Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Member
    Join Date
    Dec 2007
    Posts
    8
    Points
    0

    Default Pop-ups, slow computer

    Hi (and happy new year!),

    I am using a Dell Latitude D410 and running Windows XP. I have run all programs and updates suggested by your Spyware article.

    The main symptoms I have are:
    Pop-ups (but only in Internet Explorer, which I sometimes have to use, my default browser is Mozilla Firefox)

    Slow running computer

    A few icons on my desktop I can't remove (Click, ATF-Cleaner)

    I am attaching my Hijack this log below.

    Thank you for any help you can provide.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:11:21 AM, on 1/4/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\basfipm.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    O23 - Service: WLANKEEPER - Unknown owner - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (file missing)

    --
    End of file - 3628 bytes

  2. #2
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Hi

    It looks like there is a problem with the HJT program you used. Log is to short.

    Please delete your current HJT program folder.

    Down load the program again. But before you run the "exe"
    I want you to change the name from:

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    To:

    C:\Program Files\Trend Micro\HijackThis\Problems.exe

    Post a new HJT log.

    BG

  3. #3
    Member
    Join Date
    Dec 2007
    Posts
    8
    Points
    0

    Default Second log

    Deleted, downloaded, scanned and saved

    I am also getting warning from Sophus about hxxvsyqk.exe belonging to "troj/virtun-gen

    Hopefully this helps. Thanks!


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:59:19 PM, on 1/6/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\basfipm.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Trend Micro\HijackThis\Problems.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...p://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: {23e67248-6e15-155a-2474-3d58185f8657} - {7568f581-85d3-4742-a551-51e684276e32} - C:\WINDOWS\system32\xnfyeeyw.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {D75D5BB3-BE34-419C-8A62-1B5E9C5AAFE4} - C:\WINDOWS\system32\vturs.dll
    O2 - BHO: (no name) - {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} - C:\WINDOWS\system32\nnnonkh.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [388be01b] rundll32.exe "C:\WINDOWS\system32\pcnqlsid.dll",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Avi Player] "C:\Program Files\Avi Player\AviPlayer.exe" hmw
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O15 - Trusted Zone: http://*.ajilonprofinder.com
    O15 - Trusted Zone: http://www.lsac.org
    O15 - Trusted Zone: http://*.lsac.org
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
    O20 - Winlogon Notify: hgghebc - hgghebc.dll (file missing)
    O20 - Winlogon Notify: nnnonkh - C:\WINDOWS\SYSTEM32\nnnonkh.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    O23 - Service: WLANKEEPER - Unknown owner - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (file missing)

    --
    End of file - 8652 bytes

  4. #4
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Please download VundoFix.exe to your desktop.
    1. Double-click VundoFix.exe to run it.
    2. When VundoFix re-opens, click the Scan for Vundo button.
    3. Once it's done scanning, click the Remove Vundo button.
    4. You will receive a prompt asking if you want to remove the files, click "YES".
    5. Once you click yes, your desktop will go blank as it starts removing Vundo.
    6. When completed, it will prompt that it will reboot your computer, click "OK".

    7. Please post the contents of C:\vundofix.txt and a new HiJackThis log.

    If vundofix cannot delete a file, it will try to delete it during a reboot, after the reboot vundofix will open again, you must run vundofix again, from "Click the Scan for Vundo button" ... and you must keep running vundofix untill it does delete the file... I've known a stubborn vundo file take 5 or 6 reboots before it is deleted...

    BG

  5. #5
    Member
    Join Date
    Dec 2007
    Posts
    8
    Points
    0

    Default vundofix

    Hi again.

    Tried to download this and my computer first wouldn't let me save it saying it was protected.

    When I finally got i to save to my desk top I can't run it. The warning "not a valid Win32 application" message comes up.

    Any suggestions?

