Vundo trojan and friends - Free Antivirus Forum

Vundo trojan and friends

BullGuard Antivirus Forum > General Security > Spyware > Vundo trojan and friends

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

jsheehan223
New Member

Date Joined Jun 2007
Total Posts : 3

Posted 7-22-2007 3:36 (GMT +1)

I've got a PC with some popup problems. I know it has the vundo trojan and probably a few others. I'd like some assistance with getting rid of these nasty little buggers once and for all! I'm fairly computer saavy, but experiencing some difficutly with this particular machine.

Here is what i've done so far.

Downloaded and installed AVG Anti-spyware (currently scanning), Spybot Search and Destroy, Lavasoft Ad Aware 2007, CC Cleaner. I'm also following the original post for putting information in your forum.

AVG log... I couldn't find this. I'll try looking some more, but i'm not sure where it generated to.

Rootkit log (nothing found)

********************************* ROOTCHK-(21-07-07)-LOG, by ejvindh
Sun 07/22/2007 9:27:01.23

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-22 09:27:02
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0

Hijack This log....

Logfile of HijackThis v1.99.1
Scan saved at 9:28:26 AM, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\download\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {70894511-F008-4995-86C7-0CA813BD7108} - C:\WINDOWS\system32\mllji.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\mcqpkmul.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab55579.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Thanks in advance for your help!

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 7-22-2007 4:51 (GMT +1)

Hello

Please download Combofix:

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
and save to the desktop.

Close all other browser windows.

Double click on combo.exe & follow the prompts.

When finished, it will produce a logfile located at C:\ComboFix.txt.

Post the contents of that log in your next reply with a new hijackthis log.

Note:
Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

jsheehan223
New Member

Date Joined Jun 2007
Total Posts : 3

Posted 7-23-2007 9:53 (GMT +1)

Excellent! Thanks!

Ran combofix.exe

Here is the log.

