vsadd-in and other bad dll's

Discussion in 'Windows - Virus and spyware problems' started by ds1203, Nov 9, 2006.

  1. ds1203

    ds1203 Member

    Joined:
    Nov 9, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    my pc has a bit of a cold it can't shake with my norton and other spyware and ad "deleters?" here is a copy of my hijackthis scan;

    Logfile of HijackThis v1.99.1
    Scan saved at 7:15:54 PM, on 11/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\hijackthis\HjT.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.bearshare.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.dogpile.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
    O2 - BHO: (no name) - {53C642DF-BBC9-4026-99A7-6AFAD5F98503} - C:\WINDOWS\system32\jkhfc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\cqgfqatp.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O20 - Winlogon Notify: jkhfc - C:\WINDOWS\system32\jkhfc.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
     
    ds1203, Nov 9, 2006
    #1
  2. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Another case of Vundo...*sigh*. :)

    Download VundoFix to your desktop.

    Double-click [bold]VundoFix.exe[/bold] to run it.
    Click "[bold]Scan for Vundo[/bold]".
    Once it's done scanning, click "[bold]Remove Vundo[/bold]".
    You will receive a prompt asking if you want to remove the files, click [bold]YES[/bold].
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will reboot your computer, click [bold]OK[/bold].

    After the reboot rename HijackThis.exe to any name of your choice.

    Post back with the contents of C:\vundofix.txt along with a new HijackThis log.

    Edit: The previous HijackThis scan was run from safe mode. Next time please make sure you run HijackThis in normal mode.
     
    Last edited: Nov 10, 2006
    Niobis, Nov 10, 2006
    #2
  3. ds1203

    ds1203 Member

    Joined:
    Nov 9, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    i performed the task's.....
    VundoFix V6.2.8

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.5.0.6

    Scan started at 3:15:45 PM 11/11/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\cfhkj.tmp
    C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\cfhkj.tmp
    C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\cfhkj.tmp
    C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.tmp
    C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\cfhkj.tmp
    C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\cfhkj.tmp
    C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\cfhkj.tmp
    C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\cfhkj.tmp
    C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\cfhkj.tmp
    C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\cfhkj.tmp
    C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\cfhkj.tmp
    C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\cfhkj.tmp
    C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\cfhkj.tmp
    C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\cfhkj.tmp
    C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\cfhkj.tmp
    C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\cfhkj.tmp
    C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\cfhkj.tmp
    C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\cfhkj.tmp
    C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\cfhkj.tmp

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\jkhfc.dll
    C:\WINDOWS\system32\jkhfc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cfhkj.ini
    C:\WINDOWS\system32\cfhkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cfhkj.bak1
    C:\WINDOWS\system32\cfhkj.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cfhkj.ini2
    C:\WINDOWS\system32\cfhkj.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cfhkj.tmp
    C:\WINDOWS\system32\cfhkj.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.8

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.5.0.6

    Scan started at 3:21:21 PM 11/11/2006

    Listing files found while scanning....

    No infected files were found.

    Logfile of HijackThis v1.99.1
    Scan saved at 3:26:28 PM, on 11/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\M-Audio Uno\UnoInst.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\hijackthis\kabluna.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.bearshare.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.dogpile.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {450C1C90-152B-466A-8286-C23033FA6AC0} - C:\WINDOWS\system32\jkhfc.dll (file missing)
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\cqgfqatp.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe

    should i possibly also rename the root folder for hijackthis as well?
     
    ds1203, Nov 10, 2006
    #3
  4. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    No, Vundo only hides from the executable of HijackThis.

    Run a scan only with HijackThis, check these:

    [bold]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {450C1C90-152B-466A-8286-C23033FA6AC0} - C:\WINDOWS\system32\jkhfc.dll (file missing)
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
    O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\cqgfqatp.dll
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file) [/bold]

    Close all windows except HijackThis, then click "Fix checked".

    Should be clean now, but we should also run an online scan to make sure there's no other infections.

    Go here to run [bold]Kaspersky Online Scanner[/bold].
    After downloading, click "[bold]My Computer[/bold]" to scan.
    After scanning, click "[bold]Save report as[/bold]".
    Save as a text file on the desktop.
    Post the log in your next reply along with a new HijackThis log.
     
    Niobis, Nov 10, 2006
    #4
  5. ds1203

    ds1203 Member

    Joined:
    Nov 9, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    there appears to be an error on the downloading page of the download, internet scanning page...however the system is now running smoothly....thanks a bunch, really appreciate it!!
     
    ds1203, Nov 10, 2006
    #5
  6. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    You're welcome but, lose of symptoms doesn't mean no malware. Run ActiveScan instead.

    Go here to run [bold]ActiveScan[/bold].
    Click "[bold]Panda ActiveScan[/bold].
    Fill in the form with your information.
    After downloading, click [bold]My Computer[/bold] to scan.
    When it finishes, click "[bold]See Report[/bold]".
    Click "[bold]Save report[/bold]" and save it to the desktop.
    Post the log along with a new HijackThis log.
     
    Last edited: Nov 10, 2006
    Niobis, Nov 10, 2006
    #6

Share This Page