1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Broadcaster Virus

Discussion in 'Malware and Virus Removal Archive' started by macsearcher, 2007/04/10.

  1. 2007/04/10
    macsearcher

    macsearcher Inactive Thread Starter

    Joined:
    2007/04/10
    Messages:
    7
    Likes Received:
    0
    same problem

    yah, same problem
    Here is my autoruns log file followed by my hijackthis log file.
    A note... I can't start up in safe mode. The computer gets to the welcome screen and automatically reboots in normal mode.

    AUTORUN
    LOG FILE

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    + !AVG Anti-Spyware AVG Anti-Spyware Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe
    + HDSPTray1 Hammerfall DSP Settings RME c:\windows\system32\hdsp32.exe
    + HDSPTray2 Hammerfall DSP Mixer RME c:\windows\system32\hdspmix.exe
    + iTunesHelper iTunesHelper Module Apple Inc. c:\program files\itunes\ituneshelper.exe
    + MediafourGettingStartedWithMacDrive6 Mediafour MacDrive Mediafour Corporation c:\program files\mediafour\macdrive\macdrive.exe
    + NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
    + nwiz NVIDIA nView Wizard, Version 110.07 NVIDIA Corporation c:\windows\system32\nwiz.exe
    + outlook File not found: C:\Program Files\outlook\outlook.exe
    + QuickTime Task QuickTime Task Apple Computer, Inc. c:\program files\quicktime\qttask.exe
    + SoundService c:\windows\system32\sfhimcwn.dll
    + THGuard TrojanHunter Guard Mischel Internet Security c:\program files\trojanhunter 4.6\thguard.exe
    + TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe
    + {0228e555-4f9c-4e35-a3ec-b109a192b4c2} Gmail Notifier Google Inc. c:\program files\google\gmail notifier\gnotify.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    + Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    + Logitech SetPoint.lnk Logitech SetPoint Event Manager (UNICODE) Logitech Inc. c:\program files\logitech\setpoint\setpoint.exe
    C:\Documents and Settings\les cooper\Start Menu\Programs\Startup
    + Anapod Manager.lnk Red Chair Manager Red Chair Software, Inc. c:\program files\red chair software\anapod explorer\anamgr.exe
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
    + 0 File not found: About:Home
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    + AVG Anti-Spyware 7.5 AVG Anti-Spyware shellexecutehook Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
    + byxvstt.dll File not found: C:\WINDOWS\system32\byxvstt.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    + 7-Zip Shell Extension c:\program files\7-zip\7-zip.dll
    + Anapod Explorer Red Chair Explorer Red Chair Software, Inc. c:\program files\red chair software\anapod explorer\anapodpw.dll
    + Anapod Shuffler Red Chair Explorer Red Chair Software, Inc. c:\program files\red chair software\anapod explorer\anapodps.dll
    + CMenuExtender File not found: blank
    + Desktop Explorer NVIDIA Desktop Explorer, Version 110.07 NVIDIA Corporation c:\windows\system32\nvshell.dll
    + Desktop Explorer Menu NVIDIA Desktop Explorer, Version 110.07 NVIDIA Corporation c:\windows\system32\nvshell.dll
    + Display Panning CPL Extension File not found: deskpan.dll
    + HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll
    + iTunes iTunes Mini Player DLL Apple Inc. c:\program files\itunes\itunesminiplayer.dll
    + Logitech Setpoint Extension Logitech SetPoint Event Manager Logitech Inc. c:\program files\logitech\setpoint\kbcplext.dll
    + Logitech Setpoint Extension Logitech SetPoint Event Manager Logitech Inc. c:\program files\logitech\setpoint\mcplext.dll