"Kim" - 2007-07-23 16:26:14 - ComboFix 07-07-23.6 - Service Pack 2 NTFS

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\aavllaev.dll
C:\WINDOWS\system32\bdcmvann.dll
C:\WINDOWS\system32\boyspker.dll
C:\WINDOWS\system32\bpkpehpv.dll
C:\WINDOWS\system32\cihwwrbj.dll
C:\WINDOWS\system32\cqyafugw.dll
C:\WINDOWS\system32\dikeemlr.dll
C:\WINDOWS\system32\dkfdwevc.dll
C:\WINDOWS\system32\dxmxqeta.dll
C:\WINDOWS\system32\ewhpvrfi.dll
C:\WINDOWS\system32\ewjknxvd.dll
C:\WINDOWS\system32\fhucqmyf.dll
C:\WINDOWS\system32\fposnxud.dll
C:\WINDOWS\system32\gpiwsvco.dll
C:\WINDOWS\system32\idbgntmf.dll
C:\WINDOWS\system32\jfmgwfcn.dll
C:\WINDOWS\system32\jhwvnbcp.dll
C:\WINDOWS\system32\kjgkbejg.dll
C:\WINDOWS\system32\lhhsbsws.dll
C:\WINDOWS\system32\lryfetas.dll
C:\WINDOWS\system32\lxxulyfv.dll
C:\WINDOWS\system32\mkbxxebg.dll
C:\WINDOWS\system32\mwlmsbfx.dll
C:\WINDOWS\system32\nrakgeps.dll
C:\WINDOWS\system32\nwiwlicv.dll
C:\WINDOWS\system32\pplkswru.dll
C:\WINDOWS\system32\prsrsbui.dll
C:\WINDOWS\system32\pthgqrhc.dll
C:\WINDOWS\system32\pwlntarn.dll
C:\WINDOWS\system32\reeqxrhe.dll
C:\WINDOWS\system32\rqjjocyg.dll
C:\WINDOWS\system32\rsfriqfe.dll
C:\WINDOWS\system32\scdxqvwj.dll
C:\WINDOWS\system32\sfnwlslu.dll
C:\WINDOWS\system32\stocvege.dll
C:\WINDOWS\system32\svicccry.dll
C:\WINDOWS\system32\urgvfend.dll
C:\WINDOWS\system32\uyxarcnx.dll
C:\WINDOWS\system32\vacvvupx.dll
C:\WINDOWS\system32\vkeoyjwq.dll
C:\WINDOWS\system32\vlmifsfm.dll
C:\WINDOWS\system32\wakeyxuj.dll
C:\WINDOWS\system32\wbsjiawd.dll
C:\WINDOWS\system32\whtgdecm.dll
C:\WINDOWS\system32\witnclhg.dll
C:\WINDOWS\system32\wpvycwuj.dll
C:\WINDOWS\system32\xhhorffi.dll
C:\WINDOWS\system32\xouexofq.dll
C:\WINDOWS\system32\xpymwulg.dll
C:\WINDOWS\system32\bfwmljbk.dll
C:\WINDOWS\system32\bgtwjdde.dll
C:\WINDOWS\system32\bmqkqiyp.dll
C:\WINDOWS\system32\chwhhvwy.dll
C:\WINDOWS\system32\cnvcvhgq.dll
C:\WINDOWS\system32\cqxgrrpr.dll
C:\WINDOWS\system32\dvekjhgm.dll
C:\WINDOWS\system32\epymfxsu.dll
C:\WINDOWS\system32\evdyvntu.dll
C:\WINDOWS\system32\fgpoycin.dll
C:\WINDOWS\system32\fkthplfs.dll
C:\WINDOWS\system32\flvabxeb.dll
C:\WINDOWS\system32\fxnkqbvy.dll
C:\WINDOWS\system32\hqhhdypk.dll
C:\WINDOWS\system32\ifsrxxph.dll
C:\WINDOWS\system32\ihnicyab.dll
C:\WINDOWS\system32\jxtxsbqs.dll
C:\WINDOWS\system32\kailaqwu.dll
C:\WINDOWS\system32\kbscohfa.dll
C:\WINDOWS\system32\kiynfxbu.dll
C:\WINDOWS\system32\kmqeuebi.dll
C:\WINDOWS\system32\krfwtqnm.dll
C:\WINDOWS\system32\lbiiaclg.dll
C:\WINDOWS\system32\mbbfdbsd.dll
C:\WINDOWS\system32\mcqpkmul.dll
C:\WINDOWS\system32\mtyaialy.dll
C:\WINDOWS\system32\mylunmgb.dll
C:\WINDOWS\system32\nifjytky.dll
C:\WINDOWS\system32\nkthdwtg.dll
C:\WINDOWS\system32\nnaphlak.dll
C:\WINDOWS\system32\nqyxkqid.dll
C:\WINDOWS\system32\okfbheel.dll
C:\WINDOWS\system32\pfiovgqa.dll
C:\WINDOWS\system32\pnctceya.dll
