avast found this virus but it can’t remove it. i need help on how to… please help
What virus, what file and location, what reason, I think you are getting the picture we need more information.
What Operating System are you using ?
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.
Why couldn’t it be removed ?
Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate.
ok im usein windows xp. i get a window that says server busy & tell me to switch. avast warning that i need to abort connection but that malware is already on my cumputer. i have been through the reboot thing 2 times an i did delete & move to chest. it gives me an error 42060. i think its in my internet explorer it pops up with web sites.
half ofthe file name i got is inetppui.com/lib/3077/143e7ef9ac09f431b10129426dab94d/silent.dll.bak
The detection isn’t on your system as this was intercepted and detected by the web shield and the only option you will be given is to abort the connection, dropping the download of the malicious file.
The web shield filters http port 80 traffic (normal browsing of the net) and it scans that content before it is saved to your browser cache (temporary internet files) and then displayed by your browser. This effectively blocks it getting on to your system.
So it is likely that there is an undetected or hidden process on your system that is trying to download other malware.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
- SUPERantispyware On-Demand only in free version.
- MalwareBytes Anti-Malware freeware version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
Run one and report the findings before running the other.
now its showing file name c\documents & settings\compaq owner\local settings\tempo
malware name is win32podnuha-bj malware type rootkit vps version 080914-0 09/14/2008
im also getting cannot processc documents & settings\compaq owner\local settings\temp internet files\content.le5\ta5crks3\silent.dll[2].bak[upx] file… & because it is being used by another process. after i try to move it to the chest…
Empty your Temporary Internet files using IE, run the other programs I mentioned as it looks like there are other elements to this on your system.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/15/2008 at 07:45 AM
Application Version : 4.21.1004
Core Rules Database Version : 3566
Trace Rules Database Version: 1554
Scan type : Complete Scan
Total Scan Time : 00:58:36
Memory items scanned : 503
Memory threats detected : 4
Registry items scanned : 5516
Registry threats detected : 30
File items scanned : 20184
File threats detected : 52
Trojan.Vundo-Variant/Small-GEN
C:\WINDOWS\SYSTEM32\JKKJAWWU.DLL
C:\WINDOWS\SYSTEM32\JKKJAWWU.DLL
C:\WINDOWS\SYSTEM32\LJJYPHFG.DLL
Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\QOMCAXWX.DLL
C:\WINDOWS\SYSTEM32\QOMCAXWX.DLL
Adware.AdSponsor/ISM-GetPack
C:\PROGRAM FILES\GETPACK\GETPACK21.EXE
C:\PROGRAM FILES\GETPACK\GETPACK21.EXE
[GetPack21] C:\PROGRAM FILES\GETPACK\GETPACK21.EXE
Trojan.Downloader-CREW
C:\WINDOWS\SYSTEM32\RYAUYHXL.DLL
C:\WINDOWS\SYSTEM32\RYAUYHXL.DLL
HKLM\Software\Classes\CLSID{01807D47-C937-4847-9760-BE63780B6C34}
HKCR\CLSID{01807D47-C937-4847-9760-BE63780B6C34}
HKCR\CLSID{01807D47-C937-4847-9760-BE63780B6C34}\InprocServer32
HKCR\CLSID{01807D47-C937-4847-9760-BE63780B6C34}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{01807D47-C937-4847-9760-BE63780B6C34}
C:\WINDOWS\SYSTEM32\GDVDISED.DLL
Adware.AdSponsor/ISM-GetModule
[GetModule23] C:\PROGRAM FILES\GETMODULE\GETMODULE23.EXE
C:\PROGRAM FILES\GETMODULE\GETMODULE23.EXE
Trojan.Vundo-Variant/NextGen
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{1BC5E68A-EDAE-4F12-BE0E-A548DCC388D3}
HKCR\CLSID{1BC5E68A-EDAE-4F12-BE0E-A548DCC388D3}
HKCR\CLSID{1BC5E68A-EDAE-4F12-BE0E-A548DCC388D3}\InprocServer32
HKCR\CLSID{1BC5E68A-EDAE-4F12-BE0E-A548DCC388D3}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{D7336D32-62F7-43B5-8B8C-3963C72CA498}
HKCR\CLSID{D7336D32-62F7-43B5-8B8C-3963C72CA498}
HKCR\CLSID{D7336D32-62F7-43B5-8B8C-3963C72CA498}\InprocServer32
HKCR\CLSID{D7336D32-62F7-43B5-8B8C-3963C72CA498}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{D7336D32-62F7-43B5-8B8C-3963C72CA498}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkkJawwU
Trojan.Vundo-Variant/NextGen-Six
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{f13c481d-9627-4871-9ab4-cceb290a8b80}
HKCR\CLSID{F13C481D-9627-4871-9AB4-CCEB290A8B80}
HKCR\CLSID{F13C481D-9627-4871-9AB4-CCEB290A8B80}\InprocServer32
HKCR\CLSID{F13C481D-9627-4871-9AB4-CCEB290A8B80}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\ZXNQIP.DLL
Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ar.atwola[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.addynamix[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cache.trafficmp[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@xiti[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@trafficmp[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.googleadservices[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media.vlzserver[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.revsci[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.googleadservices[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stopzilla[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tracking.dsmmadvantage[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atwola[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@eas.apm.emediate[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