Skip to main content

araycot

12 Posts

October 25th, 2007 01:00

Also I just thought I'd add the symptoms which some other people have already posted.  When I get on the internet, especially google, a box pops up saying my computer is infected and not running properly and that I should download IE Defender for free.  During this time the internet runs slow, it takes a while for pages to load (I'm on broadband cable).  When I do I google search it shows some kind of error and the third or fourth choice is a porn picture or link.

njustice

7 Posts

October 25th, 2007 11:00

Hello,
 
You have a Vundo infection.
 
Please download http://www.atribune.org/ccount/click.php?id=4 to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from " Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Note:
 If you already have VundoFix please delete that version and download the latest version from the link above.

araycot

12 Posts

October 25th, 2007 19:00

Thanks, but when the vundo said it didn't fine any infected files.  They're definately there, when I try to get on this internet and type in something in google it still brings up the error and the fourth item is porn.  If I click on a link it goes to some random advertisement like a family fun page or some podcast.

njustice

7 Posts

October 25th, 2007 21:00

Hello araycot, it looks like you have a new infection. Please be patient while we can research this variant and a fix.
 
Best regards, NJ

njustice

7 Posts

October 26th, 2007 20:00

Please set your system to show all files:
 
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Reboot into Safe Mode:

  • Click Start.
  • Select Shutdown.
  • Select Restart and click OK.
  • During restart, hold down the F8 key on your keyboard until the Windows Startup menu appears.
  • If your PC starts beeping then release the key for a few seconds before holding it down again.
  • Select Safe Mode from the Startup menu, and press the Enter button on your keyboard.
  • Windows should start in Safe Mode. If Windows doesn't restart in Safe Mode then please try again.
  • Close all programs and browsers leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

  • O2 - BHO: BetaDivX - {D99BACC6-6289-4D4F-8BAF-4192016AF547} - C:\WINDOWS\system32\bDivX.dll

    Click on Fix Checked when finished and exit HijackThis.

    Using Windows Explorer, locate the following file in red, and delete:

    C:\WINDOWS\system32\ IR9V0_QCX.dll

    Exit Explorer, and reboot as normal afterwards.

    Next.....

    Please download Combofix and save to your desktop:
    Note:
    It is important that it is saved directly to your desktop
    Close any open browsers.
    Double click on combofix.exe and follow the prompts.
    When it's finished it will produce a log.
    Post the entire contents of C:\ComboFix.txt into your next reply with a new Hijackthis log.
    Note:
    Do not mouseclick combofix's window while it's running.
    That may cause the program to freeze/hang.

    In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.
    In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.