C:\WINDOWS\system32\ptmajuvq.dll
C:\WINDOWS\system32\qhnvkjko.dll
C:\WINDOWS\system32\qnpeqpdr.dll
C:\WINDOWS\system32\qvshydup.dll
C:\WINDOWS\system32\qxfigweu.dll
C:\WINDOWS\system32\ridqbemk.dll
C:\WINDOWS\system32\rixritfc.dll
C:\WINDOWS\system32\rqgwwdlm.dll
C:\WINDOWS\system32\sdxcyevh.dll
C:\WINDOWS\system32\srykefic.dll
C:\WINDOWS\system32\tfgiinev.dll
C:\WINDOWS\system32\ttbkumyi.dll
C:\WINDOWS\system32\tykxhsln.dll
C:\WINDOWS\system32\uxaqsgsn.dll
C:\WINDOWS\system32\vdalwjxj.dll
C:\WINDOWS\system32\wkksxfdb.dll
C:\WINDOWS\system32\wsxwpylm.dll
C:\WINDOWS\system32\wvjiewdv.dll
C:\WINDOWS\system32\xdasechg.dll
C:\WINDOWS\system32\xqxsjdth.dll
C:\WINDOWS\system32\xxcylget.dll
C:\WINDOWS\system32\xxrsgiae.dll
C:\WINDOWS\system32\yeakdagh.dll
C:\WINDOWS\system32\yfdoxkxy.dll
C:\WINDOWS\system32\yiwbsmxi.dll
C:\WINDOWS\system32\ylnrqhlt.dll
C:\WINDOWS\system32\ywqcvplr.dll
C:\WINDOWS\system32\veallvaa.ini
C:\WINDOWS\system32\nnavmcdb.ini
C:\WINDOWS\system32\rekpsyob.ini
C:\WINDOWS\system32\vphepkpb.ini
C:\WINDOWS\system32\jbrwwhic.ini
C:\WINDOWS\system32\wgufayqc.ini
C:\WINDOWS\system32\rlmeekid.ini
C:\WINDOWS\system32\cvewdfkd.ini
C:\WINDOWS\system32\ateqxmxd.ini
C:\WINDOWS\system32\ifrvphwe.ini
C:\WINDOWS\system32\dvxnkjwe.ini
C:\WINDOWS\system32\fymqcuhf.ini
C:\WINDOWS\system32\duxnsopf.ini
C:\WINDOWS\system32\ocvswipg.ini
C:\WINDOWS\system32\fmtngbdi.ini
C:\WINDOWS\system32\ncfwgmfj.ini
C:\WINDOWS\system32\pcbnvwhj.ini
C:\WINDOWS\system32\gjebkgjk.ini
C:\WINDOWS\system32\swsbshhl.ini
C:\WINDOWS\system32\satefyrl.ini
C:\WINDOWS\system32\vfyluxxl.ini
C:\WINDOWS\system32\gbexxbkm.ini
C:\WINDOWS\system32\xfbsmlwm.ini
C:\WINDOWS\system32\spegkarn.ini
C:\WINDOWS\system32\vcilwiwn.ini
C:\WINDOWS\system32\urwsklpp.ini
C:\WINDOWS\system32\iubsrsrp.ini
C:\WINDOWS\system32\chrqghtp.ini
C:\WINDOWS\system32\nratnlwp.ini
C:\WINDOWS\system32\ehrxqeer.ini
C:\WINDOWS\system32\gycojjqr.ini
C:\WINDOWS\system32\efqirfsr.ini
C:\WINDOWS\system32\jwvqxdcs.ini
C:\WINDOWS\system32\ulslwnfs.ini
C:\WINDOWS\system32\egevcots.ini
C:\WINDOWS\system32\yrcccivs.ini
C:\WINDOWS\system32\dnefvgru.ini
C:\WINDOWS\system32\xncraxyu.ini
C:\WINDOWS\system32\xpuvvcav.ini
C:\WINDOWS\system32\qwjyoekv.ini
C:\WINDOWS\system32\mfsfimlv.ini
C:\WINDOWS\system32\juxyekaw.ini
C:\WINDOWS\system32\dwaijsbw.ini
C:\WINDOWS\system32\mcedgthw.ini
C:\WINDOWS\system32\ghlcntiw.ini
C:\WINDOWS\system32\juwcyvpw.ini
C:\WINDOWS\system32\iffrohhx.ini
C:\WINDOWS\system32\qfoxeuox.ini
C:\WINDOWS\system32\gluwmypx.ini
C:\WINDOWS\system32\ijllm.bak1
C:\WINDOWS\system32\ijllm.bak2
C:\WINDOWS\system32\ijllm.ini
C:\WINDOWS\system32\ijllm.ini2
C:\WINDOWS\system32\ijllm.tmp
C:\WINDOWS\system32\ijllm.bak1
C:\WINDOWS\system32\ijllm.bak2
C:\WINDOWS\system32\ijllm.ini
C:\WINDOWS\system32\ijllm.ini2
C:\WINDOWS\system32\ijllm.tmp