@clickbank[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@revsci[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@smartadserver[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media6degrees[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adserver.adtechus[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.googleadservices[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bluestreak[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.pointroll[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@at.atwola[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tagiq.clickforensics[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.stopzilla[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediaplex[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adtrafficdriver[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@toplist[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.googleadservices[4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@advertising[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.googleadservices[5].txt
Trojan.DNSChanger-Codec
HKU\S-1-5-21-416308895-2433930753-3315868822-1009\Software\GetModule
HKU\S-1-5-21-416308895-2433930753-3315868822-1009\Software\GetPack
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck#UninstallString
Adware.AdSponsor/ISM
C:\Program Files\GetModule\dicik.gz
C:\Program Files\GetModule\kwdik.gz
C:\Program Files\GetModule\ozadik.gz
C:\Program Files\GetModule
C:\Program Files\GetPack\dictame.gz
C:\Program Files\GetPack\trgtame.gz
C:\Program Files\GetPack
C:\Program Files\iCheck\iCheck.exe
C:\Program Files\iCheck\Uninstall.exe
C:\Program Files\iCheck
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-416308895-2433930753-3315868822-1009\Software\Microsoft\rdfa
Adware.CouponBar
C:\SYSTEM VOLUME INFORMATION_RESTORE{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP67\A0010176.DLL
C:\WINDOWS\COUPONBARIE.DLL
slowed it down a bit
with MBAB you have to put a check next to any hits then click REMOVE CHECKED- a backup will be made
post the log
then go to the stickie at the top of this forum read and follow the instructions and post a hijack this (after the MBAM scan
good work
after looking at the HJT
we may want to run:
a boot time avast scan to check again for rootits and see if anything has been “unhidden”
VUNDOFIX http://vundofix.atribune.org/ (but get the MBAM and boot time avst FIRST)
HPFIX (to doublecheck for rootkits with the built in GMER root kit tool)
EDIT that’s SDFIX http://www.bleepingcomputer.com/forums/topic131299.html
We’re using VUNDOfix for the obvious reason for latest variants
SD FIX for the other items and as a double check for rootkits
actually I hope both of these come up clean and that MBAM gets anything missed by SAS and Avast
I take it that you allowed SAS to quarantine the detections, etc. if not do that.
The tracking cookies aren’t a security issue more a minor privacy one, I normally don’t even bother scanning for them.
Much of the other stuff is adware, but the most serious ones are any relating to Vundo and the DNS changer stuff could be responsible for redirects to unsavoury sites, etc.
So SAS would appear to have done a good job so far.
What is your firewall ?
As that may not be providing enough protection.
I agree. Haven’t you tried Comodo Pro?
Malwarebytes’ Anti-Malware 1.28
Database version: 1155
Windows 5.1.2600 Service Pack 3
9/15/2008 4:50:08 PM
mbam-log-2008-09-15 (16-50-08).txt
Scan type: Full Scan (C:|D:|)
Objects scanned: 101440
Time elapsed: 1 hour(s), 16 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 7
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 21
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\ywadnfwe.dll (Trojan.Vundo) → Delete on reboot.
C:\WINDOWS\system32\oukahong.dll (Trojan.Vundo) → Delete on reboot.
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\GetPack (Adware.Agent) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VnrBlock (Trojan.Agent) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) → Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a45450d1 (Trojan.Vundo.H) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bma767634d (Trojan.Vundo) → Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb4562 (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd1379 (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga5442 (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc3961 (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VnrBlock20 (Backdoor.Bot) → Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\VnrBlock (Trojan.Agent) → Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\ywadnfwe.dll (Trojan.Vundo.H) → Delete on reboot.
C:\WINDOWS\system32\ewfndawy.ini (Trojan.Vundo.H) → Quarantined and deleted successfully.
C:\WINDOWS\system32\oukahong.dll (Trojan.Vundo) → Quarantined and deleted successfully.
C:\System Volume Information_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP67\A0010176.dll (Adware.Coupons) → Quarantined and deleted successfully.
C:\System Volume Information_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP74\A0011339.dll (Trojan.Vundo) → Quarantined and deleted successfully.
C:\System Volume Information_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP74\A0011589.dll (Trojan.Vundo) → Quarantined and deleted successfully.
C:\System Volume Information_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP76\A0011668.dll (Trojan.Vundo) → Quarantined and deleted successfully.
