Hijack this advice :)

Y

Yue

Member
Heya guys, comp acting strangly, IE poping up randomly saying i got 4 gagillion viruses tht need fixing and to go to this website.

I done a HiJack this log, can someone look at it and see they recognise anything evil?

Thnx in advance!


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:45:27, on 14/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunes.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Peter McGeehan\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.superiorpics.com/ubbthreads/dosearch.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A8A60295-73BA-46C5-981E-BF191A78CB02} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - C:\WINDOWS\system32\wvuttsr.dll
O2 - BHO: (no name) - {EF72B639-45B8-4A88-BB29-FB8AAC2115C8} - C:\WINDOWS\system32\mljge.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ysyeejnr.dll",setvm
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169655919953
O17 - HKLM\System\CCS\Services\Tcpip\..\{26290BC6-E5D0-43CF-8F09-400D5A1A7EA1}: NameServer = 192.168.1.1
O20 - Winlogon Notify: jkhfe - C:\WINDOWS\system32\jkhfe.dll (file missing)
O20 - Winlogon Notify: mljge - C:\WINDOWS\system32\mljge.dll
O20 - Winlogon Notify: wvuttsr - C:\WINDOWS\SYSTEM32\wvuttsr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 9724 bytes
 
No need to post every day just to bump it up. Do you know what these are?
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
 
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
'post every day' lol i posted once, besides the thread had sunk to the bottom of the page. reasonable time and excuse for a bump.

Sorry Buzz, the link does not work. I get 404 not found, however downloaded it from elswhere and this is what i got:

"Peter McGeehan" - 07-03-17 20:16:13 Service Pack 2
ComboFix 07-03-15.2 - Running from: "C:\Documents and Settings\Peter McGeehan"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\VSAdd-in


((((((((((((((((((((((((((((((( Files Created from 2007-02-17 to 2007-03-17 ))))))))))))))))))))))))))))))))))


2007-03-16 18:54 <DIR> d-------- C:\Program Files\Lavasoft
2007-03-16 18:54 <DIR> d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\Lavasoft
2007-03-16 17:43 88,340 --a------ C:\WINDOWS\system32\fvdgjybn.exe
2007-03-16 17:16 758,976 --ahs---- C:\WINDOWS\system32\egjlm.ini2
2007-03-15 17:43 88,340 --a------ C:\WINDOWS\system32\jhuqswiq.exe
2007-03-14 23:38 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2007-03-14 23:16 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-03-14 23:13 <DIR> d-------- C:\DOCUME~1\PETERM~1\.housecall6.6
2007-03-13 18:32 <DIR> d-------- C:\Program Files\MSBuild
2007-03-13 18:29 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-03-13 18:28 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-03-13 18:28 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-03-13 18:20 <DIR> d-------- C:\Program Files\Windows Defender
2007-03-13 17:42 753,490 --ahs---- C:\WINDOWS\system32\egjlm.bak2
2007-03-12 18:57 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-03-12 17:42 754,748 --ahs---- C:\WINDOWS\system32\egjlm.bak1
2007-03-10 00:46 <DIR> d-------- C:\ProgramData
2007-03-08 19:52 <DIR> d-------- C:\Program Files\iTunes
2007-03-08 19:52 <DIR> d-------- C:\Program Files\iPod
2007-03-08 19:49 <DIR> d-------- C:\Program Files\QuickTime
2007-03-08 17:46 770,497 --ahs---- C:\WINDOWS\system32\efhkj.bak1
2007-03-08 17:46 123,412 --a------ C:\WINDOWS\system32\ysyeejnr.dll
2007-03-08 17:43 <DIR> d-------- C:\Program Files\Microsoft Games
2007-03-08 17:40 26,685 --ahs---- C:\WINDOWS\system32\ssqrpmm.dll
2007-03-07 17:23 <DIR> dr-h----- C:\DOCUME~1\PETERM~1\APPLIC~1\SecuROM
2007-03-07 16:59 <DIR> d-------- C:\temp
2007-03-07 10:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Media Center Programs
2007-03-07 10:21 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-03-07 10:21 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-03-07 10:21 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-03-07 10:21 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-03-07 10:21 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-03-07 10:21 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-03-07 10:20 <DIR> d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\InstallShield
2007-03-03 22:12 <DIR> d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\Command & Conquer 3 Tiberium Wars Demo
2007-03-03 22:11 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-03-03 22:09 <DIR> d-------- C:\Program Files\Electronic Arts
2007-03-02 22:07 <DIR> d-------- C:\Program Files\Curious Labs
2007-03-02 21:59 <DIR> d-------- C:\Program Files\Lavalys
2007-02-21 22:11 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-02-21 21:29 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-02-21 18:47 <DIR> d-------- C:\Program Files\Tomb Raider - Legend


