Cannot Edit Windows Firewall Settings...Help

[ZenoZatch]

Well, when I go to edit the Windows Firewall Settings it says for your security some settings are controlled by Group Policy and all the options are grayed out so I can't click to edit the options. Well, the problem with that is the firewall is off and I have no protection. I'm running on Wingdows XP Home. So please if you have any information please, help because I have to get the firewall on. Malware and Ad-Ware has already entered my computer, and I'm currently getting rid of it now.

 

[Abarbarian]

http://www.personalfirewall.comodo.com/

http://www.avast.com/

Those above are good in my opinion or look below for further advice .

https://www.pcreview.co.uk/forums/thread-2697599.php

 

[ZenoZatch]

So you're saying I should just get a 3rd Party Firewall instead of fixing mine?

Thanks for the links, and I'll put one up for now. But, could someone help me restore my Firewall so I can turn is on.

 

[muckshifter]

Malware and Ad-Ware has already entered my computer, and I'm currently getting rid of it now.

I suspect that, until you can eradicate your infection, you will find it hard to turn on any firewall.


What measures are you taking to eradicate your infection? ie: what software are you using.

 

[ZenoZatch]

I suspect that, until you can eradicate your infection, you will find it hard to turn on any firewall.


What measures are you taking to eradicate your infection? ie: what software are you using.

I've used Killbox, Ad-Aware 2007(Free), Yahoo Toolbar(Norton Spyware Scan and Yahoo Anti-Spy). That's what I use now.

 

[muckshifter]

I've used Killbox, Ad-Aware 2007(Free), Yahoo Toolbar(Norton Spyware Scan and Yahoo Anti-Spy). That's what I use now.

Hmmm, err, not criticizing, but I would like to see a HijackThis log if you don't mind.

I would suggest something stronger ... at least try the online scanner at KAV I would go as far as suggesting you install their Trial version of KAV6

As for an excellent anti-nastie program, give SUPERAntiSpyware a go also ... I'll lay you odds-on, it will find other stuff on your system.

Good Luck!

 

[ZenoZatch]

HiJack This Log-

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:14:57 PM, on 6/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\YTBSDK.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\All Users\Documents\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: (no name) - {2DD1D35F-96FD-4F09-B29D-E7D1EA9FF00e} - C:\WINDOWS\system32\uftouuqs.dll (file missing)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\system32\msdn_lib.dll (file missing)
O2 - BHO: (no name) - {38F97444-9735-43FE-A6A9-AFA72EA46D7f} - C:\WINDOWS\system32\tnbfphkg.dll
O2 - BHO: (no name) - {3CF75190-4A54-496B-98FF-A65049A9C7BC} - C:\WINDOWS\system32\awtqq.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\fngxuedb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {956942F5-C2B9-4A0C-809C-AD03EB883D40} - C:\WINDOWS\system32\vtsqp.dll (file missing)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C8F3BFCE-EC9B-4C31-ACEB-1AACF92EAFE6} - C:\WINDOWS\system32\xonalcys.dll
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: PsapiAnalyzer Object - {CB8B69CF-31AF-40D0-A119-5A8435BC1534} - c:\windows\fonts\wabr.dll (file missing)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\jnfjhdnc.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\stdrun2.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.6.8\webbuying.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [hvbncfj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hvbncfj.dll,cgovpob (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [cjlocaj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\cjlocaj.dll,acbgykg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\NETWOR~1\LOCALS~1\Temp\stdrun2.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll
O20 - Winlogon Notify: efcyxyw - efcyxyw.dll (file missing)
O20 - Winlogon Notify: nnnnlmk - nnnnlmk.dll (file missing)
O20 - Winlogon Notify: p4reg - p432.dll (file missing)
O20 - Winlogon Notify: wabr - c:\windows\fonts\wabr.dll (file missing)
O20 - Winlogon Notify: wvusrrs - wvusrrs.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Print Spooler Service (iyfiadyeis5) - Unknown owner - C:\WINDOWS\system32\rsbmsc.exe (file missing)
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Distributed Process Services (MSDPSV) - Unknown owner - C:\WINDOWS\system32\msdpsv.exe (file missing)
O23 - Service: Windows Network Latency Controller (nlc) - Unknown owner - C:\WINDOWS\system32\mpreg.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.planet-megaman.com/visualmedia/wallpaper/mmbn/bugstyle_1024x768.jpg
O24 - Desktop Component 1: (no name) - http://www.pokemon.com/0Images/Events/0400055902.jpg
O24 - Desktop Component 2: (no name) - http://www.kimaera.net/gpics/ropesc.jpg