    + Mediafour Mac File Archives Mediafour Mac file archiving Mediafour Corporation c:\program files\common files\mediafour\macfarch.dll
    + Mediafour Mac file columns MACFPROP Mediafour Corporation c:\program files\common files\mediafour\macfprop.dll
    + Mediafour Mac file properties MACFPROP Mediafour Corporation c:\program files\common files\mediafour\macfprop.dll
    + Mediafour Mac File Resource Viewer Mediafour Mac Resource Viewer Mediafour Corporation c:\program files\common files\mediafour\macfresv.dll
    + Mediafour Mac File Types library Mediafour Mac File Types library Mediafour Corporation c:\program files\common files\mediafour\macftyps.dll
    + Mediafour Mac Volume Icons Mac Volume Icons library Mediafour Corporation c:\program files\common files\mediafour\macvicon.dll
    + Mediafour MacDrive Copy Mac Disk Mediafour MacDrive Copy Mac Disk Mediafour Corporation c:\program files\mediafour\macdrive\mdcpydsk.dll
    + Mediafour MacDrive File Names library Mediafour File Names library Mediafour Corporation c:\program files\mediafour\macdrive\mdfnames.dll
    + Mediafour MacDrive Format Mac Disk MacDrive Disk Formatting Mediafour Corporation c:\program files\mediafour\macdrive\mdformat.dll
    + Mediafour MacDrive Volume Selection Mediafour MacDrive Volume Selection library Mediafour Corporation c:\program files\mediafour\macdrive\mdvolsel.dll
    + NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
    + nView Desktop Context Menu NVIDIA Desktop Explorer, Version 110.07 NVIDIA Corporation c:\windows\system32\nvshell.dll
    + Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
    + Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll
    + SmartFTP Shell Extension DLL SmartFTP Client CopyHook SmartFTP c:\program files\smartftp client 2.0\smarthook.dll
    + TrojanHunter Menu Shell Extension c:\program files\trojanhunter 4.6\contmenu.dll
    HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
    + Mediafour Mac file columns MACFPROP Mediafour Corporation c:\program files\common files\mediafour\macfprop.dll
    + PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    + &Google Web Accelerator Helper c:\program files\google\web accelerator\googlewebacctoolbar.dll
    + Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
    + Yahoo! Toolbar Helper Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll
    + {28CEA1DA-2199-4AEE-BA75-9032C8450B66} File not found: C:\WINDOWS\system32\byxvstt.dll
    + {57E218E6-5A80-4f0c-AB25-83598F25D7E9} c:\windows\system32\wwsejtgt.dll
    + {9007DCEF-139B-4403-AFDB-DBBF1CCE2935} c:\windows\system32\jkhff.dll
    + {AEEC912B-D860-4132-B849-7157A8A70708} c:\windows\system32\qlsqemna.dll
    HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
    + InprocServer32 File not found: CLSID\{F5EA4EF2-D549-A89C-4B86-F75A663D12C4}\InprocServer32
    + yt.dll Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll
    HKLM\Software\Microsoft\Internet Explorer\Toolbar
    + googlewebacctoolbar.dll c:\program files\google\web accelerator\googlewebacctoolbar.dll
    + yt.dll Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll
    Task Scheduler
    + AppleSoftwareUpdate.job Software Application Apple Computer, Inc. c:\program files\apple software update\softwareupdate.exe
    HKLM\System\CurrentControlSet\Services
    + AVG Anti-Spyware Guard AVG Anti-Spyware guard Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
    + NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe
    + RichVideo RichVideo Module c:\program files\cyberlink\shared files\richvideo.exe
    + TabletService WacomService Wacom Technology, Corp. c:\windows\system32\tablet.exe
