1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

WinAntiVirus - HJT log

Discussion in 'Malware and Virus Removal Archive' started by Harry78, 2007/07/02.

  1. 2007/07/02
    Harry78

    Harry78 Inactive Thread Starter

    Joined:
    2007/07/02
    Messages:
    14
    Likes Received:
    0
    Moderator note:....

    This thread refers ......

    http://www.windowsbbs.com/showthread.php?t=65748


    Logfile of HijackThis v1.99.1
    Scan saved at 12:21:38 AM, on 7/3/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\HJT\HJT.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O2 - BHO: (no name) - {AFBB1ACD-0008-5448-E72D-C890384E7E46} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [AOL Today] C:\WINDOWS\\\\\\\\\\\\\
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize314.exe "
    O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe "
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?06b2ef455ad5441cbeb24560710029d9
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?06b2ef455ad5441cbeb24560710029d9
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Harry Lumsden\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/CursorManiaFWBInitialSetup1.0.0.8-2.cab
    O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://download.007guard.com/msnnames/msnnames.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/download/2006/WinFixer2006FreeInstall.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner/WinFixer2005FreeInstall.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\mshta.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  2. 2007/07/03
    Harry78

    Harry78 Inactive Thread Starter

    Joined:
    2007/07/02
    Messages:
    14
    Likes Received:
    0
    Can anybody help and tell me what to remove please :p
     

  3. to hide this advert.

  4. 2007/07/03
    Harry78

    Harry78 Inactive Thread Starter

    Joined:
    2007/07/02
    Messages:
    14
    Likes Received:
    0
    I don't have a clue what I'm removing - so any help IS appreciated :cool:
     
  5. 2007/07/04
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Harry78

    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

    Now please do this.

    Download ComboFix from Here or [color= "Red"]Here[/color] to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Please post the two logs and a New HJT log.

    Thanks
    Geri
     
    Geri,
    #4
  6. 2007/07/05
    Harry78

    Harry78 Inactive Thread Starter

    Joined:
    2007/07/02
    Messages:
    14
    Likes Received:
    0
    As requested Geri..

    VundoFix V6.5.4 Log

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Scan started at 9:08:23 PM 7/5/2007

    Listing files found while scanning....

    C:\Documents and settings\Harry Lumsden\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
    C:\Documents and settings\Harry Lumsden\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
    C:\windows\system32\awtuvvt.dll
    C:\windows\system32\byxxyyy.dll
    C:\windows\system32\ddcdccd.dll
    C:\windows\system32\ddcdebc.dll
    C:\WINDOWS\system32\dpdkssng.dll
    C:\windows\system32\fccbyax.dll
    C:\windows\system32\gebbaxu.dll
    C:\windows\system32\gtjolduj.exe
    C:\windows\system32\hggebxx.dll
    C:\WINDOWS\system32\isrsykrm.dll
    C:\windows\system32\jkkljgf.dll
    C:\windows\system32\khfebbx.dll
    C:\windows\system32\khfgfgd.dll
    C:\windows\system32\mljgdba.dll
    C:\windows\system32\mljkkki.dll
    C:\windows\system32\nnnljhe.dll
    C:\windows\system32\nnnmjii.dll
    C:\windows\system32\opnnmkk.dll
    C:\windows\system32\pmnmmjg.dll
    C:\windows\system32\rqroooo.dll
    C:\windows\system32\rqropqo.dll
    C:\windows\system32\rqrpqqn.dll
    C:\windows\system32\rqrpqrs.dll
    C:\windows\system32\ssqnllm.dll
    C:\windows\system32\ssqooop.dll
    C:\windows\system32\uqpsmrfl.exe
    C:\windows\system32\vtuttts.dll
    C:\windows\system32\xxyaxwx.dll
    C:\windows\system32\xxywxvs.dll
    C:\windows\system32\xxyxvvv.dll

    Beginning removal...