--
End of file - 12374 bytes

There's the log. You want me to do a KAV online scan too, right?

 

[muckshifter]

There's the log. You want me to do a KAV online scan too, right?

Yep ... it may show up stuff that HJT could miss ...


I would, after having a quick look at your log, strongly suggest you also go get superantispyware ... install, update it, and run it.

In the meantime I'll take a closer look at your log and report back my advice ... your PC is badly infected.

Give me some time here ...

 

[ZenoZatch]

Take your time. I'm using KAV Online Scanner as we speak, and I'll post that up when its done.

 

[muckshifter]

Please get HJT to fix the following ... if you ran the above programs as suggested, they may have already been fixed.

I cannot see an active antivirus program ... more reason to install KAV

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit .exe
I do not like this, but I'm reluctent to suggest fixing ... for now leave it.

O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
Must be fixed! Unnecessary (deactivated) entry that can be fixed. Trojan Downloader. We do not want it reactivated.

O2 - BHO: (no name) - {2DD1D35F-96FD-4F09-B29D-E7D1EA9FF00e} - C:\WINDOWS\system32\uftouuqs.dll (file missing)
Unnecessary (deactivated) entry that can be fixed

O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
Must be fixed!
Unnecessary (deactivated) entry that can be fixed. Adware.BetterInternet

O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\system32\msdn_lib.dll (file missing)
Unknown application.
Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: (no name) - {38F97444-9735-43FE-A6A9-AFA72EA46D7f} - C:\WINDOWS\system32\tnbfphkg.dll
I do not know what this is ... but I would get HJT to fix it

O2 - BHO: (no name) - {3CF75190-4A54-496B-98FF-A65049A9C7BC} - C:\WINDOWS\system32\awtqq.dll
Nasty

O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
Must be fixed!
Unnecessary (deactivated) entry that can be fixed. 2020Search.dll, ‚0SE~1.DLL - 2020Search

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
Must be fixed!
Unnecessary (deactivated) entry that can be fixed. Malware

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\fngxuedb.dll
Unknown ... but I would get HJT to fix it

O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
ouch!! Must be fixed!
Unnecessary (deactivated) entry that can be fixed. saiemod.dll - 180Solutions.com SurfAssistant ... this is a bugger!!

O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
Extremely Nastie

O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
Extremely Nastie

O2 - BHO: (no name) - {956942F5-C2B9-4A0C-809C-AD03EB883D40} - C:\WINDOWS\system32\vtsqp.dll (file missing)
Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
Nastie (deactivated) entry that can be fixed.

O2 - BHO: (no name) - {C8F3BFCE-EC9B-4C31-ACEB-1AACF92EAFE6} - C:\WINDOWS\system32\xonalcys.dll
Unknown ... but I would get HJT to fix it

O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
Extremely Nastie (deactivated) entry that can be fixed. Pbar.dll - 4Arcade PBar ... ugh!!

O2 - BHO: PsapiAnalyzer Object - {CB8B69CF-31AF-40D0-A119-5A8435BC1534} - c:\windows\fonts\wabr.dll (file missing)
Nasty!!

O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
Unnecessary (deactivated) entry that can be fixed.

