\Run: [win320495967] C:\WINDOWS\win320495967.exe
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.7.4\webbuying.exe
O4 - HKCU\..\Run: [uskqa] C:\WINDOWS\system32\yeaxyg.exe reg_run
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O20 - Winlogon Notify: awtsp - C:\WINDOWS\system32\awtsp.dll (file missing)
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\wkdsp.dll (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\wrapi.dll (file missing)
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online, Inc - (no file)
O23 - Service: Microsoft SCC Host Protocol (POOLSVR) - Unknown owner - C:\WINDOWS\poolsv.exe (file missing)

Good. Now go Start, run, type cmd and press OK, then paste these two lines into the window at the prompt and press Enter after each; close the window:

sc delete aolavupd
sc delete POOLSVR

Search in your computer for this file and delete it; it could be in c:\windows, or c:\windows\system32, but I am not sure..:

ajxgjla.exe

Delete these files, and also the Web Buying folder:

C:\WINDOWS\system32\yeaxyg.exe
C:\WINDOWS\win320495967.exe
C:\Program Files\Web Buying\v1.7.4\webbuying.exe

Go Start, and paste this into the run window:

%systemroot%\system32\restore\rstrui.exe

in the left pane press Sys Res Settings, and then place a check against Turn off System Restore on all Drives, Apply and OK. Immediately go back into that window and turn Sys Res back on for all drives : this lil game deletes all your old system restore points, we are doing this because AVG found infections in there.

Dload and run Combofix:
Download this file to your desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
...or from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Download SDFix from here: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
and save it to your desktop. Dclick SDFix.exe and choose Run to extract it to %systemdrive%, which commonly will be C:\
Restart your computer in Safe Mode:- press F8 several times while POST is running and before IDE detection completes.
- On the Windows Advanced Options Menu, select Safe Mode and press Enter.
- When the Boot Menu appears again, select Microsoft Windows XP and press Enter.
- Log in by using the Administrator account and password. NOTE: The password is blank by default unless you set a password.
Open the extracted SDFix folder, C:\SDFix and double click RunThis.bat to start the script. Type Y to begin the cleanup.
You will be prompted to press any key to Reboot - the pc will then restart.
The tool will run again and complete the removal process then display Finished; press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Restart the pc in normal mode. Post the contents of the file Report.txt here, along with the log of a fresh hijackthis scan run in normal mode.
It is possibly overkill running SDFix, but what the heck, it's your time, not mine.. :)

Edited by mike_2000_17: Fixed formatting

0

gerbil...your right a bit of work, however, it's worth the additional effort. I have completed HJT fix checked, search to
deleted files (no files were found), turn-off/on system restore, ran combofix.exe and sdfix.exe.
Please see logs, reports... (combofix, SDfix, HJT)
Thanks again,

ComboFix 07-06-18.2 - C:\Documents and Settings\Go\My Documents\ComboFix.exe
"Go" - 2007-06-24  8:47:43 - Service Pack 2  NTFS  


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\{0000E~1
C:\Program Files\Common Files\{0000E~1\services.dll
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\WinAntiSpyware 2007
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\Common Files\zyzov.html
C:\Temp\0b9
C:\Temp\0b9\tmpTF.log
C:\Temp\tn3
C:\WINDOWS\sstem3~1
C:\WINDOWS\sstem3~1\msdtc.exe


(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR


(((((((((((((((((((((((((   Files Created from 2007-05-24 to 2007-06-24  )))))))))))))))))))))))))))))))


