Tech Support banner

Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter #1
I read the 5 rules. The Panda program would not work no matter how hard I tried, but everything else went okay.

I don't have internet access at home, but while at a friend's something went screwy on my computer one night out of nowhere and it said my firewall was disabled, and then a whole bunch of crazy stuff started happening. I downloaded around 15 various anti-virus programs. Everything from AVG to Spybot to Spyguard to spy blaster and even norton antivirus. I've been having a huge problem with Vundo, I thought I got rid of it, but aparantly it's back. :( I have fixvundo and vundofix, along with virtumondobegone.

Here's my DSS log.


Deckard's System Scanner v20071014.68
Run by new owner on 2007-11-03 02:26:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2007-11-03 06:26:26 UTC - RP723 - Deckard's System Scanner Restore Point
5: 2007-11-03 06:06:21 UTC - RP722 - Removed Google Toolbar for Internet Explorer
4: 2007-11-03 05:42:53 UTC - RP721 - Removed Norton AntiVirus Corporate Edition
3: 2007-11-03 05:22:18 UTC - RP720 - Configured Thrillville(TM): '07
2: 2007-11-02 03:41:47 UTC - RP719 - System Checkpoint


-- First Restore Point --
1: 2007-10-31 06:50:17 UTC - RP718 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 9.34 GiB (less than 15%) free.


-- HijackThis (run as new owner.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:31 AM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Steam\steam.exe
C:\Documents and Settings\new owner\Desktop\dss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\new owner.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BD2F2A6D-DD55-49E5-B9BD-8F4A84089D74} - C:\WINDOWS\system32\mlljh.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\bblxayol.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zboard] "C:\Program Files\Ideazon\ZEngine\Zboard.exe"
O4 - HKLM\..\Run: [SpywareBlaster] "C:\\Program Files\\SpywareBlaster\\spywareblaster.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [2c35442b] rundll32.exe "C:\WINDOWS\system32\oilladeo.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [avp6_post_install] msiexec.exe /i"C:\KAV\KAV70\English\kav.en.msi"
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpyGUard] C:\\Program Files\\SpywareGuard\\sgmain.exe
O4 - HKCU\..\Run: [AVG] C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) - http://72.29.80.113/OCX/gwnet.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O20 - Winlogon Notify: cbxwuts - cbxwuts.dll (file missing)
O20 - Winlogon Notify: rqrrsqr - rqrrsqr.dll (file missing)
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll
O20 - Winlogon Notify: winmxw32 - winmxw32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Windows Audio AudioSrvSENS (AudioSrvSENS) - Unknown owner - C:\WINDOWS\system32\accessp.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\lncbrhqu.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5785 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 GhPciScan (GhostPciScanner) - c:\program files\symantec\norton ghost 2003\ghpciscan.sys <Not Verified; Symantec Corporation; Symantec Ghost PCI Scanner>
R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 xpdx (xpdx system driver) - c:\windows\system32\xpdx.sys
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 Vcs (Vcs support) - c:\windows\system32\drivers\vcs.sys
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R4 NAVAPEL - c:\program files\navnt\navapel.sys (file missing)
R4 SymEvent - c:\program files\symantec\symevent.sys (file missing)

S3 ALCXSENS (Service for WDM 3D Audio Driver) - c:\windows\system32\drivers\alcxsens.sys <Not Verified; Sensaura Ltd; >
S3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 AudioSrvSENS (Windows Audio AudioSrvSENS) - c:\windows\system32\accessp.exe srv (file missing)
S2 DomainService - c:\windows\system32\lncbrhqu.exe /service (file missing)
S4 Avg7Alrt (AVG7 Alert Manager Server) - c:\progra~1\grisoft\avgfre~1\avgamsvr.exe (file missing)
S4 Avg7UpdSvc (AVG7 Update Service) - c:\progra~1\grisoft\avgfre~1\avgupsvc.exe (file missing)
S4 GhostStartService - c:\program files\symantec\norton ghost 2003\ghoststartservice.exe <Not Verified; Symantec Corporation; Norton Ghost Start Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: CMI8738/C3DX PCI Audio Device
Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_011113F6&REV_10\3&13C0B0C5&0&48
Manufacturer: C-Media
Name: CMI8738/C3DX PCI Audio Device
PNP Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_011113F6&REV_10\3&13C0B0C5&0&48
Service: cmpci

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: PnP BIOS Extension
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: PnP BIOS Extension
PNP Device ID: ROOT\SYSTEM\0003
Service: d347bus


-- Scheduled Tasks -------------------------------------------------------------

2007-11-03 01:30:02 268 --a------ C:\WINDOWS\Tasks\SpywareGuard.job
2007-11-02 08:20:00 268 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job
2007-10-24 20:11:00 308 --a------ C:\WINDOWS\Tasks\Ad-Aware 2007.job