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
Unnecessary (deactivated) entry that can be fixed. saIE.dll - SiteAdvisor

O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\jnfjhdnc.dll",realset
Dunno, but I don't want it running here, should be fixed

O4 - HKUS\S-1-5-19\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\LOCALS~1\LOCALS~1\Temp\stdrun2.exe (User 'LOCAL SERVICE')
Not sure, but I'm suspect as it should NOT be running from the Temp folder, should be fixed

O4 - HKUS\S-1-5-19\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.6.8\webbuying.exe (User 'LOCAL SERVICE')
??? lost on this one too ... I would fix it

O4 - HKUS\S-1-5-19\..\Run: [hvbncfj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hvbncfj.dll,cgovpob (User 'LOCAL SERVICE')
Nastie

O4 - HKUS\S-1-5-19\..\Run: [cjlocaj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\cjlocaj.dll,acbgykg (User 'LOCAL SERVICE')
Nastie

O4 - HKUS\S-1-5-20\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\NETWOR~1\LOCALS~1\Temp\stdrun2.exe (User 'NETWORK SERVICE')
Not sure, but I'm suspect as it should NOT be running from the Temp folder, should be fixed

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
Unnecessary (deactivated) entry that can be fixed

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
Unnecessary (deactivated) entry that can be fixed

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
Unnecessary (deactivated) entry that can be fixed

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
Extremely Nastie, fortunatly (deactivated) entry that can be fixed

O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
Extremely Nastie Should be fixed. Affiliate.Adware

O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll
Nasty

O20 - Winlogon Notify: efcyxyw - efcyxyw.dll (file missing)
Nastie (deactivated) entry that can be fixed

O20 - Winlogon Notify: nnnnlmk - nnnnlmk.dll (file missing)
Nastie (deactivated) entry that can be fixed

O20 - Winlogon Notify: p4reg - p432.dll (file missing)
Nastie (deactivated) entry that can be fixed

O20 - Winlogon Notify: wabr - c:\windows\fonts\wabr.dll (file missing)
Nastie (deactivated) entry that can be fixed

O20 - Winlogon Notify: wvusrrs - wvusrrsalldll (file missing)
Nastie (deactivated) entry that can be fixed

O23 - Service: Print Spooler Service (iyfiadyeis5) - Unknown owner - C:\WINDOWS\system32\rsbmsc.exe (file missing)
Unnecessary (deactivated) entry that can be fixed

O23 - Service: Distributed Process Services (MSDPSV) - Unknown owner - C:\WINDOWS\system32\msdpsv.exe (file missing)
Unnecessary (deactivated) entry that can be fixed

O24 - Desktop Component 0: (no name) - http://www.planet-megaman.com/visua...le_1024x768.jpg
Dunno ... your call

O24 - Desktop Component 1: (no name) - http://www.pokemon.com/0Images/Events/0400055902.jpg
dunno ... your call

O24 - Desktop Component 2: (no name) - http://www.kimaera.net/gpics/ropesc.jpg
dunno ... your call


Usual Disclaimer; I cannot be held responsible if any suggested fixes by me screw up your PC

As I said ... if you already ran the programs I suggest, please check the log and get HJT to fix anything left over


Please post another Log when done ...

 

[ZenoZatch]