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-16 18:54 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-03-14 08:23 -------- d-------- C:\Program Files\daemontools_whenusave_installer
2007-03-14 08:23 -------- d-------- C:\Program Files\daemon tools
2007-03-13 13:58 -------- d-------- C:\Program Files\emule
2007-03-10 00:46 -------- d--h----- C:\Program Files\installshield installation information
2007-03-07 10:21 -------- d-------- C:\Program Files\thq
2007-02-21 22:00 -------- d-------- C:\Program Files\ea games
2007-02-16 00:28 -------- d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\real
2007-02-16 00:24 -------- d-------- C:\Program Files\real
2007-02-16 00:24 -------- d-------- C:\Program Files\Common Files\xing shared
2007-02-16 00:24 -------- d-------- C:\Program Files\Common Files\real
2007-02-12 21:14 -------- d-------- C:\Program Files\limewire
2007-02-12 20:01 -------- d-------- C:\Program Files\taskbar activate
2007-02-09 03:07 -------- d-------- C:\Program Files\google
2007-02-08 19:51 -------- d-------- C:\Program Files\sky
2007-02-08 19:51 -------- d-------- C:\Program Files\kservice
2007-02-08 19:51 -------- d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\kontiki
2007-02-05 15:19 -------- d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\vlc
2007-02-05 15:18 -------- d-------- C:\Program Files\videolan
2007-02-03 22:39 -------- d-------- C:\Program Files\yahoo!
2007-02-02 20:17 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-02-02 20:04 307200 --a------ C:\WINDOWS\system32\atidemgx.dll
2007-02-02 20:03 264704 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-02-02 20:03 1975296 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-02-02 19:57 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-02-02 19:56 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-02-02 19:56 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe
2007-02-02 19:56 110592 --a------ C:\WINDOWS\system32\oemdspif.dll
2007-02-02 19:56 110592 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-02-02 19:55 446464 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-02-02 19:54 53248 --a------ C:\WINDOWS\system32\atiddc.dll
2007-02-02 19:46 2827968 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-02-02 19:40 1272960 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-02-02 19:27 241664 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-02-02 19:25 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-02-02 19:20 348160 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-02-02 19:19 5312512 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-02-02 18:34 520192 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-02-02 13:32 -------- d-------- C:\Program Files\msn messenger
2007-02-01 19:13 -------- d-------- C:\Program Files\apple software update
2007-01-31 21:20 -------- d-------- C:\Program Files\msxml 4.0
2007-01-31 21:15 -------- d-------- C:\Program Files\multimedia keyboard driver
2007-01-30 19:16 -------- d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\transrender
2007-01-30 19:16 -------- d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\temporary
2007-01-30 19:16 -------- d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\samsung
2007-01-30 19:16 -------- d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\converttemp
2007-01-30 19:12 -------- d-------- C:\Program Files\erightsoft
2007-01-30 19:06 -------- d-------- C:\Program Files\avisynth 2.5
2007-01-30 19:05 5632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-01-30 19:03 -------- d-------- C:\Program Files\samsung
2007-01-30 16:21 128813 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-01-30 01:13 1298 --a------ C:\WINDOWS\mozver.dat
2007-01-30 01:12 -------- d-------- C:\Program Files\java
2007-01-30 01:12 -------- d-------- C:\Program Files\Common Files\java
2007-01-30 01:12 -------- d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\sun
2007-01-29 20:09 -------- d-------- C:\Program Files\nokiafree unlock codes calculator
2007-01-28 18:19 -------- d-------- C:\Program Files\Common Files\adobe systems shared
2007-01-27 20:39 -------- d-------- C:\Program Files\microsoft activesync
2007-01-27 20:39 -------- d-------- C:\Program Files\Common Files\l&h
2007-01-27 20:38 -------- d-------- C:\Program Files\microsoft.net
2007-01-27 20:38 -------- d-------- C:\Program Files\microsoft works
2007-01-27 14:18 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-01-25 01:10 12244687 --------- C:\AVG7QT.DAT
2007-01-24 20:13 -------- d-------- C:\Program Files\bitlord
2007-01-24 20:08 -------- d-------- C:\Program Files\iespell
2007-01-24 19:28 -------- d-------- C:\Program Files\tgtsoft
2007-01-24 19:05 -------- d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\winrar
2007-01-24 18:59 -------- d-------- C:\Program Files\nvidia corporation