        Message Edited by njustice on 10-26-2007 04:56 PM

      araycot

      12 Posts

      October 29th, 2007 19:00

      ComboFix 07-10-29.1 - Aron  Cottrell 2007-10-29 16:12:54.1 - NTFSx86
      Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.554 [GMT -4:00]
      Running from: C:\Documents and Settings\Aron  Cottrell\Desktop\ComboFix.exe
       * Created a new restore point
      .
      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      C:\WINDOWS\system32\bszip.dll
      .
      (((((((((((((((((((((((((   Files Created from 2007-09-28 to 2007-10-29  )))))))))))))))))))))))))))))))
      .
      2007-10-29 16:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2007-10-29 15:40   d-------- C:\Documents and Settings\Administrator\Application Data\Intel
      2007-10-25 16:34   d-------- C:\VundoFix Backups
      2007-10-24 22:39   d-------- C:\Program Files\Trend Micro
      2007-10-09 17:00 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2007-10-29 19:53 --------- d-----w C:\Program Files\McAfee
      2007-10-21 22:52 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
      2007-10-18 03:07 --------- d-----w C:\Documents and Settings\Aron  Cottrell\Application Data\SiteAdvisor
      2007-09-22 17:44 --------- d-----w C:\Documents and Settings\Aron  Cottrell\Application Data\AdobeUM
      2007-09-12 04:41 --------- d-----w C:\Program Files\SiteAdvisor
      2007-09-12 04:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
      2007-09-02 15:31 --------- d-----w C:\Program Files\Google
      2007-09-02 15:31 --------- d-----w C:\Program Files\Common Files\xing shared
      2007-09-02 15:31 --------- d-----w C:\Program Files\Common Files\Real
      2007-01-10 06:04:11 56 --sh--r C:\WINDOWS\system32\F735CACA00.sys
      2007-01-10 06:04:11 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
      .
      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-19 05:41]
      "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-19 05:38]
      "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-19 05:42]
      "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 20:56]
      "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 23:35 C:\WINDOWS\stsystra.exe]
      "ShowLOMControl"="1 (0x1)" []
      "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 22:29]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
      "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50]
      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50]
      "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 03:02]
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-02-11 02:24]
      "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33]
      "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30]
      "SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-08 22:39]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
      "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 18:04]
      "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 17:58]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-02 11:30]
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 04:24]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 19:34]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 17:48]
      "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
      "DelayShred"="C:\Program Files\McAfee.com\Shredder\SHRED32.EXE" /q C:\DOCUME~1\ARONCO~1\LOCALS~1\TEMPOR~1\Content.SH! C:\DOCUME~1\ARONCO~1\LOCALS~1\TEMPOR~1\ANTIPH~1.SH!
      C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
      Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
      Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-11 02:12:50]
      QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 13:59:36]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
      @=""
      S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\D:\INSTAL~E\Core\BVRPMPR5.SYS
      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4304f0a7-8c99-11db-9389-00038a000015}]
      AutoRun\command - F:\Installer.exe
      .
      Contents of the 'Scheduled Tasks' folder
      "2007-08-22 16:17:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2007-08-15 05:03:26 C:\WINDOWS\Tasks\McDefragTask.job"
      - c:\program files\mcafee\mqc\QcConsol.exe
      "2007-09-01 05:00:02 C:\WINDOWS\Tasks\McQcTask.job"
      - c:\program files\mcafee\mqc\QcConsol.exe
      .
      **************************************************************************
      catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-10-29 16:16:56
      Windows 5.1.2600 Service Pack 2 NTFS
      scanning hidden processes ...
      scanning hidden autostart entries ...
      scanning hidden files ...
      scan completed successfully
      hidden files: 0
      **************************************************************************
      .
      Completion time: 2007-10-29 16:18:42 - machine was rebooted
      .
       --- E O F ---

      araycot

      12 Posts

      October 29th, 2007 19:00

      NJ,
       
      When I was in safemode I could not locate C:\WINDOWS\system32\ IR9V0_QCX.dll in order to delete it.  I don't know if it was already deleted from the hijackthis or if I just couldn't find it, but I looked and searched everywhere in the system32 file.

      araycot

      12 Posts

      October 29th, 2007 19:00

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 4:21:16 PM, on 10/29/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16544)
      Boot mode: Normal
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
      C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
      C:\WINDOWS\system32\igfxsrvc.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\stsystra.exe
      C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\Program Files\McAfee\MSK\MskAgent.exe
      C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      c:\program files\common files\mcafee\mna\mcnasvc.exe
      C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
      C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\McAfee\MPF\MPFSrv.exe
      C:\PROGRA~1\McAfee\MPS\mps.exe
      C:\Program Files\McAfee\MSK\MskSrver.exe
      C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\Program Files\SiteAdvisor\6172\SAService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\McAfee\MPS\mpsevh.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
      O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [ShowLOMControl]
      O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
      O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
      O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
      O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
      O4 - HKCU\..\RunOnce: [DelayShred] "C:\Program Files\McAfee.com\Shredder\SHRED32.EXE" /q C:\DOCUME~1\ARONCO~1\LOCALS~1\TEMPOR~1\Content.SH! C:\DOCUME~1\ARONCO~1\LOCALS~1\TEMPOR~1\ANTIPH~1.SH!
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Digital Line Detect.lnk = ?
      O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
      O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
      O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
      O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
      O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
      O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
      O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
      O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      --
      End of file - 10701 bytes

      njustice

      7 Posts

      October 29th, 2007 20:00

      Hello araycot,
       
      The file you were to delete was removed by hijackthis, we like to double check to be sure the file is gone. Your log is clean of infection, but I do see that your Sun Java is out of date.
       

      Upgrading Java:

      • Download the latest version   http://java.sun.com/javase/downloads/index.jsp
      • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
      • Click the Download button to the right.
      • Check the box that says: "Accept License Agreement".
      • The page will refresh.
      • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
      • Close any programs you may have running - especially your web browser.
      • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
      • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
      • Click the Remove or Change/Remove button.
      • Repeat as many times as necessary to remove each Java version.
      • Reboot your computer once all Java components are removed.
      • Then from your desktop double-click on the download to install the newest version.

       

      Let me know how your computer is performing.

      araycot

      12 Posts

      October 31st, 2007 19:00

      My computer is fixed, and running great.  Thanks.
       
      Aron

      Was this post helpful?

      View All

      No Events found!

      Top