    HKLM\System\CurrentControlSet\Services
    + atapi c:\windows\system32\drivers\atapi.sys
    + AVG Anti-Spyware Driver c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
    + AvgAsCln AVG7 Clean Driver GRISOFT, s.r.o. c:\windows\system32\drivers\avgascln.sys
    + CLEDX Team H2O CLEDX DevWhore Team H2O c:\windows\system32\drivers\cledx.sys
    + d346bus PnP BIOS Extension c:\windows\system32\drivers\d346bus.sys
    + d346prt SCSI miniport c:\windows\system32\drivers\d346prt.sys
    + dalwdmservice Digidesign Abstraction Layer Driver Digidesign, A Division of Avid Technology, Inc. c:\windows\system32\drivers\dalwdm.sys
    + Dot4 HPH09 IEEE-1284.4-1999 Driver (Windows 2000) HP c:\windows\system32\drivers\hphid409.sys
    + Dot4Print HPH09 IEEE-1284.4-1999 Print Class Driver HP c:\windows\system32\drivers\hphipr09.sys
    + Dot4Storage HPH09 Printer Card Mass Storage Driver Hewlett-Packard c:\windows\system32\drivers\hphs2k09.sys
    + Dot4Usb HPH09 1284.4<->Usb Datalink Driver (Windows 2000) HP c:\windows\system32\drivers\hphius09.sys
    + extradrv c:\windows\system32\drivers\extradrv.sys
    + GEARAspiWDM CD/DVD Class Filter Driver GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
    + HDAudBus High Definition Audio Bus Driver v1.0a Windows (R) Server 2003 DDK provider c:\windows\system32\drivers\hdaudbus.sys
    + hdsp Hammerfall DSP RME c:\windows\system32\drivers\hdsp.sys
    + HFXP2 Hide Folders XP driver (for Win32) FSPro Labs c:\windows\system32\drivers\hfxp2.sys
    + IntcAzAudAddService Realtek(r) High Definition Audio Function Driver Realtek Semiconductor Corp. c:\windows\system32\drivers\rtkhdaud.sys
    + iteatapi ITE IT8211 ATA/ATAPI SCSI miniport Integrated Technology Express, Inc. c:\windows\system32\drivers\iteatapi.sys
    + L8042Kbd Logitech PS2 Keyboard Filter Driver. Logitech Inc. c:\windows\system32\drivers\l8042kbd.sys
    + L8042mou Logitech PS/2 Mouse Filter Driver. Logitech Inc. c:\windows\system32\drivers\l8042mou.sys
    + LBeepKE Logitech Beep Suppression Driver Logitech Inc. c:\windows\system32\drivers\lbeepke.sys
    + LHidKe Logitech HID Filter Driver. Logitech Inc. c:\windows\system32\drivers\lhidke.sys
    + LMouKE Logitech Filter Driver for Mouse Class. Logitech Inc. c:\windows\system32\drivers\lmouke.sys
    + MTsensor ATK0110 ACPI Utility c:\windows\system32\drivers\asacpi.sys
    + nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 81.87 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys
    + nvport Port Driver NVIDIA Corporation. c:\windows\system32\drivers\nvport.sys
    + PenClass Pen Class Driver Wacom Technology Corporation c:\windows\system32\drivers\penclass.sys
    + pfc Padus(R) ASPI Shell Padus, Inc. c:\windows\system32\drivers\pfc.sys
    + Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
    + PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
    + Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys
    + StyleXPHelper StyleXP Windows (R) 2000 DDK provider c:\program files\tgtsoft\stylexp\stylexphelper.exe
    + yukonwxp NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller Marvell c:\windows\system32\drivers\yk51x86.sys
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    + byxvstt File not found: byxvstt.dll
    + jkhff c:\windows\system32\jkhff.dll
    + MacDrive-iTunes compatibility iTunes compatibility patch for using Mac-format iPods Mediafour Corporation c:\program files\common files\mediafour\macdriveitunespatch.dll
    + winhyo32 File not found: winhyo32.dll
    HKCU\Control Panel\Desktop\Scrnsave.exe
    + C:\WINDOWS\system32\ELECTR~1.SCR c:\windows\system32\electricsheep.scr