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\system32\adugavdq.exe
C:\WINDOWS\system32\aixgilvf.exe
C:\WINDOWS\system32\alqvactg.exe
C:\WINDOWS\system32\amqcnkex.exe
C:\WINDOWS\system32\aqnfldbv.exe
C:\WINDOWS\system32\arvkgbno.exe
C:\WINDOWS\system32\bgrbjlpq.exe
C:\WINDOWS\system32\bgsdhlfj.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cdsfaljh.exe
C:\WINDOWS\system32\cifxobvi.exe
C:\WINDOWS\system32\cqehiyxn.exe
C:\WINDOWS\system32\dkxrelum.exe
C:\WINDOWS\system32\dmgcwrqo.exe
C:\WINDOWS\system32\edfwisti.exe
C:\WINDOWS\system32\eeaxfbxb.exe
C:\WINDOWS\system32\eeerdqui.exe
C:\WINDOWS\system32\eetondma.exe
C:\WINDOWS\system32\ejrbeavf.exe
C:\WINDOWS\system32\fdmmwvhv.exe
C:\WINDOWS\system32\fhdbreij.exe
C:\WINDOWS\system32\fikbjfoa.exe
C:\WINDOWS\system32\fjthbuqi.exe
C:\WINDOWS\system32\fkjkckfw.exe
C:\WINDOWS\system32\flnygbll.exe
C:\WINDOWS\system32\ftkrebtj.exe
C:\WINDOWS\system32\gbjrgwuj.exe
C:\WINDOWS\system32\ggimfppl.exe
C:\WINDOWS\system32\ggkwbnxo.exe
C:\WINDOWS\system32\ggosnsyi.exe
C:\WINDOWS\system32\gnlptrsj.exe
C:\WINDOWS\system32\gvqdffbh.exe
C:\WINDOWS\system32\gwquyxua.exe
C:\WINDOWS\system32\hbavjtll.exe
C:\WINDOWS\system32\hedbmffk.exe
C:\WINDOWS\system32\hemnpafy.exe
C:\WINDOWS\system32\hiswrgye.exe
C:\WINDOWS\system32\hkdmaemu.exe
C:\WINDOWS\system32\htoxvidt.exe
C:\WINDOWS\system32\hynqkrhf.exe
C:\WINDOWS\system32\iibhufov.exe
C:\WINDOWS\system32\isqhphmg.exe
C:\WINDOWS\system32\ixfnafxh.exe
C:\WINDOWS\system32\ixqbpyqy.exe
C:\WINDOWS\system32\jdfeckpu.exe
C:\WINDOWS\system32\jooblabc.exe
C:\WINDOWS\system32\jssmgnok.exe
C:\WINDOWS\system32\jwddpcki.exe
C:\WINDOWS\system32\jylputmb.exe
C:\WINDOWS\system32\kkieignb.exe
C:\WINDOWS\system32\kllhdpmt.exe
C:\WINDOWS\system32\koqcvlwd.exe
C:\WINDOWS\system32\kpavlmeg.exe
C:\WINDOWS\system32\krwfmujq.exe
C:\WINDOWS\system32\ksecybej.exe
C:\WINDOWS\system32\lgurwpfi.exe
C:\WINDOWS\system32\lihwgmcj.exe
C:\WINDOWS\system32\lsapssps.exe
C:\WINDOWS\system32\lunbcuca.exe
C:\WINDOWS\system32\mbryhwew.exe
C:\WINDOWS\system32\mfoxffui.exe
C:\WINDOWS\system32\miqqxsje.exe
C:\WINDOWS\system32\mlcunqil.exe
C:\WINDOWS\system32\mpexduth.exe
C:\WINDOWS\system32\mtlmicqq.exe
C:\WINDOWS\system32\mxnmtjxp.exe
C:\WINDOWS\system32\nkavjipw.exe
C:\WINDOWS\system32\npvkpsto.exe
C:\WINDOWS\system32\nvgfwetk.exe
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\ocedlmhb.exe
C:\WINDOWS\system32\odrpebfg.exe
C:\WINDOWS\system32\ohiatimg.exe
C:\WINDOWS\system32\ojxxvpay.exe
C:\WINDOWS\system32\oxpqnsde.exe
C:\WINDOWS\system32\pdrvafks.exe
C:\WINDOWS\system32\pjtconir.exe
C:\WINDOWS\system32\pmcvdabq.exe
C:\WINDOWS\system32\pptufhne.exe
C:\WINDOWS\system32\pwpebchq.exe
C:\WINDOWS\system32\qaibnbnm.exe
C:\WINDOWS\system32\qhmovigm.exe
C:\WINDOWS\system32\qqebbgyb.exe
C:\WINDOWS\system32\qxpgppqg.exe
C:\WINDOWS\system32\rcywxxng.exe
C:\WINDOWS\system32\reilwdkh.exe
C:\WINDOWS\system32\rhytkbis.exe
C:\WINDOWS\system32\rklvpkfm.exe
C:\WINDOWS\system32\rsbdondm.exe
C:\WINDOWS\system32\ryblwaey.exe
C:\WINDOWS\system32\scppjptv.exe
C:\WINDOWS\system32\sgkuvudg.exe
C:\WINDOWS\system32\slqvqtge.exe
C:\WINDOWS\system32\sradlnsd.exe
C:\WINDOWS\system32\sufjmemi.exe
C:\WINDOWS\system32\tbgejbye.exe
C:\WINDOWS\system32\tjfwvxuy.exe
C:\WINDOWS\system32\tqrjsmcs.exe
C:\WINDOWS\system32\tqtrucub.exe
C:\WINDOWS\system32\tsaprpne.exe
C:\WINDOWS\system32\udopbbmq.exe
C:\WINDOWS\system32\ulvviqet.exe
C:\WINDOWS\system32\umutsisn.exe
C:\WINDOWS\system32\uovo!!!n.exe
C:\WINDOWS\system32\uxpqmtdb.exe
C:\WINDOWS\system32\vbgiwkhc.exe
C:\WINDOWS\system32\vgoavppr.exe
C:\WINDOWS\system32\vgqqouim.exe
C:\WINDOWS\system32\vgujisun.exe
C:\WINDOWS\system32\vjmwvthx.exe
C:\WINDOWS\system32\vksyrmxc.exe
C:\WINDOWS\system32\vquxojsu.exe
C:\WINDOWS\system32\vvdcchxc.exe
C:\WINDOWS\system32\vvkxwixo.exe
C:\WINDOWS\system32\wbesmvrn.exe
C:\WINDOWS\system32\wffcewuh.exe
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\wkivwsbs.exe
C:\WINDOWS\system32\wknyyuju.exe
C:\WINDOWS\system32\wlljrjqw.exe
C:\WINDOWS\system32\X1
C:\WINDOWS\system32\X2
C:\WINDOWS\system32\X3
C:\WINDOWS\system32\X4
C:\WINDOWS\system32\X9
C:\WINDOWS\system32\xdmpsrso.exe
C:\WINDOWS\system32\xdyqejkq.exe
C:\WINDOWS\system32\xeilcaxu.exe
C:\WINDOWS\system32\xgxqlkrw.exe
C:\WINDOWS\system32\xhmtggrh.exe
C:\WINDOWS\system32\xrjtgeaj.exe
C:\WINDOWS\system32\xyvotvfk.exe
C:\WINDOWS\system32\yglmkmjb.exe
C:\WINDOWS\system32\ytdolddj.exe
C:\WINDOWS\system32\yxpgirpi.exe
C:\WINDOWS\wr.txt