KAV Scan Log

Area Scanned: Critical Objects

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, June 18, 2007 4:58:43 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 18/06/2007
Kaspersky Anti-Virus database records: 348570
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\Owner\LOCALS~1\Temp\
Scan Statistics:
Total number of scanned objects: 32521
Number of viruses found: 22
Number of infected objects: 75
Number of suspicious objects: 2
Duration of the scan process: 00:31:46
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\sysrlb32.exe Infected: Trojan.Win32.VB.azo skipped
C:\WINDOWS\system32\asnmcohl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped
C:\WINDOWS\system32\awtqq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\WINDOWS\system32\bbuacuuh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\WINDOWS\system32\bfrnrnpy.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\byxywvu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hl skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\cihelgly.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\cjlocaj.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ddccyyx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gl skipped
C:\WINDOWS\system32\demtmpoq.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\WINDOWS\system32\dvyjqcca.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\WINDOWS\system32\eqwogub.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\WINDOWS\system32\ewkirpab.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\fnrihhic.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\WINDOWS\system32\gbneighj.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\gebcdec.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.id skipped
C:\WINDOWS\system32\geebc.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.id skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hkpusvud.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\WINDOWS\system32\hvbncfj.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\WINDOWS\system32\jnfjhdnc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\WINDOWS\system32\kdskcnwn.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\kokpsbnr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\WINDOWS\system32\kqkbuhtk.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\lgdfdcrd.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\lgwvlony.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\mdqefcgf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\WINDOWS\system32\mljghgf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hl skipped
C:\WINDOWS\system32\mljiigg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hl skipped
C:\WINDOWS\system32\msorcl32.exe Infected: not-virus:Hoax.Win32.Renos.fn skipped
C:\WINDOWS\system32\mtpvqkvf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\myckiawy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\WINDOWS\system32\ngpebhk.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\WINDOWS\system32\nmogelrh.dll Infected: Trojan.Win32.BHO.bd skipped
C:\WINDOWS\system32\nnnkifc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hl skipped
C:\WINDOWS\system32\nptmieci.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\WINDOWS\system32\ntkeiikg.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\WINDOWS\system32\odbrppaj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\odekdgga.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\WINDOWS\system32\ojtdwyam.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\ovtacrpn.dll Infected: Trojan.Win32.BHO.o skipped
C:\WINDOWS\system32\pgkfdyxf.dll Infected: Trojan.Win32.BHO.bd skipped
C:\WINDOWS\system32\pksfqcd.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\WINDOWS\system32\psqnomhi.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\WINDOWS\system32\qgnmpwsi.exe Infected: Trojan-Clicker.Win32.Small.mw skipped
C:\WINDOWS\system32\qkmmwqqg.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\qomjhfe.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hl skipped
C:\WINDOWS\system32\qvooeiyd.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\ritpwyfr.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\scscumsg.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\sdeialli.dll Infected: Trojan.Win32.BHO.g skipped
C:\WINDOWS\system32\silqysbp.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\WINDOWS\system32\spaaxain.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\WINDOWS\system32\tkgcbsdq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\WINDOWS\system32\tnbfphkg.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\WINDOWS\system32\trz6.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.id skipped
C:\WINDOWS\system32\tuvsrsr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hl skipped
C:\WINDOWS\system32\urqnmmn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hr skipped
C:\WINDOWS\system32\usxrmlxr.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\WINDOWS\system32\vampqfun.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\WINDOWS\system32\viqgfcoq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\WINDOWS\system32\vswocibs.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wenhgagm.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\wkweysgr.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\wmvds32.dll Infected: Trojan-Downloader.Win32.VB.asx skipped
C:\WINDOWS\system32\wqmnnfgn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\wujkqurw.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\WINDOWS\system32\wusucnns.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\WINDOWS\system32\wvlmhvld.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\WINDOWS\system32\xbudallv.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\WINDOWS\system32\xchdowll.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\WINDOWS\system32\xonalcys.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\WINDOWS\system32\xxyxvts.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.id skipped
C:\WINDOWS\system32\ybjfeqxa.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\WINDOWS\system32\yrnqxfyg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\WINDOWS\system32\__delete_on_reboot__b_x_w_v_v_t_i_t_._d_l_l_ Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\__delete_on_reboot__f_f_u_d_e_q_c_w_._d_l_l_ Infected: Trojan.Win32.BHO.g skipped
C:\WINDOWS\system32\__delete_on_reboot__j_6_2_5_1_6_3_4_._d_l_l_ Infected: Trojan-Clicker.Win32.Small.mw skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFC1EA.tmp Object is locked skipped
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFF745.tmp Object is locked skipped
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFF750.tmp Object is locked skipped
Scan process completed.