    HIJACKTHIS
    LOG FILE

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    + !AVG Anti-Spyware AVG Anti-Spyware Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe
    + HDSPTray1 Hammerfall DSP Settings RME c:\windows\system32\hdsp32.exe
    + HDSPTray2 Hammerfall DSP Mixer RME c:\windows\system32\hdspmix.exe
    + iTunesHelper iTunesHelper Module Apple Inc. c:\program files\itunes\ituneshelper.exe
    + MediafourGettingStartedWithMacDrive6 Mediafour MacDrive Mediafour Corporation c:\program files\mediafour\macdrive\macdrive.exe
    + NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
    + nwiz NVIDIA nView Wizard, Version 110.07 NVIDIA Corporation c:\windows\system32\nwiz.exe
    + outlook File not found: C:\Program Files\outlook\outlook.exe
    + QuickTime Task QuickTime Task Apple Computer, Inc. c:\program files\quicktime\qttask.exe
    + SoundService c:\windows\system32\sfhimcwn.dll
    + THGuard TrojanHunter Guard Mischel Internet Security c:\program files\trojanhunter 4.6\thguard.exe
    + TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe
    + {0228e555-4f9c-4e35-a3ec-b109a192b4c2} Gmail Notifier Google Inc. c:\program files\google\gmail notifier\gnotify.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    + Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    + Logitech SetPoint.lnk Logitech SetPoint Event Manager (UNICODE) Logitech Inc. c:\program files\logitech\setpoint\setpoint.exe
    C:\Documents and Settings\les cooper\Start Menu\Programs\Startup
    + Anapod Manager.lnk Red Chair Manager Red Chair Software, Inc. c:\program files\red chair software\anapod explorer\anamgr.exe
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
    + 0 File not found: About:Home
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    + AVG Anti-Spyware 7.5 AVG Anti-Spyware shellexecutehook Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
    + byxvstt.dll File not found: C:\WINDOWS\system32\byxvstt.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    + 7-Zip Shell Extension c:\program files\7-zip\7-zip.dll
    + Anapod Explorer Red Chair Explorer Red Chair Software, Inc. c:\program files\red chair software\anapod explorer\anapodpw.dll
    + Anapod Shuffler Red Chair Explorer Red Chair Software, Inc. c:\program files\red chair software\anapod explorer\anapodps.dll
    + CMenuExtender File not found: blank
    + Desktop Explorer NVIDIA Desktop Explorer, Version 110.07 NVIDIA Corporation c:\windows\system32\nvshell.dll
    + Desktop Explorer Menu NVIDIA Desktop Explorer, Version 110.07 NVIDIA Corporation c:\windows\system32\nvshell.dll
    + Display Panning CPL Extension File not found: deskpan.dll
    + HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll
    + iTunes iTunes Mini Player DLL Apple Inc. c:\program files\itunes\itunesminiplayer.dll
    + Logitech Setpoint Extension Logitech SetPoint Event Manager Logitech Inc. c:\program files\logitech\setpoint\kbcplext.dll
    + Logitech Setpoint Extension Logitech SetPoint Event Manager Logitech Inc. c:\program files\logitech\setpoint\mcplext.dll
    + Mediafour Mac File Archives Mediafour Mac file archiving Mediafour Corporation c:\program files\common files\mediafour\macfarch.dll
    + Mediafour Mac file columns MACFPROP Mediafour Corporation c:\program files\common files\mediafour\macfprop.dll
    + Mediafour Mac file properties MACFPROP Mediafour Corporation c:\program files\common files\mediafour\macfprop.dll
    + Mediafour Mac File Resource Viewer Mediafour Mac Resource Viewer Mediafour Corporation c:\program files\common files\mediafour\macfresv.dll
    + Mediafour Mac File Types library Mediafour Mac File Types library Mediafour Corporation c:\program files\common files\mediafour\macftyps.dll
    + Mediafour Mac Volume Icons Mac Volume Icons library Mediafour Corporation c:\program files\common files\mediafour\macvicon.dll
    + Mediafour MacDrive Copy Mac Disk Mediafour MacDrive Copy Mac Disk Mediafour Corporation c:\program files\mediafour\macdrive\mdcpydsk.dll
    + Mediafour MacDrive File Names library Mediafour File Names library Mediafour Corporation c:\program files\mediafour\macdrive\mdfnames.dll
    + Mediafour MacDrive Format Mac Disk MacDrive Disk Formatting Mediafour Corporation c:\program files\mediafour\macdrive\mdformat.dll
    + Mediafour MacDrive Volume Selection Mediafour MacDrive Volume Selection library Mediafour Corporation c:\program files\mediafour\macdrive\mdvolsel.dll
    + NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
    + nView Desktop Context Menu NVIDIA Desktop Explorer, Version 110.07 NVIDIA Corporation c:\windows\system32\nvshell.dll
    + Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
    + Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll
    + SmartFTP Shell Extension DLL SmartFTP Client CopyHook SmartFTP c:\program files\smartftp client 2.0\smarthook.dll
    + TrojanHunter Menu Shell Extension c:\program files\trojanhunter 4.6\contmenu.dll
    HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
    + Mediafour Mac file columns MACFPROP Mediafour Corporation c:\program files\common files\mediafour\macfprop.dll
    + PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    + &Google Web Accelerator Helper c:\program files\google\web accelerator\googlewebacctoolbar.dll
    + Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
    + Yahoo! Toolbar Helper Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll
    + {28CEA1DA-2199-4AEE-BA75-9032C8450B66} File not found: C:\WINDOWS\system32\byxvstt.dll
    + {57E218E6-5A80-4f0c-AB25-83598F25D7E9} c:\windows\system32\wwsejtgt.dll
    + {9007DCEF-139B-4403-AFDB-DBBF1CCE2935} c:\windows\system32\jkhff.dll
    + {AEEC912B-D860-4132-B849-7157A8A70708} c:\windows\system32\qlsqemna.dll
    HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
    + InprocServer32 File not found: CLSID\{F5EA4EF2-D549-A89C-4B86-F75A663D12C4}\InprocServer32
    + yt.dll Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll
    HKLM\Software\Microsoft\Internet Explorer\Toolbar
    + googlewebacctoolbar.dll c:\program files\google\web accelerator\googlewebacctoolbar.dll
    + yt.dll Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll
    Task Scheduler
    + AppleSoftwareUpdate.job Software Application Apple Computer, Inc. c:\program files\apple software update\softwareupdate.exe
    HKLM\System\CurrentControlSet\Services
    + AVG Anti-Spyware Guard AVG Anti-Spyware guard Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
    + NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe
    + RichVideo RichVideo Module c:\program files\cyberlink\shared files\richvideo.exe
    + TabletService WacomService Wacom Technology, Corp. c:\windows\system32\tablet.exe
    HKLM\System\CurrentControlSet\Services
    + atapi c:\windows\system32\drivers\atapi.sys
    + AVG Anti-Spyware Driver c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
    + AvgAsCln AVG7 Clean Driver GRISOFT, s.r.o. c:\windows\system32\drivers\avgascln.sys
    + CLEDX Team H2O CLEDX DevWhore Team H2O c:\windows\system32\drivers\cledx.sys
    + d346bus PnP BIOS Extension c:\windows\system32\drivers\d346bus.sys
    + d346prt SCSI miniport c:\windows\system32\drivers\d346prt.sys
    + dalwdmservice Digidesign Abstraction Layer Driver Digidesign, A Division of Avid Technology, Inc. c:\windows\system32\drivers\dalwdm.sys
    + Dot4 HPH09 IEEE-1284.4-1999 Driver (Windows 2000) HP c:\windows\system32\drivers\hphid409.sys
    + Dot4Print HPH09 IEEE-1284.4-1999 Print Class Driver HP c:\windows\system32\drivers\hphipr09.sys
    + Dot4Storage HPH09 Printer Card Mass Storage Driver Hewlett-Packard c:\windows\system32\drivers\hphs2k09.sys
    + Dot4Usb HPH09 1284.4<->Usb Datalink Driver (Windows 2000) HP c:\windows\system32\drivers\hphius09.sys
    + extradrv c:\windows\system32\drivers\extradrv.sys
    + GEARAspiWDM CD/DVD Class Filter Driver GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
    + HDAudBus High Definition Audio Bus Driver v1.0a Windows (R) Server 2003 DDK provider c:\windows\system32\drivers\hdaudbus.sys
    + hdsp Hammerfall DSP RME c:\windows\system32\drivers\hdsp.sys
    + HFXP2 Hide Folders XP driver (for Win32) FSPro Labs c:\windows\system32\drivers\hfxp2.sys
    + IntcAzAudAddService Realtek(r) High Definition Audio Function Driver Realtek Semiconductor Corp. c:\windows\system32\drivers\rtkhdaud.sys
    + iteatapi ITE IT8211 ATA/ATAPI SCSI miniport Integrated Technology Express, Inc. c:\windows\system32\drivers\iteatapi.sys
    + L8042Kbd Logitech PS2 Keyboard Filter Driver. Logitech Inc. c:\windows\system32\drivers\l8042kbd.sys
    + L8042mou Logitech PS/2 Mouse Filter Driver. Logitech Inc. c:\windows\system32\drivers\l8042mou.sys
    + LBeepKE Logitech Beep Suppression Driver Logitech Inc. c:\windows\system32\drivers\lbeepke.sys
    + LHidKe Logitech HID Filter Driver. Logitech Inc. c:\windows\system32\drivers\lhidke.sys
    + LMouKE Logitech Filter Driver for Mouse Class. Logitech Inc. c:\windows\system32\drivers\lmouke.sys
    + MTsensor ATK0110 ACPI Utility c:\windows\system32\drivers\asacpi.sys
    + nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 81.87 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys
    + nvport Port Driver NVIDIA Corporation. c:\windows\system32\drivers\nvport.sys
    + PenClass Pen Class Driver Wacom Technology Corporation c:\windows\system32\drivers\penclass.sys
    + pfc Padus(R) ASPI Shell Padus, Inc. c:\windows\system32\drivers\pfc.sys
    + Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
    + PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
    + Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys
    + StyleXPHelper StyleXP Windows (R) 2000 DDK provider c:\program files\tgtsoft\stylexp\stylexphelper.exe
    + yukonwxp NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller Marvell c:\windows\system32\drivers\yk51x86.sys
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    + byxvstt File not found: byxvstt.dll
    + jkhff c:\windows\system32\jkhff.dll
    + MacDrive-iTunes compatibility iTunes compatibility patch for using Mac-format iPods Mediafour Corporation c:\program files\common files\mediafour\macdriveitunespatch.dll
    + winhyo32 File not found: winhyo32.dll
    HKCU\Control Panel\Desktop\Scrnsave.exe
    + C:\WINDOWS\system32\ELECTR~1.SCR c:\windows\system32\electricsheep.scr
     