  6. #6
    Member
    Join Date
    Dec 2007
    Posts
    8
    Points
    0

    Default

    nevermind, got it to work. I'll update after I run it

  7. #7
    Member
    Join Date
    Dec 2007
    Posts
    8
    Points
    0

    Default Hijack log and Vundofix

    hello,

    I ran Vundo fix until it said there were no files for deletion. Still getting popups and same problems as before, but my computer is running faster so that helps! The only real problem is "nnnonkh.dll" I tried over 10x to get vondufix to delete it, but it was just unable to.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:53:02 PM, on 1/7/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\basfipm.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Trend Micro\HijackThis\Problems.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...p://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1666528D-BC0B-4BD2-9EDF-FECBFAB5B19F} - C:\WINDOWS\system32\pmkji.dll (file missing)
    O2 - BHO: (no name) - {1D331B69-5C4C-4DB9-8C3D-0CA74BCA54E8} - C:\WINDOWS\system32\gebyx.dll (file missing)
    O2 - BHO: (no name) - {2CA8D4C7-4E2A-408B-9790-FF5FE530157D} - C:\WINDOWS\system32\ssqrr.dll (file missing)
    O2 - BHO: (no name) - {4DE48F64-2781-4725-9296-BDB2D75F9886} - C:\WINDOWS\system32\pmkjg.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: {23e67248-6e15-155a-2474-3d58185f8657} - {7568f581-85d3-4742-a551-51e684276e32} - C:\WINDOWS\system32\xnfyeeyw.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {DE61433D-3D30-4121-81A1-7585C5924D69} - C:\WINDOWS\system32\vturs.dll (file missing)
    O2 - BHO: (no name) - {EEB2B1AE-AE32-44EA-94F7-613CA9291921} - C:\WINDOWS\system32\vtstu.dll (file missing)
    O2 - BHO: (no name) - {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} - C:\WINDOWS\system32\nnnonkh.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [388be01b] rundll32.exe "C:\WINDOWS\system32\pcnqlsid.dll",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Avi Player] "C:\Program Files\Avi Player\AviPlayer.exe" hmw
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O15 - Trusted Zone: http://*.ajilonprofinder.com
    O15 - Trusted Zone: http://www.lsac.org
    O15 - Trusted Zone: http://*.lsac.org
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
    O20 - Winlogon Notify: hgghebc - hgghebc.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    O23 - Service: WLANKEEPER - Unknown owner - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (file missing)

    --
    End of file - 9219 bytes




    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 6:59:25 PM 1/7/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\awfksdvx.dll
    C:\WINDOWS\system32\bcuvbfpq.dll
    C:\WINDOWS\system32\dislqncp.ini
    C:\WINDOWS\system32\ftxmjemw.dll
    C:\WINDOWS\system32\hgghebc.dll
    C:\WINDOWS\system32\hxxvsyqk.exe
    C:\WINDOWS\system32\jokndprj.dll
    C:\WINDOWS\system32\kldhscjg.dll
    C:\WINDOWS\system32\mdhcmdda.dll
    C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\pcnqlsid.dll
    C:\WINDOWS\system32\qpfbvucb.ini
    C:\WINDOWS\system32\qudpfmpx.dll
    C:\WINDOWS\system32\ruiekgus.dll
    C:\WINDOWS\system32\swulkwre.dll
    C:\WINDOWS\system32\uhwsougn.dll
    C:\WINDOWS\system32\uqkrlcfk.dll
    C:\WINDOWS\system32\vturs.dll
    C:\WINDOWS\system32\wpehlnbs.dll
    C:\WINDOWS\system32\xbwmdfdq.dll
    C:\WINDOWS\system32\xjibdslx.dll
    C:\WINDOWS\system32\ylpfloqq.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awfksdvx.dll
    C:\WINDOWS\system32\awfksdvx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bcuvbfpq.dll
    C:\WINDOWS\system32\bcuvbfpq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dislqncp.ini
    C:\WINDOWS\system32\dislqncp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ftxmjemw.dll
    C:\WINDOWS\system32\ftxmjemw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hxxvsyqk.exe
    C:\WINDOWS\system32\hxxvsyqk.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jokndprj.dll
    C:\WINDOWS\system32\jokndprj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kldhscjg.dll
    C:\WINDOWS\system32\kldhscjg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mdhcmdda.dll
    C:\WINDOWS\system32\mdhcmdda.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\pcnqlsid.dll
    C:\WINDOWS\system32\pcnqlsid.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qpfbvucb.ini
    C:\WINDOWS\system32\qpfbvucb.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qudpfmpx.dll
    C:\WINDOWS\system32\qudpfmpx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ruiekgus.dll
    C:\WINDOWS\system32\ruiekgus.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\swulkwre.dll
    C:\WINDOWS\system32\swulkwre.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uhwsougn.dll
    C:\WINDOWS\system32\uhwsougn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uqkrlcfk.dll
    C:\WINDOWS\system32\uqkrlcfk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vturs.dll
    C:\WINDOWS\system32\vturs.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wpehlnbs.dll
    C:\WINDOWS\system32\wpehlnbs.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xbwmdfdq.dll
    C:\WINDOWS\system32\xbwmdfdq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xjibdslx.dll
    C:\WINDOWS\system32\xjibdslx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ylpfloqq.dll
    C:\WINDOWS\system32\ylpfloqq.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 7:28:48 PM 1/7/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\ijkmp.ini
    C:\WINDOWS\system32\ijkmp.ini2
    C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\pmkji.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ijkmp.ini
    C:\WINDOWS\system32\ijkmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ijkmp.ini2
    C:\WINDOWS\system32\ijkmp.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\pmkji.dll
    C:\WINDOWS\system32\pmkji.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ijkmp.ini
    C:\WINDOWS\system32\ijkmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ijkmp.ini2
    C:\WINDOWS\system32\ijkmp.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\pmkji.dll
    C:\WINDOWS\system32\pmkji.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 7:57:20 PM 1/7/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\gebyx.dll
    C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\xybeg.ini
    C:\WINDOWS\system32\xybeg.ini2