 

[muckshifter]

Ouch!!


OH BOY ... I need a drink.


OK, well I again strongly suggest installing the Trial of Kaspersky Antivirus as I did not see an AV program running on your PC ... the Trial WILL clean up what it can.

Once you have run that, use SuperAntiSpyware ... then run both again in safe mode ... after that, post me another HJT log

 

[ZenoZatch]

I might need me a drink as well.

I'm installing KAV now, so what I'm gonna do is use HJT see what it can fix, use KAV see what it can fix, and then SAS and see what it can fix.

Then I'll repeat those steps in Safe Mode and post you some more logs.

But, for all you've done now I realy Thank You!!

I'll post some new logs in approx. a hour or two.

EDIT:

KAV Scan Log

Area Scanned: Memory

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, June 18, 2007 5:03:02 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 18/06/2007
Kaspersky Anti-Virus database records: 348570
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - Memory:
Scan Statistics:
Total number of scanned objects: 1386
Number of viruses found: 2
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 00:00:43
Infected Object Name / Virus Name / Last Action
[528] winlogon.exe => C:\WINDOWS\system32\awtqq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
[324] explorer.exe => C:\WINDOWS\system32\awtqq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
[324] explorer.exe => C:\WINDOWS\system32\hkpusvud.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
[324] explorer.exe => C:\WINDOWS\system32\jnfjhdnc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
[1128] blsloader.exe => C:\WINDOWS\system32\jnfjhdnc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
[1488] ctfmon.exe => C:\WINDOWS\system32\jnfjhdnc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
[3952] iexplore.exe => C:\WINDOWS\system32\jnfjhdnc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
[3952] iexplore.exe => C:\WINDOWS\system32\awtqq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
[3464] wordpad.exe => C:\WINDOWS\system32\jnfjhdnc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
[4072] notepad.exe => C:\WINDOWS\system32\jnfjhdnc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
Scan process completed.

 

[muckshifter]

LoL ... I may have gone to bed.


There are other programs we may need, good as the ones I have suggested are, there is non that will do all 100%

However, we should get your PC back to normal ... eventually.

 

[ZenoZatch]

Great. I have all the time in the world for my computer, so I'll be on. And please don't stress yourself, I don't want to sound demanding or take all your time up.

So lets hope to get my computer up and running again...eventually.

 

[muckshifter]

Looking at your edit to your last post we are going to need some more help.


http://www.atribune.org/ccount/click.php?id=4

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Do NOT download these just yet ... just posting so I don't forget.

 

[ZenoZatch]

I did a KAV Full Scan of my whole computer and after a whopping 12 hours I got the results. Now, I saved the log to a Word.doc and it's over 10,000 pages so do you want me to attach it to another post or post it? Or would you like me to give you a little at a time?

