Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

balagan13

21 Posts

1348

May 9th, 2007 17:00

trojans in temp folders!

my computer was fine, but then downloaded a crack for a program. the performance has decreased significantly, there has been trojans detected by avg in temp folders, yet a full system scan finds nothing. too many pop-ups to deal with now! could you guys help please? here's my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 19:22:09, on 09/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Darren.DARREN-YL9DRTUB\My Documents\Recieved Files\Virus Shtuff\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\luwbijfn.dll",setvm
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\mrgoqtje.dll",realset
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://balagandan.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158828306609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158842650687
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Message Edited by balagan13 on 05-12-2007 11:03 AM

bluecoal

134 Posts

May 15th, 2007 15:00

 
In the absence of other help, you can try that selfhelp tutorial.

Bugbatter

4 Apprentice

 • 

20.5K Posts

May 15th, 2007 22:00

I've deleted my post as long as someone else is helping you.

Message Edited by Bugbatter on 05-27-2007 07:19 PM

balagan13

21 Posts

May 17th, 2007 17:00

hi, i tried that vundofix.exe and the symptoms have ceased and i presume the problem is fixed. thanks for help

Bugbatter

4 Apprentice

 • 

20.5K Posts

May 17th, 2007 18:00

Post deleted.

Message Edited by Bugbatter on 05-27-2007 07:20 PM

balagan13

21 Posts

May 17th, 2007 20:00

:mozilla.114:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.115:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.116:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.117:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.85:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.88:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.89:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.90:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.91:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.92:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.93:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.94:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.95:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.96:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.187:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.188:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.189:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.190:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.191:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.192:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.230:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.302:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.332:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.363:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.364:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.355:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.356:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.357:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.358:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.359:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.419:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.420:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.323:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.220:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.221:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.222:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.223:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.905:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.43:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.44:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.45:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Cookies\darren@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.55:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.245:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.206:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.207:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.32:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.33:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.34:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.35:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.36:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.37:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.38:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.39:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.40:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. report end

Message Edited by balagan13 on 05-17-2007 04:23 PM

balagan13

21 Posts

May 17th, 2007 20:00

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:56:02 17/05/2007

+ Scan result:



C:\System Volume Information\_restore{A35ECE3D-C6C7-4B54-8D0C-323FF20C9C8D}\RP335\A0077522.dll -> Adware.Virtumonde : Cleaned.
C:\VundoFix Backups\qomnlkk.dll.bad -> Adware.Virtumonde : Cleaned.
:mozilla.262:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.263:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.128:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.320:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.334:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.395:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.621:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.675:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.435:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.436:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.411:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.412:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.413:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.414:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.391:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.392:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.422:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.56:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.57:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.58:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.59:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.60:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.61:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.13:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.14:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.10:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.6:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.7:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Cookies\darren@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Cookies\darren@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.415:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.62:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.63:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.64:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.65:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.66:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.898:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.439:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Co : Cleaned.
:mozilla.498:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.50:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.51:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.52:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.53:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.54:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.41:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Cookies\darren@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.346:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.528:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.231:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.232:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.233:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.352:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.353:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.354:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.171:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.173:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.314:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.315:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.316:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.375:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.390:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.218:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.219:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.879:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Intelli-tracker : Cleaned.
:mozilla.118:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.120:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.286:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.287:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.125:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.440:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.441:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.442:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.184:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.185:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.186:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.751:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.752:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.753:C:\Documents and Settings\Darren.DARREN-YL9DRTUB\Application Data\Mozilla\Firefox\Profiles\09ajfcxd.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

bluecoal

134 Posts

May 17th, 2007 20:00

kibbitz
 
If it was my machine, I would be doing a file search by date and looking at files created on the date the problem started.
 
I had infected files in c:\  ;  c:\windows  ;  and c:\windows\system32  after vundofix finished its processes.
 
end kibbitz
 
(bugbatter - apologies I thought he was finished. My posts take awhile thinking and typing, he posted while I was thinking through my post. )


Message Edited by bluecoal on 05-17-2007 04:26 PM

balagan13

21 Posts

May 17th, 2007 20:00

I thought I should take your advice and do what you suggested. So heres my hijack this log and avg as scan report