    macsearcher,
    #1
  2. 2007/04/10
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Ok, looks like a Vundo infection also present, so,we'll attack that and see what remains.

    Please download VundoFix.exe to your desktop.
    • Double-click *VundoFix.exe* to run it.
    • Click the *Scan for Vundo* button.
    • Once it's done scanning, click the *Remove Vundo* button.
    • You will receive a prompt asking if you want to remove the files, click *YES*
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click *OK*.
    • Please post the contents of C:\*vundofix.txt* and a new HiJackThis log.

    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the *Scan for Vundo* button." when
    VundoFix appears at reboot.

    Give me the Vundo log and another AutoRuns log file as well, thanks
     
    TeMerc,
    #2


  3. to hide this advert.

  4. 2007/04/11
    macsearcher

    macsearcher Inactive Thread Starter

    Joined:
    2007/04/10
    Messages:
    7
    Likes Received:
    0
    I have run Vundoo and even after reboot it will not remove the following files

    C:\ProgramFiles\CommonFiles\Mediafour\MacDriveTunesPatch.dll
    C:\WINDOWS\system32\jkhff.dll
    C:\WINDOWS\system32\sfhimcwn.dll
    C:\WINDOWS\system32\jkhff.dll

    I'm still in pop-up hell.
    Thanks for your help
    Here is another autoruns log