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_CORE
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS

((((((((((((((((((((((((( Files Created from 2007-06-23 to 2007-07-23 )))))))))))))))))))))))))))))))

2007-07-23 16:25 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-22 17:22 <DIR> d-------- C:\WINDOWS\srchasst
2007-07-22 09:24 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-22 09:20 <DIR> d-------- C:\Program Files\CCleaner
2007-07-22 09:08 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-07-21 16:55 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-21 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-21 16:51 <DIR> d-------- C:\QUARANTINE
2007-07-21 16:44 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2007-07-21 16:44 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-07-21 16:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-07-21 16:43 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-07-21 16:43 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-07-21 16:43 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2007-07-21 16:43 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-07-21 16:43 168,776 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-07-21 16:38 <DIR> d-------- C:\Program Files\McAfee
2007-07-21 16:38 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-07-21 16:36 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-07-21 15:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-21 15:32 <DIR> d-------- C:\download
2007-07-21 15:25 1,572,864 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-21 15:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-07-11 11:19 <DIR> d-------- C:\Program Files\iTunes
2007-07-11 11:14 <DIR> d-------- C:\Program Files\QuickTime
2007-07-11 11:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-11 11:07 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-11 11:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-11 10:36 1,750 --a------ C:\WINDOWS\system32\qfjevyyq.dll
2007-07-11 10:33 66,861 --a------ C:\WINDOWS\system32\avkaxiov.dll
2007-06-28 16:13 <DIR> d-------- C:\Temp
2007-06-28 12:33 <DIR> d-------- C:\DOCUME~1\Megan\APPLIC~1\Google
2007-06-27 20:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-06-27 20:55 <DIR> d-------- C:\DOCUME~1\Kim\APPLIC~1\Google