2007-06-24 00:00    49,152  --a------   C:\WINDOWS\nircmd.exe
2007-06-22 08:31    10,872  --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-21 20:16    <DIR>    d--------   C:\Program Files\Rar$EX06.172
2007-06-21 19:01    <DIR>    d--------   C:\VundoFix Backups
2007-06-21 18:20    271,224 --a------   C:\WINDOWS\system32\mucltui.dll
2007-06-20 23:17    <DIR>    d--------   C:\Program Files\RegistrySmart
2007-06-20 23:17    <DIR>    d--------   C:\DOCUME~1\Go\APPLIC~1\RegistrySmart
2007-06-19 19:10    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-18 22:35    <DIR>    d--------   C:\DOCUME~1\NETWOR~1\APPLIC~1\McAfee.com Personal Firewall
2007-06-18 13:39    18,432  --a------   C:\WINDOWS\system32\drivers\ApiMon.sys
2007-06-18 13:39    <DIR>    dr-------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor
2007-06-18 13:39    <DIR>    d--------   C:\WINDOWS\system32\win
2007-06-18 13:39    <DIR>    d--------   C:\WINDOWS\system32\S7
2007-06-18 13:39    <DIR>    d--------   C:\WINDOWS\system32\S6
2007-06-18 13:39    <DIR>    d--------   C:\WINDOWS\system32\S4
2007-06-18 13:39    <DIR>    d--------   C:\WINDOWS\system32\S1
2007-06-18 13:39    <DIR>    d--------   C:\WINDOWS\system32\S0
2007-06-18 13:39    <DIR>    d--------   C:\WINDOWS\system32\o09PrEz
2007-06-18 13:39    <DIR>    d--------   C:\Temp\iee
2007-06-18 13:39    <DIR>    d--------   C:\Temp
2007-06-18 13:38    <DIR>    d--------   C:\Program Files\svhost


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 13:50:05 --------    d-----w C:\Program Files\Windows NT
2007-06-22 02:17:37 --------    d-----w C:\DOCUME~1\Go\APPLIC~1\SolidWorks
2007-06-21 01:04:55 --------    d-----w C:\Program Files\MUSICMATCH
2007-06-21 00:55:20 --------    d-----w C:\Program Files\Pure Networks
2007-06-21 00:42:50 --------    d-----w C:\Program Files\Common Files\aolshare
2007-06-21 00:42:27 --------    d--h--w C:\Program Files\InstallShield Installation Information
2007-06-21 00:28:05 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-06-10 23:42:20 --------    d-----w C:\DOCUME~1\Go\APPLIC~1\U3
2007-06-08 02:48:05 --------    d-----w C:\DOCUME~1\Go\APPLIC~1\Xfire
2007-06-08 00:18:59 --------    d-s---w C:\Program Files\Xfire
2007-05-24 05:35:19 --------    d-----w C:\Program Files\Common Files\AOL
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-08 03:36:13 --------    d-----w C:\Program Files\Prentice Hall Interactive Text
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400   ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624  ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936   ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504  ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080  ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352  ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll
2006-07-01 15:35:44 104 --sh--r C:\WINDOWS\system32\AF7C6B3A1F.sys
2006-07-01 15:35:47 3,350   --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 15:15]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 16:55]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"sscRun"="C:\Program Files\Common Files\AOL\1143984115\ee\SSCRun.exe" [2006-11-20 16:42]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 C:\WINDOWS\stsystra.exe]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [2007-06-15 10:36]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-10-05 12:47]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-26 14:54]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 13:01 C:\WINDOWS\system32\P0630Pin.dll]
"OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [2005-08-18 16:57]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-08-22 15:31]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-08-26 15:26]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"HostManager"="C:\Program Files\Common Files\AOL\1143984115\ee\AOLSoftware.exe" [2006-09-25 20:52]
"EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [2005-10-19 12:13]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-14 22:05]
"AOLSPScheduler"="C:\Program Files\Common Files\AOL\1143984115\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe" [2006-11-20 16:42]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-24 00:09]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 05:17]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Uaol"="C:\WINDOWS\SSTEM3~1\msdtc.exe" -vt yazr
"imui"=c:\stub_113_4_0_4_0new.exe
"PSHope"="C:\Program Files\PSHope\PSHope.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Common Files\zyzov.html
FriendlyName= 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

*Newly Created Service* - ENTDRV51

Contents of the 'Scheduled Tasks' folder
2007-06-24 12:51:29  C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (GO2-Go).job
2007-06-24 12:51:40  C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-06-24 08:51:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-24  8:54:52 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-24 08:54

    --- E O F ---
SDFix: Version 1.88

Run by Administrator on Sun 06/24/2007 at 09:19 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 






Restoring Windows Registry Values
Restoring Windows Default Hosts File 
Restoring Missing SharedAccess Service 

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

Checking C:\WINDOWS
C:\WINDOWS
No streams found. 

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found. 