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    + !AVG Anti-Spyware AVG Anti-Spyware Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe
    + HDSPTray1 Hammerfall DSP Settings RME c:\windows\system32\hdsp32.exe
    + HDSPTray2 Hammerfall DSP Mixer RME c:\windows\system32\hdspmix.exe
    + iTunesHelper iTunesHelper Module Apple Inc. c:\program files\itunes\ituneshelper.exe
    + MediafourGettingStartedWithMacDrive6 Mediafour MacDrive Mediafour Corporation c:\program files\mediafour\macdrive\macdrive.exe
    + NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
    + nwiz NVIDIA nView Wizard, Version 110.07 NVIDIA Corporation c:\windows\system32\nwiz.exe
    + outlook File not found: C:\Program Files\outlook\outlook.exe
    + QuickTime Task QuickTime Task Apple Computer, Inc. c:\program files\quicktime\qttask.exe
    + SoundService File not found: C:\WINDOWS\system32\sfhimcwn.dll
    + THGuard TrojanHunter Guard Mischel Internet Security c:\program files\trojanhunter 4.6\thguard.exe
    + TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe
    + {0228e555-4f9c-4e35-a3ec-b109a192b4c2} Gmail Notifier Google Inc. c:\program files\google\gmail notifier\gnotify.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    + Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    + Logitech SetPoint.lnk Logitech SetPoint Event Manager (UNICODE) Logitech Inc. c:\program files\logitech\setpoint\setpoint.exe
    C:\Documents and Settings\les cooper\Start Menu\Programs\Startup
    + Anapod Manager.lnk Red Chair Manager Red Chair Software, Inc. c:\program files\red chair software\anapod explorer\anamgr.exe
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
    + 0 File not found: About:Home
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    + AVG Anti-Spyware 7.5 AVG Anti-Spyware shellexecutehook Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    + 7-Zip Shell Extension c:\program files\7-zip\7-zip.dll
    + Anapod Explorer Red Chair Explorer Red Chair Software, Inc. c:\program files\red chair software\anapod explorer\anapodpw.dll
    + Anapod Shuffler Red Chair Explorer Red Chair Software, Inc. c:\program files\red chair software\anapod explorer\anapodps.dll
    + CMenuExtender File not found: blank
    + Desktop Explorer NVIDIA Desktop Explorer, Version 110.07 NVIDIA Corporation c:\windows\system32\nvshell.dll
    + Desktop Explorer Menu NVIDIA Desktop Explorer, Version 110.07 NVIDIA Corporation c:\windows\system32\nvshell.dll
    + Display Panning CPL Extension File not found: deskpan.dll
    + HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll
    + iTunes iTunes Mini Player DLL Apple Inc. c:\program files\itunes\itunesminiplayer.dll
    + Logitech Setpoint Extension Logitech SetPoint Event Manager Logitech Inc. c:\program files\logitech\setpoint\kbcplext.dll
    + Logitech Setpoint Extension Logitech SetPoint Event Manager Logitech Inc. c:\program files\logitech\setpoint\mcplext.dll
    + Mediafour Mac File Archives Mediafour Mac file archiving Mediafour Corporation c:\program files\common files\mediafour\macfarch.dll
    + Mediafour Mac file columns MACFPROP Mediafour Corporation c:\program files\common files\mediafour\macfprop.dll
    + Mediafour Mac file properties MACFPROP Mediafour Corporation c:\program files\common files\mediafour\macfprop.dll
    + Mediafour Mac File Resource Viewer Mediafour Mac Resource Viewer Mediafour Corporation c:\program files\common files\mediafour\macfresv.dll
    + Mediafour Mac File Types library Mediafour Mac File Types library Mediafour Corporation c:\program files\common files\mediafour\macftyps.dll
    + Mediafour Mac Volume Icons Mac Volume Icons library Mediafour Corporation c:\program files\common files\mediafour\macvicon.dll
    + Mediafour MacDrive Copy Mac Disk Mediafour MacDrive Copy Mac Disk Mediafour Corporation c:\program files\mediafour\macdrive\mdcpydsk.dll
    + Mediafour MacDrive File Names library Mediafour File Names library Mediafour Corporation c:\program files\mediafour\macdrive\mdfnames.dll
    + Mediafour MacDrive Format Mac Disk MacDrive Disk Formatting Mediafour Corporation c:\program files\mediafour\macdrive\mdformat.dll
    + Mediafour MacDrive Volume Selection Mediafour MacDrive Volume Selection library Mediafour Corporation c:\program files\mediafour\macdrive\mdvolsel.dll
    + NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
    + nView Desktop Context Menu NVIDIA Desktop Explorer, Version 110.07 NVIDIA Corporation c:\windows\system32\nvshell.dll
    + Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
    + Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll
    + SmartFTP Shell Extension DLL SmartFTP Client CopyHook SmartFTP c:\program files\smartftp client 2.0\smarthook.dll
    + TrojanHunter Menu Shell Extension c:\program files\trojanhunter 4.6\contmenu.dll
    HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
    + Mediafour Mac file columns MACFPROP Mediafour Corporation c:\program files\common files\mediafour\macfprop.dll
    + PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    + &Google Web Accelerator Helper c:\program files\google\web accelerator\googlewebacctoolbar.dll
    + Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
    + Yahoo! Toolbar Helper Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll
    + {AEEC912B-D860-4132-B849-7157A8A70708} c:\windows\system32\qlsqemna.dll
    + {EB2A676C-CB54-4E6B-90E8-0855F369266D} c:\windows\system32\jkhff.dll
    HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
    + InprocServer32 File not found: CLSID\{F5EA4EF2-D549-A89C-4B86-F75A663D12C4}\InprocServer32
    + yt.dll Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll
    HKLM\Software\Microsoft\Internet Explorer\Toolbar
    + googlewebacctoolbar.dll c:\program files\google\web accelerator\googlewebacctoolbar.dll
    + yt.dll Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll
    Task Scheduler
    + AppleSoftwareUpdate.job Software Application Apple Computer, Inc. c:\program files\apple software update\softwareupdate.exe
    HKLM\System\CurrentControlSet\Services
    + AVG Anti-Spyware Guard AVG Anti-Spyware guard Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
    + NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe
    + RichVideo RichVideo Module c:\program files\cyberlink\shared files\richvideo.exe
    + TabletService WacomService Wacom Technology, Corp. c:\windows\system32\tablet.exe
    HKLM\System\CurrentControlSet\Services
    + atapi c:\windows\system32\drivers\atapi.sys
    + AVG Anti-Spyware Driver c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
    + AvgAsCln AVG7 Clean Driver GRISOFT, s.r.o. c:\windows\system32\drivers\avgascln.sys
    + CLEDX Team H2O CLEDX DevWhore Team H2O c:\windows\system32\drivers\cledx.sys
    + d346bus PnP BIOS Extension c:\windows\system32\drivers\d346bus.sys
    + d346prt SCSI miniport c:\windows\system32\drivers\d346prt.sys
    + dalwdmservice Digidesign Abstraction Layer Driver Digidesign, A Division of Avid Technology, Inc. c:\windows\system32\drivers\dalwdm.sys
    + Dot4 HPH09 IEEE-1284.4-1999 Driver (Windows 2000) HP c:\windows\system32\drivers\hphid409.sys
    + Dot4Print HPH09 IEEE-1284.4-1999 Print Class Driver HP c:\windows\system32\drivers\hphipr09.sys
    + Dot4Storage HPH09 Printer Card Mass Storage Driver Hewlett-Packard c:\windows\system32\drivers\hphs2k09.sys
    + Dot4Usb HPH09 1284.4<->Usb Datalink Driver (Windows 2000) HP c:\windows\system32\drivers\hphius09.sys
    + extradrv c:\windows\system32\drivers\extradrv.sys
    + GEARAspiWDM CD/DVD Class Filter Driver GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
    + HDAudBus High Definition Audio Bus Driver v1.0a Windows (R) Server 2003 DDK provider c:\windows\system32\drivers\hdaudbus.sys
    + hdsp Hammerfall DSP RME c:\windows\system32\drivers\hdsp.sys
    + HFXP2 Hide Folders XP driver (for Win32) FSPro Labs c:\windows\system32\drivers\hfxp2.sys
    + IntcAzAudAddService Realtek(r) High Definition Audio Function Driver Realtek Semiconductor Corp. c:\windows\system32\drivers\rtkhdaud.sys
    + iteatapi ITE IT8211 ATA/ATAPI SCSI miniport Integrated Technology Express, Inc. c:\windows\system32\drivers\iteatapi.sys
    + L8042Kbd Logitech PS2 Keyboard Filter Driver. Logitech Inc. c:\windows\system32\drivers\l8042kbd.sys
    + L8042mou Logitech PS/2 Mouse Filter Driver. Logitech Inc. c:\windows\system32\drivers\l8042mou.sys
    + LBeepKE Logitech Beep Suppression Driver Logitech Inc. c:\windows\system32\drivers\lbeepke.sys
    + LHidKe Logitech HID Filter Driver. Logitech Inc. c:\windows\system32\drivers\lhidke.sys
    + LMouKE Logitech Filter Driver for Mouse Class. Logitech Inc. c:\windows\system32\drivers\lmouke.sys
    + MTsensor ATK0110 ACPI Utility c:\windows\system32\drivers\asacpi.sys
    + nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 81.87 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys
    + nvport Port Driver NVIDIA Corporation. c:\windows\system32\drivers\nvport.sys
    + PenClass Pen Class Driver Wacom Technology Corporation c:\windows\system32\drivers\penclass.sys
    + pfc Padus(R) ASPI Shell Padus, Inc. c:\windows\system32\drivers\pfc.sys
    + Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
    + PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
    + Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys
    + StyleXPHelper StyleXP Windows (R) 2000 DDK provider c:\program files\tgtsoft\stylexp\stylexphelper.exe
    + yukonwxp NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller Marvell c:\windows\system32\drivers\yk51x86.sys
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    + byxvstt File not found: byxvstt.dll
    + jkhff c:\windows\system32\jkhff.dll
    + MacDrive-iTunes compatibility iTunes compatibility patch for using Mac-format iPods Mediafour Corporation c:\program files\common files\mediafour\macdriveitunespatch.dll
    + winhyo32 File not found: winhyo32.dll
    HKCU\Control Panel\Desktop\Scrnsave.exe
    + C:\WINDOWS\system32\ELECTR~1.SCR c:\windows\system32\electricsheep.scr
     
    macsearcher,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...