I also did a SuperAntiSpyware Scan, here's the log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/19/2007 at 09:53 AM
Application Version : 3.8.1002
Core Rules Database Version : 3256
Trace Rules Database Version: 1267
Scan type : Quick Scan
Total Scan Time : 00:26:29
Memory items scanned : 348
Memory threats detected : 2
Registry items scanned : 925
Registry threats detected : 24
File items scanned : 24684
File threats detected : 135
Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\AWTQQ.DLL
C:\WINDOWS\SYSTEM32\AWTQQ.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0176BB78-E1D0-4C87-A596-63DDE7D38ECE}
HKCR\CLSID\{0176BB78-E1D0-4C87-A596-63DDE7D38ECE}
HKCR\CLSID\{0176BB78-E1D0-4C87-A596-63DDE7D38ECE}\InprocServer32
HKCR\CLSID\{4B646AFB-9341-4330-8FD1-C32485AEE619}
HKCR\CLSID\{4B646AFB-9341-4330-8FD1-C32485AEE619}\InprocServer32
HKCR\CLSID\{4B646AFB-9341-4330-8FD1-C32485AEE619}\InprocServer32#ThreadingModel
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}\InprocServer32
HKCR\CLSID\{55DB983C-BDBF-426F-86F0-187B02DDA39B}\InprocServer32#ThreadingModel
HKCR\CLSID\{92A444D2-F945-4DD9-89A1-896A6C2D8D22}
HKCR\CLSID\{92A444D2-F945-4DD9-89A1-896A6C2D8D22}\InprocServer32
HKCR\CLSID\{92A444D2-F945-4DD9-89A1-896A6C2D8D22}\InprocServer32#ThreadingModel
HKCR\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C}
HKCR\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C}\InprocServer32
HKCR\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C}\InprocServer32#ThreadingModel
HKCR\CLSID\{E12BFF69-38A7-406E-A8EF-2738107A7831}
HKCR\CLSID\{E12BFF69-38A7-406E-A8EF-2738107A7831}\InprocServer32
HKCR\CLSID\{E12BFF69-38A7-406E-A8EF-2738107A7831}\InprocServer32#ThreadingModel
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}\InprocServer32
HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}\InprocServer32#ThreadingModel
Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\FNGXUEDB.DLL
C:\WINDOWS\SYSTEM32\FNGXUEDB.DLL
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@usbanners[1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@winantivirus[1].txt
C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner\Cookies\owner@dealtime[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner\Cookies\owner@findwhat[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@indiads[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@clicksor[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@screensavers[2].txt
C:\Documents and Settings\Owner\Cookies\owner@valueclick[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediafire[1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@indexstats[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@ukbanners[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@precisionclick[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@winantispyware[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@upspiral[2].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@emarketmakers[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediatraffic[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@exitexchange[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Denise\Cookies\denise@2o7[1].txt
C:\Documents and Settings\Denise\Cookies\[email protected][1].txt
C:\Documents and Settings\Denise\Cookies\[email protected][1].txt
C:\Documents and Settings\Denise\Cookies\denise@advertising[2].txt
C:\Documents and Settings\Denise\Cookies\denise@atdmt[2].txt
C:\Documents and Settings\Denise\Cookies\denise@cpvfeed[2].txt
C:\Documents and Settings\Denise\Cookies\denise@doubleclick[1].txt
C:\Documents and Settings\Denise\Cookies\denise@fastclick[2].txt
C:\Documents and Settings\Denise\Cookies\denise@findwhat[1].txt
C:\Documents and Settings\Denise\Cookies\denise@hitbox[1].txt
C:\Documents and Settings\Denise\Cookies\[email protected][1].txt
C:\Documents and Settings\Denise\Cookies\denise@mediaplex[1].txt
C:\Documents and Settings\Denise\Cookies\denise@mediatraffic[1].txt
C:\Documents and Settings\Denise\Cookies\[email protected][2].txt
C:\Documents and Settings\Denise\Cookies\denise@upspiral[1].txt
C:\Documents and Settings\Denise\Cookies\[email protected][1].txt
C:\Documents and Settings\Denise\Cookies\denise@zedo[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@casalemedia[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@gostats[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@serving-sys[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tripod[1].txt
Adware.IST/ISTBar (Slotch Bar)
HKU\S-1-5-21-3232620093-2253265791-2766374723-1003\Software\Microsoft\Internet Explorer\Main#BandRest
Adware.Web Buying
C:\Program Files\Web Buying\v1.6.8
C:\Program Files\Web Buying
HKU\S-1-5-19\Software\WebBuying
HKU\S-1-5-20\Software\WebBuying
Trojan.FakeDrop-BJam
C:\WINDOWS\BJAM.DLL
Trojan.FakeDrop-CDSM32
C:\WINDOWS\CDSM32.DLL
Torjan.SecondThoughtInstaller
C:\WINDOWS\INSTALLER\ID53.EXE
Trojan.Spam-RUCrzy
C:\WINDOWS\MEDIA\VCUI32.DLL
Trojan.FakeDrop-SWin32
C:\WINDOWS\SWIN32.DLL

 

[muckshifter]

No, the only "Logs" I need to see is that from HijackThis ...