    Attempting to delete C:\Documents and settings\Harry Lumsden\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
    C:\Documents and settings\Harry Lumsden\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

    Attempting to delete C:\Documents and settings\Harry Lumsden\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
    C:\Documents and settings\Harry Lumsden\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

    Attempting to delete C:\windows\system32\awtuvvt.dll
    C:\windows\system32\awtuvvt.dll Has been deleted!

    Attempting to delete C:\windows\system32\byxxyyy.dll
    C:\windows\system32\byxxyyy.dll Has been deleted!

    Attempting to delete C:\windows\system32\ddcdccd.dll
    C:\windows\system32\ddcdccd.dll Has been deleted!

    Attempting to delete C:\windows\system32\ddcdebc.dll
    C:\windows\system32\ddcdebc.dll Has been deleted!

    Attempting to delete C:\windows\system32\fccbyax.dll
    C:\windows\system32\fccbyax.dll Has been deleted!

    Attempting to delete C:\windows\system32\gebbaxu.dll
    C:\windows\system32\gebbaxu.dll Has been deleted!

    Attempting to delete C:\windows\system32\gtjolduj.exe
    C:\windows\system32\gtjolduj.exe Has been deleted!

    Attempting to delete C:\windows\system32\hggebxx.dll
    C:\windows\system32\hggebxx.dll Has been deleted!

    Attempting to delete C:\windows\system32\jkkljgf.dll
    C:\windows\system32\jkkljgf.dll Has been deleted!

    Attempting to delete C:\windows\system32\khfebbx.dll
    C:\windows\system32\khfebbx.dll Has been deleted!

    Attempting to delete C:\windows\system32\khfgfgd.dll
    C:\windows\system32\khfgfgd.dll Has been deleted!

    Attempting to delete C:\windows\system32\mljgdba.dll
    C:\windows\system32\mljgdba.dll Has been deleted!

    Attempting to delete C:\windows\system32\mljkkki.dll
    C:\windows\system32\mljkkki.dll Has been deleted!

    Attempting to delete C:\windows\system32\nnnljhe.dll
    C:\windows\system32\nnnljhe.dll Has been deleted!

    Attempting to delete C:\windows\system32\nnnmjii.dll
    C:\windows\system32\nnnmjii.dll Has been deleted!

    Attempting to delete C:\windows\system32\opnnmkk.dll
    C:\windows\system32\opnnmkk.dll Has been deleted!

    Attempting to delete C:\windows\system32\pmnmmjg.dll
    C:\windows\system32\pmnmmjg.dll Has been deleted!

    Attempting to delete C:\windows\system32\rqroooo.dll
    C:\windows\system32\rqroooo.dll Has been deleted!

    Attempting to delete C:\windows\system32\rqropqo.dll
    C:\windows\system32\rqropqo.dll Has been deleted!

    Attempting to delete C:\windows\system32\rqrpqqn.dll
    C:\windows\system32\rqrpqqn.dll Has been deleted!

    Attempting to delete C:\windows\system32\rqrpqrs.dll
    C:\windows\system32\rqrpqrs.dll Has been deleted!

    Attempting to delete C:\windows\system32\ssqnllm.dll
    C:\windows\system32\ssqnllm.dll Has been deleted!

    Attempting to delete C:\windows\system32\ssqooop.dll
    C:\windows\system32\ssqooop.dll Has been deleted!

    Attempting to delete C:\windows\system32\uqpsmrfl.exe
    C:\windows\system32\uqpsmrfl.exe Has been deleted!

    Attempting to delete C:\windows\system32\vtuttts.dll
    C:\windows\system32\vtuttts.dll Has been deleted!

    Attempting to delete C:\windows\system32\xxyaxwx.dll
    C:\windows\system32\xxyaxwx.dll Has been deleted!

    Attempting to delete C:\windows\system32\xxywxvs.dll
    C:\windows\system32\xxywxvs.dll Has been deleted!

    Attempting to delete C:\windows\system32\xxyxvvv.dll
    C:\windows\system32\xxyxvvv.dll Has been deleted!

    Performing Repairs to the registry.
    Done!