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-21 21:50:08 -------- d-----w C:\Program Files\Windows NT
2007-07-21 19:17:43 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-07-11 15:20:01 -------- d-----w C:\Program Files\iPod
2007-07-11 01:04:42 -------- d-----w C:\Program Files\OpenOffice.org1.1.4
2007-07-11 01:04:02 -------- d-----w C:\Program Files\Common Files\Motive
2007-07-07 16:18:28 -------- d-----w C:\DOCUME~1\Kim\APPLIC~1\McAfee.com Personal Firewall
2007-06-30 18:18:44 -------- d-----w C:\Program Files\Google
2007-06-28 01:28:23 -------- d-----w C:\Program Files\Hewlett-Packard
2007-06-06 23:30:01 -------- d-----w C:\Program Files\Yahoo!
2007-06-06 23:29:18 -------- d--h--r C:\DOCUME~1\Kim\APPLIC~1\yahoo!
2007-06-04 19:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 19:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 19:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2006-07-05 22:40:14 5,037,072 ----a-w C:\Program Files\spybotsd14.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F}]
C:\Program Files\Outerinfo\Outerinfo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C2D7619-ECB2-4A95-BEAC-6FDA01FB1F8A}]
C:\WINDOWS\system32\mllji.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 08:50]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Common Files\profsyv.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllji]
C:\WINDOWS\system32\mllji.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kim^Start Menu^Programs^Startup^OpenOffice.org 1.1.4.lnk]
path=C:\Documents and Settings\Kim\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 1.1.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration Manager]
C:\WINDOWS\cfg32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]
rundll32.exe "C:\WINDOWS\system32\fposnxud.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wvgrttzA]
C:\WINDOWS\wvgrttzA.exe

R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 ASCTRM;ASCTRM;C:\WINDOWS\system32\drivers\ASCTRM.sys
R2 dsunidrv;DellSupport UniDriver;C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
R3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 senfilt;senfilt;C:\WINDOWS\system32\drivers\senfilt.sys
S2 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 DSproct;DSproct;\??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
S3 LPDSVC;TCP/IP Print Server;C:\WINDOWS\system32\tcpsvcs.exe
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-23 16:49:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-23 16:51:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-23 16:50

--- E O F ---

Ran hijackthis.exe

Here is the log.

Logfile of HijackThis v1.99.1
Scan saved at 4:54:09 PM, on 7/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\download\alternativ.exe

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C2D7619-ECB2-4A95-BEAC-6FDA01FB1F8A} - C:\WINDOWS\system32\mllji.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab55579.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 7-24-2007 7:52 (GMT +1)

You´ve certainly get rid of some crap there smilewinkgrin

Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked:

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C2D7619-ECB2-4A95-BEAC-6FDA01FB1F8A} - C:\WINDOWS\system32\mllji.dll (file missing)

O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll (file missing)

Older versions of java have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application

Download the latest version of http://java.sun.com/javase/downloads/index.jsp

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java

Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.

Reboot your computer once all Java components are removed.

Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.

Tell how things re running now ?

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

jsheehan223
New Member

Date Joined Jun 2007
Total Posts : 3

Posted 7-24-2007 2:41 (GMT +1)

Seems to be working fine. Thanks for the help!

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 7-25-2007 8:14 (GMT +1)

Sounds good smilewinkgrin

You may want to read TonyKlein´s article about how to prevent against spyware/hijackers in the future

http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html

Since your problem appears to be resolved, this thread will now be closed.

If you need this topic reopened, please PM a Moderator and we will reopen it for you

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

Forum Information

Currently it is Saturday, November 21, 2009 12:55 PM (GMT +1)
There are a total of 73.031 posts in 17.116 threads.
In the last 3 days there were 14 new threads and 70 reply posts. View Active Threads