2007-01-24 18:59 -------- d-------- C:\Program Files\Common Files\nvidia shared
2007-01-24 18:44 -------- d-------- C:\Program Files\driver cleaner pro
2007-01-24 18:10 -------- d-------- C:\Program Files\windows media connect 2
2007-01-24 18:10 -------- d-------- C:\Program Files\valve
2007-01-24 17:59 -------- d-------- C:\Program Files\messenger
2007-01-24 17:18 -------- d-------- C:\Program Files\movie maker
2007-01-24 17:17 -------- d-------- C:\Program Files\windows nt
2007-01-24 17:08 -------- d-------- C:\Program Files\k-lite codec pack
2007-01-24 17:05 -------- d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\media player classic
2007-01-24 17:04 -------- d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\google
2007-01-24 17:02 -------- d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\apple computer
2007-01-24 16:43 -------- d-------- C:\Program Files\sec
2007-01-24 16:38 -------- d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\ati
2007-01-24 16:36 -------- d-------- C:\Program Files\ati technologies
2007-01-24 16:32 -------- d-------- C:\Program Files\Common Files\installshield
2007-01-24 16:31 -------- d-------- C:\Program Files\sygate
2007-01-24 16:31 -------- d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\getrighttogo
2007-01-24 16:27 -------- d-------- C:\Program Files\incredimail
2007-01-24 16:25 0 --a------ C:\WINDOWS\nsreg.dat
2007-01-24 16:25 -------- d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\talkback
2007-01-24 16:24 -------- d-------- C:\Program Files\jam software
2007-01-24 16:22 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-01-24 16:22 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-01-24 16:12 0 -rahs---- C:\MSDOS.SYS
2007-01-24 16:12 0 -rahs---- C:\IO.SYS
2007-01-24 16:12 0 --a------ C:\CONFIG.SYS
2007-01-24 16:12 0 --a------ C:\AUTOEXEC.BAT
2007-01-24 16:12 -------- d-------- C:\Program Files\microsoft frontpage
2007-01-24 16:10 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-01-24 16:10 -------- d--h----- C:\Program Files\windowsupdate
2007-01-24 16:10 -------- d-------- C:\Program Files\online services
2007-01-24 16:10 -------- d-------- C:\Program Files\msn gaming zone
2007-01-24 16:10 -------- d-------- C:\Program Files\Common Files\mssoap
2007-01-24 16:05 62 --ahs---- C:\DOCUME~1\PETERM~1\APPLIC~1\desktop.ini
2007-01-24 16:05 -------- d-------- C:\Program Files\Common Files\speechengines
2007-01-24 16:05 -------- d-------- C:\Program Files\Common Files\odbc
2007-01-20 21:26 1565480 --a------ C:\WINDOWS\system32\wmv9vcm.dll
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-09 18:46 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-12-17 02:30 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2006-12-17 02:23 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-12-17 02:16 303104 --a------ C:\WINDOWS\system32\atidemgr.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"WireLessKeyboard"="C:\\Program Files\\Multimedia Keyboard Driver\\StartAutorun.exe PS2USBKbdDrv.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"2chkdsk"="rundll32.exe \"C:\\WINDOWS\\system32\\ysyeejnr.dll\",setvm"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"a-squared"="\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Color Calibration.lnk"
"backup"="C:\\WINDOWS\\pss\\Color Calibration.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SEC\\MAGICT~1.5_C\\GAMMAT~1.EXE "
"item"="Color Calibration"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune 3.5.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MagicTune 3.5.lnk"
"backup"="C:\\WINDOWS\\pss\\MagicTune 3.5.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SEC\\MAGICT~1.5_C\\MAGICT~2.EXE "
"item"="MagicTune 3.5"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NaturalColorLoad.lnk"
"backup"="C:\\WINDOWS\\pss\\NaturalColorLoad.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SEC\\NATURA~1\\NATURA~1.EXE "
"item"="NaturalColorLoad"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter McGeehan^Start Menu^Programs^Startup^Taskbar Activate.lnk]
"path"="C:\\Documents and Settings\\Peter McGeehan\\Start Menu\\Programs\\Startup\\Taskbar Activate.lnk"
"backup"="C:\\WINDOWS\\pss\\Taskbar Activate.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\TASKBA~1\\TASKBA~1.EXE "
"item"="Taskbar Activate"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Core"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Electronic Arts\\EA Link\\Core.exe\" -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IncMail"
"hkey"="HKCU"
"command"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHost"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\kdx\\KHost.exe -all"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YAHOOM~1"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"setaffinity"=dword:00000002
"StyleXPService"=dword:00000002