-- Files created between 2007-10-03 and 2007-11-03 -----------------------------

2007-11-03 02:29:57 0 d-------- C:\Program Files\Trend Micro
2007-11-03 02:17:08 0 d-------- C:\ie-spyad_zo
2007-11-03 01:45:15 0 d-------- C:\Documents and Settings\new owner\Application Data\acccore
2007-11-03 01:40:37 0 d-------- C:\KAV
2007-11-02 23:31:11 86080 --a------ C:\WINDOWS\system32\oilladeo.dll
2007-11-02 23:28:09 82496 --a------ C:\WINDOWS\system32\nvukvtip.dll
2007-11-02 23:19:40 340032 --a------ C:\WINDOWS\system32\bgjqervm.dll
2007-11-02 23:19:36 378724 ---hs---- C:\WINDOWS\system32\hjllm.bak2
2007-10-30 03:18:52 0 dr-h----- C:\Documents and Settings\new owner\Application Data\SecuROM
2007-10-30 01:00:48 9728 --a------ C:\WINDOWS\system32\~.exe
2007-10-30 00:34:50 6505 ---hs---- C:\WINDOWS\system32\hjllm.bak1
2007-10-30 00:33:54 305248 --a------ C:\WINDOWS\system32\mlljh.dll
2007-10-30 00:29:11 54262 --a------ C:\WINDOWS\system32\xpdx.sys
2007-10-30 00:29:07 65024 --a------ C:\pora.exe
2007-10-30 00:28:54 23552 --a------ C:\WINDOWS\system32\winbfi32.dll
2007-10-30 00:10:31 0 d-------- C:\Documents and Settings\new owner\Application Data\Nero
2007-10-30 00:05:28 0 d-------- C:\Program Files\Nero
2007-10-30 00:05:28 0 d-------- C:\Program Files\Common Files\Nero
2007-10-30 00:05:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-29 00:32:20 0 d-------- C:\Program Files\OpenRPG
2007-10-29 00:25:27 0 d-------- C:\Python25
2007-10-25 16:16:10 9216 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-10-23 23:45:09 0 d-------- C:\NVIDIA
2007-10-22 01:28:46 164 --a------ C:\install.dat
2007-10-22 00:33:37 419205 ---hs---- C:\WINDOWS\system32\fgjlm.bak2
2007-10-14 21:25:38 0 d-------- C:\Program Files\The Rosetta Stone
2007-10-14 03:09:29 0 d-------- C:\Program Files\Yahoo!
2007-10-14 02:12:30 0 d-------- C:\Documents and Settings\new owner\Application Data\MySpace
2007-10-13 22:28:35 121876 --a------ C:\WINDOWS\system32\picarnpo.dll
2007-10-06 18:59:22 0 d-------- C:\Program Files\BHODemon 2
2007-10-06 18:40:50 0 d-------- C:\VundoFix Backups
2007-10-06 18:24:40 0 d-------- C:\WINDOWS\system32\CBA
2007-10-06 18:24:26 0 d-------- C:\Program Files\NavNT
2007-10-06 14:03:50 0 d-------- C:\Program Files\TripleA
2007-10-06 10:01:19 120852 --a------ C:\WINDOWS\system32\xbebjhuy.dll
2007-10-06 09:32:52 0 d-------- C:\Program Files\Steam
2007-10-05 20:56:50 120852 --a------ C:\WINDOWS\system32\amgsuksv.dll
2007-10-04 20:44:15 0 d-------- C:\Program Files\KRU