Logfile of HijackThis v1.99.1
Scan saved at 22:14:22, on 17/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\DARREN~1.DAR\LOCALS~1\Temp\xpinstall.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\patchjre.exe
C:\Documents and Settings\Darren.DARREN-YL9DRTUB\My Documents\Recieved Files\Virus Shtuff\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5701F197-85A8-42D4-BA2C-6D8DBFFA214D} - C:\WINDOWS\system32\awvvv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {917CB0B1-7835-4C73-B040-1A51AFD21DA6} - C:\WINDOWS\system32\gebyv.dll (file missing)
O2 - BHO: (no name) - {9F8E3317-D0C9-4D4C-945C-4C3DA0FF1C54} - C:\WINDOWS\system32\gebyw.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {EC9657AF-0F1A-4F4E-B802-E70D17AAEB20} - C:\WINDOWS\system32\djqhousr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\kcsdgjyj.dll",realset
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://balagandan.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158828306609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158842650687
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll (file missing)
O20 - Winlogon Notify: gebyw - C:\WINDOWS\system32\gebyw.dll (file missing)
O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\SYSTEM32\odyEvent.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


cheers, dan

zbestwun2001

4 Apprentice

 • 

8.8K Posts

May 17th, 2007 23:00

balagan13,

We are going to let Bluecoal continue working with you.

Please wait for his next instructions.

zb1

Message Edited by zbestwun2001 on 05-17-2007 05:16 PM

bluecoal

134 Posts

May 22nd, 2007 13:00

Please post a new hijackthis log so we can see what the system looks like now.
Thanks.

balagan13

21 Posts

May 22nd, 2007 18:00

Logfile of HijackThis v1.99.1
Scan saved at 20:51:47, on 22/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Darren.DARREN-YL9DRTUB\My Documents\Recieved Files\Virus Shtuff\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5701F197-85A8-42D4-BA2C-6D8DBFFA214D} - C:\WINDOWS\system32\awvvv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {917CB0B1-7835-4C73-B040-1A51AFD21DA6} - C:\WINDOWS\system32\gebyv.dll (file missing)
O2 - BHO: (no name) - {9F8E3317-D0C9-4D4C-945C-4C3DA0FF1C54} - C:\WINDOWS\system32\gebyw.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {EC9657AF-0F1A-4F4E-B802-E70D17AAEB20} - C:\WINDOWS\system32\djqhousr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\kcsdgjyj.dll",realset
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://balagandan.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158828306609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158842650687
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll (file missing)
O20 - Winlogon Notify: gebyw - C:\WINDOWS\system32\gebyw.dll (file missing)
O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\SYSTEM32\odyEvent.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

bluecoal

134 Posts

May 22nd, 2007 20:00

I am having a lot of trouble with formatting, if this is not useable, post back and I will try again.

A)n/a

B) Please download ATF Cleaner by Atribune

 http://www.atribune.org/content/view/25/2/

Save it to your Desktop for later use.

C) If you did not get killbox earlier, please follow bugbatter's instructions to obtain it.

D) We need to temporarily have hidden files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
You can reverse these steps after the system is cleaned up.

E) Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

F) Run ATF Cleaner Double-click ATF-Cleaner.exe to run the program.
Select the first 3 temp file lines.
Select the temporary internet files line.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

G) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

 

O2 - BHO: (no name) - {5701F197-85A8-42D4-BA2C-6D8DBFFA214D} - C:\WINDOWS\system32\awvvv.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {917CB0B1-7835-4C73-B040-1A51AFD21DA6} - C:\WINDOWS\system32\gebyv.dll (file missing)

O2 - BHO: (no name) - {9F8E3317-D0C9-4D4C-945C-4C3DA0FF1C54} - C:\WINDOWS\system32\gebyw.dll (file missing)

O2 - BHO: (no name) - {EC9657AF-0F1A-4F4E-B802-E70D17AAEB20} - C:\WINDOWS\system32\djqhousr.dll

O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\kcsdgjyj.dll",realset

O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll (file missing)

O20 - Winlogon Notify: gebyw - C:\WINDOWS\system32\gebyw.dll (file missing)

 

Close all programs but HJT and all browser windows, then click on "Fix Checked"

 

H) Follow bugbatter's instructions above for deleting a file on reboot using killbox.

 

delete this file: C:\WINDOWS\system32\kcsdgjyj.dll

 

More info (with screen shots) on killbox here: http://forum.malwareremoval.com/viewtopic.php?t=320

I) Post the new Vundofix report (c:\vundofix.txt) and a new HJT log.