I don't need any other logs, but I see SAS did some work for you.
KAV log files are fine if you need help from Kaspersky Labs themselves.

How is the PC doing now? Did SAS & KAV cleanup some of the nasties?

 

[ZenoZatch]

Yes, some of the nasties are gone. I think HiJackThis really got em'. I'm currently in Safe Mode, but I ran another scan and here's what the HJT log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:08:13 PM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\All Users\Documents\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: (no name) - {0176BB78-E1D0-4C87-A596-63DDE7D38ECE} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-3232620093-2253265791-2766374723-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3232620093-2253265791-2766374723-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-3232620093-2253265791-2766374723-1003\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Print Spooler Service (iyfiadyeis5) - Unknown owner - C:\WINDOWS\system32\rsbmsc.exe (file missing)
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Distributed Process Services (MSDPSV) - Unknown owner - C:\WINDOWS\system32\msdpsv.exe (file missing)
O23 - Service: Windows Network Latency Controller (nlc) - Unknown owner - C:\WINDOWS\system32\mpreg.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.planet-megaman.com/visualmedia/wallpaper/mmbn/bugstyle_1024x768.jpg
O24 - Desktop Component 1: (no name) - http://www.pokemon.com/0Images/Events/0400055902.jpg
O24 - Desktop Component 2: (no name) - http://www.kimaera.net/gpics/ropesc.jpg

--
End of file - 9772 bytes

 

[muckshifter]

Yep, better, but there are still some hanging on, get HJT to fix the following ...


O2 - BHO: (no name) - {0176BB78-E1D0-4C87-A596-63DDE7D38ECE} - (no file)
Unnecessary (deactivated) entry that can be fixed

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Unnecessary (deactivated) entry that can be fixed

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
Unnecessary (deactivated) entry that can be fixed. saIE.dll - SiteAdvisor

O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
Extremely Nastie ... Should be fixed. Affiliate.Adware

O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll (file missing)
Unnecessary (deactivated) entry that can be fixed

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
I still don't like this ...

O23 - Service: Print Spooler Service (iyfiadyeis5) - Unknown owner - C:\WINDOWS\system32\rsbmsc.exe (file missing)
Should be fixed

O23 - Service: Distributed Process Services (MSDPSV) - Unknown owner - C:\WINDOWS\system32\msdpsv.exe (file missing)
Should be fixed

O24 - Desktop Component 0: (no name) - http://www.planet-megaman.com/visua...le_1024x768.jpg
O24 - Desktop Component 1: (no name) - http://www.pokemon.com/0Images/Events/0400055902.jpg
O24 - Desktop Component 2: (no name) - http://www.kimaera.net/gpics/ropesc.jpg
These last three really are annoying me ... do you know what they are, if not, fix 'em


That is looking better.

I would like you to download & run this next program also ...

http://www.atribune.org/ccount/click.php?id=4

Run this in program Safe Mode ...

Double-click on VundoFix.exe to run it.
Click the Scan for Vundo button.
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files ... click YES
Once you click Yes, your desktop will go blank as it starts removing Vundo.

When the removal has completed, you will see a prompt that your machine needs to be shutdown ... click OK.


Restart the machine in normal (Windows) mode.


DO NOT USE YOUR MOUSE UNTIL IT HAS FINISHED


Please Note: The VundoFix may encounter a file it could not remove; If so, VundoFix will run again after you've rebooted. Should this happen, simply follow the above instructions again, starting from the step; "Click the Scan for Vundo button" as above.

Then post me another HJT log ...