-- Find3M Report ---------------------------------------------------------------

2007-11-03 02:06:29 0 d-------- C:\Program Files\Google
2007-11-03 01:45:47 0 d-------- C:\Program Files\Symantec
2007-11-03 01:45:03 0 d-------- C:\Program Files\Trillian
2007-11-03 01:44:47 0 d-------- C:\Program Files\AIM6
2007-11-03 01:44:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-03 01:44:02 0 d-------- C:\Program Files\Viewpoint
2007-10-30 08:06:35 0 d-------- C:\Documents and Settings\new owner\Application Data\Azureus
2007-10-30 03:17:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-30 01:16:52 0 d-------- C:\Program Files\RegCleaner
2007-10-30 01:16:27 0 d-------- C:\Program Files\QuickTime
2007-10-30 01:08:26 0 d-------- C:\Program Files\Crimsonland
2007-10-30 01:01:30 0 d-------- C:\Program Files\Azureus
2007-10-30 00:56:06 0 d-------- C:\Program Files\PowerISO
2007-10-30 00:05:28 0 d-------- C:\Program Files\Common Files
2007-10-29 14:49:48 0 d-------- C:\Program Files\SpywareGuard
2007-10-22 12:00:44 109 --ahs---- C:\WINDOWS\system32\741688452.dat
2007-10-14 04:13:46 0 d-------- C:\Documents and Settings\new owner\Application Data\Yahoo!
2007-10-06 15:19:50 0 d-------- C:\Program Files\SpywareBlaster
2007-10-05 21:09:04 5095 --a----c- C:\WINDOWS\mozver.dat
2007-09-23 14:56:20 0 d-------- C:\Program Files\FLVPlayer
2007-09-22 22:56:33 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-22 22:52:19 0 d-------- C:\Program Files\Common Files\xing shared
2007-09-22 22:50:59 0 d-------- C:\Program Files\Common Files\Real
2007-09-17 01:07:00 1634304 --a------ C:\WINDOWS\system32\nwiz.exe
2007-09-17 01:07:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-09-17 01:07:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 01:07:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-09-17 01:07:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-09-17 01:07:00 1347584 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-09-17 01:07:00 450560 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-09-17 01:07:00 434176 --a------ C:\WINDOWS\system32\keystone.exe
2007-09-12 14:21:00 0 d-------- C:\Program Files\Common Files\AOL
2007-09-07 23:39:29 0 d-------- C:\Program Files\Windows Media Connect 2
2007-08-23 11:58:32 610304 --a------ C:\WINDOWS\Black & White 2 - Official Screensaver.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2007-08-23 11:58:23 12288 --a------ C:\WINDOWS\impborl.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD2F2A6D-DD55-49E5-B9BD-8F4A84089D74}]
10/30/2007 12:34 AM 305248 --a------ C:\WINDOWS\system32\mlljh.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [ ]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" []
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" []
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [12/20/2005 03:34 PM]
"SpywareBlaster"="C:\\Program Files\\SpywareBlaster\\spywareblaster.exe" [01/01/2006 03:07 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 01:07 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 01:07 AM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [04/09/2007 08:23 AM]
"2c35442b"="C:\WINDOWS\system32\oilladeo.dll" [11/02/2007 11:31 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [08/15/2005 05:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows update loader"="C:\Windows\xpupdate.exe" []
"SpyGUard"="C:\\Program Files\\SpywareGuard\\sgmain.exe" [08/29/2003 07:05 PM]
"AVG"="C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe" [10/07/2006 08:20 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [10/04/2007 11:20 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"avp6_post_install"=msiexec.exe /i"C:\KAV\KAV70\English\kav.en.msi"

C:\Documents and Settings\new owner\Start Menu\Programs\Startup\
BHODemon 2.0.lnk - C:\Program Files\BHODemon 2\BHODemon.exe [6/19/2005 12:59:30 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwuts]
cbxwuts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrsqr]
rqrrsqr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbfi32]
winbfi32.dll 10/30/2007 12:28 AM 23552 C:\WINDOWS\system32\winbfi32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmxw32]
winmxw32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlljh.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"Avg7Alrt"=2 (0x2)
"NVSvc"=2 (0x2)
"GhostStartService"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efa85a8a-a65a-11da-b4d3-806d6172696f}]
AutoRun\command- F:\LaunchBFII.exe

*Newly Created Service* - VIEWPOINT_MANAGER_SERVICE



-- End of Deckard's System Scanner: finished at 2007-11-03 02:32:51 ------------



Bah, Hijackthis won't run all the way. It starts to scan, and about 90% through it just stops responding.

Did I do this right? Anybody Tech or not let me know if there's something i've missed. I know a Hijackthis log would be great, I have an old one from a few hours ago here:



Logfile of HijackThis v1.99.1
Scan saved at 1:33:54 AM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Documents and Settings\new owner\Desktop\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\bblxayol.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zboard] "C:\Program Files\Ideazon\ZEngine\Zboard.exe"
O4 - HKLM\..\Run: [SpywareBlaster] "C:\\Program Files\\SpywareBlaster\\spywareblaster.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [2c35442b] rundll32.exe "C:\WINDOWS\system32\oilladeo.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpyGUard] C:\\Program Files\\SpywareGuard\\sgmain.exe
O4 - HKCU\..\Run: [AVG] C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) - http://72.29.80.113/OCX/gwnet.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Windows Audio AudioSrvSENS (AudioSrvSENS) - Unknown owner - C:\WINDOWS\system32\accessp.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\lncbrhqu.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 

·
TSF-Emeritus
Joined
·
15,384 Posts
Hello and welcome to TSF. :smile:

If you're not already receiving help elsewhere please follow the instructions below:

1. Download this file

* IMPORTANT !!! Place combofix.exe on your Desktop



2. Go to
> Run > paste in the following single line command in bold and click OK
"%userprofile%\desktop\combofix.exe" /killall
3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top