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{B07CB267-5E6F-441F-9B3C-324EFE70F897}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljge
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuttsr

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f319a12d-c1f7-11db-a9b7-000fea85446e}]
Shell\AutoRun\command I:\autorun.exe
Shell\directx\command I:\DirectX9\dxsetup.exe
Shell\setup\command I:\setup.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-17 20:18:56
 
Last edited:
Download VundoFix.exe
to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.
 
VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.10

Scan started at 11:40:10 22/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\fvdgjybn.exe
C:\WINDOWS\system32\jhuqswiq.exe
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\mljge.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fvdgjybn.exe
C:\WINDOWS\system32\fvdgjybn.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jhuqswiq.exe
C:\WINDOWS\system32\jhuqswiq.exe Has been deleted!

Performing Repairs to the registry.
Done!


hijack this:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:52:51, on 22/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\PETERM~1\LOCALS~1\Temp\Rar$EX00.297\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.superiorpics.com/ubbthreads/dosearch.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A8A60295-73BA-46C5-981E-BF191A78CB02} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - C:\WINDOWS\system32\wvuttsr.dll (file missing)
O2 - BHO: (no name) - {EF72B639-45B8-4A88-BB29-FB8AAC2115C8} - C:\WINDOWS\system32\mljge.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ysyeejnr.dll",setvm
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169655919953
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{26290BC6-E5D0-43CF-8F09-400D5A1A7EA1}: NameServer = 192.168.1.1
O20 - Winlogon Notify: jkhfe - C:\WINDOWS\system32\jkhfe.dll (file missing)
O20 - Winlogon Notify: mljge - C:\WINDOWS\system32\mljge.dll (file missing)
O20 - Winlogon Notify: wvuttsr - wvuttsr.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11861 bytes


There u go :)
 
I'm getting the impression that everyone here just tells everyone to download, do, log and post a bunc of scans but no one has a clue what to do or tell anyone what to do after that. :/
 
You must log in or register to reply here.
Back
Top