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



                                 Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------


Listing Files with Hidden Attributes:

C:\Documents and Settings\Go\My Documents\My Music\Encryption stuff\PocketCache Trial Version\BackupRestoreBus.dll
C:\Documents and Settings\Go\My Documents\My Music\Encryption stuff\SecurDataStorRM\Files\msghxx.dllz
C:\Documents and Settings\Go\My Documents\My Music\Encryption stuff\SecurDataStorRM\Files\MSVCR71.DLLz
C:\Documents and Settings\Go\My Documents\My Music\Encryption stuff\SecurDataStorRM\Files\CopyFile.exe
C:\Documents and Settings\Go\My Documents\My Music\Encryption stuff\SecurDataStorRM\Files\SecurDataStor.exe
C:\Documents and Settings\Go\My Documents\My Music\Encryption stuff\SecurDataStorRM\Files\Viewer.exez
C:\Program Files\America Online 9.0a\AOLphx.exe
C:\Program Files\America Online 9.0a\rbm.exe
C:\WINDOWS\system32\AF7C6B3A1F.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL0003.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL0005.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL0006.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL0041.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL0145.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL0711.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL0766.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL0900.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL0906.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL0923.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL0989.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL1037.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL1290.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL1517.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL1552.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL1687.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL2197.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL2204.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL2234.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL2296.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL2442.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL2448.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL2452.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL2496.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL2515.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL2662.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL2768.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL2918.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL3243.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL3318.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL3628.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL3653.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL3783.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL3817.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL3836.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL3842.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL3865.tmp
C:\Documents and Settings\Go\Application Data\Microsoft\Word\~WRL3930.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\~WRL0003.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\~WRL0003.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\~WRL1156.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL0001.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL0002.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL0292.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL0425.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL0544.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL0596.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL0814.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL0819.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL0871.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL1251.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL1481.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL1607.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL1636.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL1701.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL2045.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL2137.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL2375.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL2394.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL2793.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL2819.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL2864.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL2934.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL2996.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL3031.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL3036.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL3152.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL3158.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL3218.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL3355.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL3421.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL3450.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL3763.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL3954.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL4054.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\2006-2007\phillips\~WRL4062.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\4p\~WRL0109.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\4p\~WRL1115.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\4p\~WRL1338.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\4p\~WRL1541.tmp
C:\Documents and Settings\Go\My Documents\Jamison's syuff\4p\~WRL3568.tmp
C:\Documents and Settings\Go\My Documents\Jonathan's Stuff\College Stuff2\~WRL0003.tmp
C:\Documents and Settings\Go\My Documents\Jonathan's Stuff\College Stuff2\~WRL2328.tmp
C:\Documents and Settings\Go\My Documents\Jonathan's Stuff\Literature\~WRL0027.tmp
C:\Documents and Settings\Go\My Documents\Jonathan's Stuff\Literature\~WRL1376.tmp
C:\WINDOWS\system32\config\DEFAULT.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG
C:\WINDOWS\system32\config\SYSTEM.tmp.LOG

Listing User Accounts:


Administrator            Go                       Guest                    
HelpAssistant            SUPPORT_388945a0         


                                 Finished 

Logfile of HijackThis v1.99.1
Scan saved at 9:46:01 AM, on 6/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\RegistrySmart\RegistrySmart.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RunDLL32.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Common Files\AOL\1143984115\ee\aolsoftware.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\AOL\1143984115\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\1143984115\ee\aolsoftware.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Rar$EX06.172\bunny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.yahoo.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://www.dell4me.com/myway[/url]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1143984115\ee\SSCRun.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1143984115\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1143984115\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPluginNOSSO.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182392063968
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by mike_2000_17: Fixed formatting

0

Looks good, goman. Btw, where did you get Vundofix from? Here:?
http://www.atribune.org/ccount/click.php?id=4
-it is just that it pays to get the latest and best - he updates it continuously. If in doubt, get it from there and run it.
Apart from that point, I think it is safe to turn you out into the world again.
Cheers, g.

0

Yes, I believe that is correct; it was from one of your previous threads. Many thanks for your time and help. In the future and as a precautionary measure, how can one best guard against these viruses?

Thanks,
Goman

0

Some downloads, sites etc are just plain dodgy. I use Spywareblaster as a blocker, but apart from that you have AV, AS and a firewall. None are perfect. Sensible browsing is very important. You can survive on the web quite nicely with windows firewall as your only protection if all you do is visit your bank's website...
Just think about what you are clicking on, but there are the odd sites that will give you a problem if you just mouse-over a link. It's interesting out there.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.