Thanks.

bc

balagan13

21 Posts

May 23rd, 2007 16:00

VundoFix V6.3.23

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 18:11:14 15/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\buttkpjy.dll
C:\WINDOWS\system32\dlcwfwad.dll
C:\WINDOWS\system32\dwhbilek.dll
C:\WINDOWS\system32\euhbkoii.dll
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\gebyw.dll
C:\WINDOWS\system32\hewqyden.dll
C:\WINDOWS\system32\jenqobda.dll
C:\WINDOWS\system32\jtryyrtv.dll
C:\WINDOWS\system32\jyjgdsck.ini
C:\WINDOWS\system32\kcsdgjyj.dll
C:\WINDOWS\system32\nlpcpwsj.dll
C:\WINDOWS\system32\nuqbptsr.dll
C:\WINDOWS\system32\qomnlkk.dll
C:\WINDOWS\system32\qpkttdym.dll
C:\WINDOWS\system32\vdjdtvgs.dll
C:\WINDOWS\system32\vvvwa.bak1
C:\WINDOWS\system32\vvvwa.bak2
C:\WINDOWS\system32\vvvwa.ini
C:\WINDOWS\system32\vvvwa.tmp
C:\WINDOWS\system32\vybeg.bak1
C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\wybeg.bak1
C:\WINDOWS\system32\wybeg.ini
C:\WINDOWS\system32\xkqtllxf.dll
C:\WINDOWS\system32\xllcduoq.dll
C:\WINDOWS\system32\yvlphwdw.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\buttkpjy.dll
C:\WINDOWS\system32\buttkpjy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dlcwfwad.dll
C:\WINDOWS\system32\dlcwfwad.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dwhbilek.dll
C:\WINDOWS\system32\dwhbilek.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\euhbkoii.dll
C:\WINDOWS\system32\euhbkoii.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\gebyv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hewqyden.dll
C:\WINDOWS\system32\hewqyden.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jtryyrtv.dll
C:\WINDOWS\system32\jtryyrtv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jyjgdsck.ini
C:\WINDOWS\system32\jyjgdsck.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\kcsdgjyj.dll
C:\WINDOWS\system32\kcsdgjyj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nlpcpwsj.dll
C:\WINDOWS\system32\nlpcpwsj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nuqbptsr.dll
C:\WINDOWS\system32\nuqbptsr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomnlkk.dll
C:\WINDOWS\system32\qomnlkk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qpkttdym.dll
C:\WINDOWS\system32\qpkttdym.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vdjdtvgs.dll
C:\WINDOWS\system32\vdjdtvgs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vvvwa.bak1
C:\WINDOWS\system32\vvvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vvvwa.bak2
C:\WINDOWS\system32\vvvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vvvwa.ini
C:\WINDOWS\system32\vvvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vvvwa.tmp
C:\WINDOWS\system32\vvvwa.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\vybeg.bak1
C:\WINDOWS\system32\vybeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\vybeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\wybeg.bak1
C:\WINDOWS\system32\wybeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\wybeg.ini
C:\WINDOWS\system32\wybeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xllcduoq.dll
C:\WINDOWS\system32\xllcduoq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yvlphwdw.dll
C:\WINDOWS\system32\yvlphwdw.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.23

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 23:28:37 15/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\gebyw.dll

VundoFix V6.3.23

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 17:02:53 23/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\gebyw.dll

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.3.23

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 18:03:15 23/05/2007

Listing files found while scanning....

No infected files were found.

Message Edited by balagan13 on 05-23-2007 12:16 PM

balagan13

21 Posts

May 23rd, 2007 16:00

Logfile of HijackThis v1.99.1
Scan saved at 18:18:36, on 23/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Darren.DARREN-YL9DRTUB\My Documents\Recieved Files\Virus Shtuff\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://balagandan.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158828306609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158842650687
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\SYSTEM32\odyEvent.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

bluecoal

134 Posts

May 23rd, 2007 18:00

The hijackthis log looks ok.
 
I am a little concerned though. These two files:
C:\WINDOWS\system32\jenqobda.dll
C:\WINDOWS\system32\xkqtllxf.dll
 
were in the first detection pass, but they were not deleted and they did not show up in the second detection/fix pass. Not sure what is up with that.
 
Would you be sure that viewing hidden files is enabled and then look for those two files? If you find them, so as not to disturb things too much, lets try renaming them. Carefully RIGHT click the file name, select rename, and add a .quar to the name so they look like this when you are done: 
C:\WINDOWS\system32\jenqobda.dll.quar
C:\WINDOWS\system32\xkqtllxf.dll.quar
 
I will post back again after bit with another step for you.


Was this post helpful?

View All

No Events found!

Top