    ComboFix Log
    "Harry Lumsden" - 2007-07-05 21:20:36 - ComboFix 07-07-04.4 - Service Pack 2 FAT32


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\HARRYL~1\APPLIC~1.\searchtoolbarcorp
    C:\Program Files\Common Files\curity~1
    C:\Program Files\Common Files\inetget
    C:\Program Files\Common Files\inetget\freeprodtb.exe
    C:\Program Files\Common Files\winantivirus pro 2006
    C:\Program Files\Common Files\winantivirus pro 2006\WapCHK.dll
    C:\Program Files\Common Files\WinSoftware
    C:\Program Files\Common Files\WinSoftware\PCheck.dll
    C:\WINDOWS\system32\wnsapisv.exe


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_VSPF
    -------\vspf


    ((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 )))))))))))))))))))))))))))))))


    2007-07-05 21:20 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-05 21:08 <DIR> d-------- C:\VundoFix Backups
    2007-07-05 21:04 <DIR> d--hs---- C:\FOUND.007
    2007-07-04 10:57 155,648 -ra------ C:\WINDOWS\system32\igfxres.dll
    2007-07-04 10:57 <DIR> d-------- C:\Intel
    2007-07-03 00:16 <DIR> d-------- C:\Program Files\HJT
    2007-07-03 00:12 <DIR> d-------- C:\WINDOWS\HJT
    2007-07-02 23:39 <DIR> d-------- C:\symbols
    2007-07-02 23:33 <DIR> d-------- C:\Program Files\Debugging Tools for Windows
    2007-07-02 20:52 <DIR> d-------- C:\WINDOWS\system32\NtmsData
    2007-06-27 18:26 <DIR> d--hs---- C:\FOUND.006
    2007-06-23 09:33 <DIR> d--hs---- C:\FOUND.005
    2007-06-18 21:44 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
    2007-06-18 21:10 <DIR> d--hs---- C:\FOUND.004
    2007-06-10 19:49 <DIR> d--hs---- C:\FOUND.003
    2007-06-08 15:52 <DIR> d--hs---- C:\FOUND.002


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-05 11:26:30 12 ----a-w C:\WINDOWS\bthservsdp.dat
    2007-05-18 11:58:36 -------- d-----w C:\Program Files\Google
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-11 14:22:06 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 12:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 12:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 12:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 12:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 12:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 12:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 12:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 12:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-16 12:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-04-16 12:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2005-11-10 13:22 184423 --a------ C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    c:\program files\google\googletoolbar1.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    2007-05-18 21:58 324536 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFBB1ACD-0008-5448-E72D-C890384E7E46}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    2006-09-27 17:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp "= "Alaunch" []
    "SynTPLpr "= "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 19:57]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 19:57]
    "BluetoothAuthenticationAgent "= "bthprops.cpl" [2004-08-04 05:00 C:\WINDOWS\system32\bthprops.cpl]
    "LManager "= "C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-07-05 18:52]
    "Internet Optimizer "= "C:\Program Files\Internet Optimizer\optimize314.exe" []
    "WG511WLU "= "C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe" [2004-06-29 09:46]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
    "Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [2005-07-22 23:25 C:\WINDOWS\KHALMNPR.Exe]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2006-07-22 16:20]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 08:52]
    "MessengerPlus3 "= "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-01-25 22:51]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-18 21:58]
    "MessengerPlus3 "= "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-01-25 22:51]
    "msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls "= C:\WINDOWS\system32\mshta.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    Contents of the 'Scheduled Tasks' folder
    2007-07-05 04:30:14 C:\WINDOWS\tasks\Symantec NetDetect.job
    2007-07-05 11:00:02 C:\WINDOWS\tasks\AA9C1F11932F93A1.job
    2007-07-05 10:33:06 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-05 21:27:58
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-05 21:28:56 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-05 21:28

    --- E O F ---







    Current Hijack This Log (After Vundo & Combo have been run)