C:\System Volume Information_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP76\A0011670.exe (Adware.ISM) → Quarantined and deleted successfully.
C:\WINDOWS\CouponBarIE.dll (Adware.Coupons) → Quarantined and deleted successfully.
C:\WINDOWS\system32\tuordaes.dll (Trojan.Vundo) → Quarantined and deleted successfully.
C:\WINDOWS\system32\dgkrrduu.dll (Trojan.Vundo) → Quarantined and deleted successfully.
C:\WINDOWS\system32\lusmif.dll (Trojan.Vundo) → Quarantined and deleted successfully.
C:\WINDOWS\system32\ndbxvmyg.dll (Trojan.Vundo) → Quarantined and deleted successfully.
C:\WINDOWS\system32\oukahong.dll_old (Trojan.Vundo) → Delete on reboot.
C:\WINDOWS\system32\vczqvl.dll (Trojan.Vundo) → Quarantined and deleted successfully.
C:\WINDOWS\system32\xhybvbng.dll (Trojan.Vundo) → Quarantined and deleted successfully.
C:\WINDOWS\system32\ysnhiker.dll (Trojan.Vundo) → Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) → Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) → Quarantined and deleted successfully.
C:\WINDOWS\BMa767634d.xml (Trojan.Vundo) → Quarantined and deleted successfully.
C:\WINDOWS\BMa767634d.txt (Trojan.Vundo) → Quarantined and deleted successfully.
I’m getting an error loading c windows\system32\oukahong.dll it says that it could not be found… & I’m not sure what you want me to do next. I’m just don’t know much about this kind of stuff… i thank you for all the help you guys are giving me & being patient with me.
i just have window firewall rite now… i have zonealarm on my laptops. but i just had my desktop restored it was slower than a turtle. & comodo i had to on laptop before an it mess up then i couldn’t get it to delete it so im scared to reinstall it again… but i do like the new websites you have giving me so im going to put it on all of my computers.
Download HiJackThis and post a log here.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:20 PM, on 9/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\AOL\1217305621\ee\AOLSoftware.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
J:\ADD _ REMOVE PROGRAMS\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AOL 9.1\waol.exe
J:\ADD _ REMOVE PROGRAMS\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
J:\LIMEWIRE\LimeWire.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
J:\ADD _ REMOVE PROGRAMS\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\AOL 9.1\shellmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - J:\ADD&RE~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: OIN Analytics - {6B221E01-F517-4959-8C41-81948E7F2F17} - C:\Program Files\OINAnalytics\OINAnalytics.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM..\Run: [UpdateManager] “C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM..\Run: [VTTimer] VTTimer.exe
O4 - HKLM..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..\Run: [masqform.exe] J:\PURE EDGE\masqform.exe -RunOnce
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1217305621\ee\AOLSoftware.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [HP Software Update] J:\ADD _ REMOVE PROGRAMS\HP Software Update\HPWuSchd2.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [InstallerRoutine] “C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ins1A.exe” autostart
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU..\Run: [AOL Fast Start] “C:\Program Files\AOL 9.1\AOL.EXE” -b
O4 - HKUS\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User ‘Default user’)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:20 PM, on 9/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\AOL\1217305621\ee\AOLSoftware.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
J:\ADD _ REMOVE PROGRAMS\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AOL 9.1\waol.exe
J:\ADD _ REMOVE PROGRAMS\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
J:\LIMEWIRE\LimeWire.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
J:\ADD _ REMOVE PROGRAMS\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\AOL 9.1\shellmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - J:\ADD&RE~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: OIN Analytics - {6B221E01-F517-4959-8C41-81948E7F2F17} - C:\Program Files\OINAnalytics\OINAnalytics.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM..\Run: [UpdateManager] “C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM..\Run: [VTTimer] VTTimer.exe
O4 - HKLM..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..\Run: [masqform.exe] J:\PURE EDGE\masqform.exe -RunOnce
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1217305621\ee\AOLSoftware.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [HP Software Update] J:\ADD _ REMOVE PROGRAMS\HP Software Update\HPWuSchd2.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [InstallerRoutine] “C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ins1A.exe” autostart
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU..\Run: [AOL Fast Start] “C:\Program Files\AOL 9.1\AOL.EXE” -b
O4 - HKUS\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User ‘Default user’)
O4 - Startup: LimeWire On Startup.lnk = J:\LIMEWIRE\LimeWire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = J:\ADD _ REMOVE PROGRAMS\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\ADD&RE~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\ADD&RE~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217284052671
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1217520131835&h=fb82c11a9c0ea8a83b4401b0414c2879/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - AppInit_DLLs: zxnqip.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
–
End of file - 9823 bytes
skip the 2nd one it is the same as the 1st reply…
Not really … the second one is more complete.