    Logfile of HijackThis v1.99.1
    Scan saved at 9:32:18 PM, on 7/5/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\HJT\HJT.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O2 - BHO: (no name) - {AFBB1ACD-0008-5448-E72D-C890384E7E46} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize314.exe "
    O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?06b2ef455ad5441cbeb24560710029d9
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?06b2ef455ad5441cbeb24560710029d9
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Harry Lumsden\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/CursorManiaFWBInitialSetup1.0.0.8-2.cab
    O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://download.007guard.com/msnnames/msnnames.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/download/2006/WinFixer2006FreeInstall.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner/WinFixer2005FreeInstall.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\mshta.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
     
  7. 2007/07/05
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Harry78

    Please go to add/remove list and remove any of these. (If Present)
    "MessengerPlus3 "
    WinAnti-Virus Pro
    ErrorSafe
    WinFixer

    Please download the Killbox by Option^Explicit.

    Note: In the event you already have Killbox, this is a new version that I need you to download.
    • Save it to your desktop.
    • Please double-click Killbox.exe to run it.
    • Select:
      • Delete on Reboot
      • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\system32\mshta.dll

    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe "
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...p1.0.0.8-2.cab
    O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://download.007guard.com/msnnames/msnnames.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/si...reeInstall.cab
    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/si...reeInstall.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\mshta.dll


    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.

    Reboot into safe mode.
    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete this folder (if present):

    C:\Program Files\MessengerPlus! 3


    After that, Reboot.

    Please post a New HJT Log into this Thread.

    Let me know how things are.

    Geri
     
    Geri,
    #6
  8. 2007/07/06
    Harry78

    Harry78 Inactive Thread Starter

    Joined:
    2007/07/02
    Messages:
    14
    Likes Received:
    0
    Hi Geri, I'm afraid you lost me here.

    I don't have a file called C:\WINDOWS\system32\mshta.dll and I'm not sure what you meant in that whole area about copy pasting sorry :(
     
  9. 2007/07/06
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Harry78

    Did you download KillBox?

    If so here is how you copy and paste.

    Put your cruser on the right side next to the line you want to copy and left click your mouse. Your curser should be blinking at the end of the line.
    Now put your cruser on the blinking line and left click your mouse, holding it down drag it across the line.
    It should now be highlighted in black. Right click on the highlighted line and click on copy in the menu that comes up.

    Now open Killbox, go to the File menu, and choose Paste from Clipboard.
    Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt.

    If your computer does not restart automatically, please restart it manually.

    There is one showing in you HJT log.
    O20 - AppInit_DLLs: C:\WINDOWS\system32\mshta.dll

    Please do this and follow my instructions from post # 6

    Thanks
    Geri
     
    Geri,
    #8
  10. 2007/07/06
    Harry78

    Harry78 Inactive Thread Starter

    Joined:
    2007/07/02
    Messages:
    14
    Likes Received:
    0
    Geri,

    when I copy paste / type that .dll file into run I do not have it, it says.

    "Windows cannot find 'C:\WINDOWS\system32\mshta.dll'. Make sure you typed the file name correctly etc etc. However I do have a .exe file of it? But that does not open.

    I'm going away for a week so I will have to check back then. I'm going to the snow for a ski trip.

    Thanks,
    Harry.
     
  11. 2007/07/06
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Harry

    Do not do anything with that exe file, that is a legit file..

    OK, have a good time, Post back here when you return.

    Geri
     
  12. 2007/07/14
    Harry78

    Harry78 Inactive Thread Starter

    Joined:
    2007/07/02
    Messages:
    14
    Likes Received:
    0
    Hi Geri.

    I'm back just letting you know.

    Harry
     
  13. 2007/07/14
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Harry

    Hope you had a good time.

    Please follow these instructions exactly as given.

    Now download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine ".
    6. Under "Reports "
      • Select "Automatically generate report after every scan "
      • Un-Select "Only if threats were found "
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
    1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
      IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions "
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.


    Please post the AVG log and a new HJT log for me.

    Thanks
    Geri
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.