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebyx.dll
    C:\WINDOWS\system32\gebyx.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\xybeg.ini
    C:\WINDOWS\system32\xybeg.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xybeg.ini2
    C:\WINDOWS\system32\xybeg.ini2 Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebyx.dll
    C:\WINDOWS\system32\gebyx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\xybeg.ini
    C:\WINDOWS\system32\xybeg.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xybeg.ini2
    C:\WINDOWS\system32\xybeg.ini2 Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 8:31:14 PM 1/7/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\rrqss.ini
    C:\WINDOWS\system32\rrqss.ini2
    C:\WINDOWS\system32\ssqrr.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\rrqss.ini
    C:\WINDOWS\system32\rrqss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rrqss.ini2
    C:\WINDOWS\system32\rrqss.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqrr.dll
    C:\WINDOWS\system32\ssqrr.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\rrqss.ini
    C:\WINDOWS\system32\rrqss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rrqss.ini2
    C:\WINDOWS\system32\rrqss.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqrr.dll
    C:\WINDOWS\system32\ssqrr.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 9:15:21 PM 1/7/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\nnnonkh.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 9:51:00 PM 1/7/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\gjkmp.ini
    C:\WINDOWS\system32\gjkmp.ini2
    C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\pmkjg.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gjkmp.ini
    C:\WINDOWS\system32\gjkmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjkmp.ini2
    C:\WINDOWS\system32\gjkmp.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\pmkjg.dll
    C:\WINDOWS\system32\pmkjg.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gjkmp.ini
    C:\WINDOWS\system32\gjkmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjkmp.ini2
    C:\WINDOWS\system32\gjkmp.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\pmkjg.dll
    C:\WINDOWS\system32\pmkjg.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 10:27:36 PM 1/7/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\utstv.ini
    C:\WINDOWS\system32\utstv.ini2
    C:\WINDOWS\system32\vtstu.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\utstv.ini
    C:\WINDOWS\system32\utstv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\utstv.ini2
    C:\WINDOWS\system32\utstv.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtstu.dll
    C:\WINDOWS\system32\vtstu.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

  8. #8
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    I always like to try the simple way first to delete problem files.

    Re boot the PC by tapping F8 during start up. Select safe mode.

    Find and try to delete:

    C:\WINDOWS\system32\nnnonkh.dll ....file

    Re boot the PC and then do a "search" for C:\WINDOWS\system32\nnnonkh.dll

    Is it still there?

    Please let us know.

    BG

  9. #9
    Member
    Join Date
    Dec 2007
    Posts
    8
    Points
    0

    Default Hijack and Vundo

    Hello again,

    After following your instructions Vundo is not bringing up any files to be cleaned. I am still getting popups but my computer is starting much faster. Below you'll find my logs again. Thank your help thus far!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:08:29 AM, on 1/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\basfipm.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\mrofinu572.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    C:\Program Files\Router\Router.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\WINDOWS\TEMP\sophos_autoupdate1.dir\alupdate.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Trend Micro\HijackThis\Problems.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...p://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    O2 - BHO: (no name) - {00D91238-CA07-4ECA-BA1E-71EBF447F86E} - C:\WINDOWS\system32\ssqpo.dll (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1666528D-BC0B-4BD2-9EDF-FECBFAB5B19F} - C:\WINDOWS\system32\pmkji.dll (file missing)
    O2 - BHO: (no name) - {1D331B69-5C4C-4DB9-8C3D-0CA74BCA54E8} - C:\WINDOWS\system32\gebyx.dll (file missing)
    O2 - BHO: (no name) - {2CA8D4C7-4E2A-408B-9790-FF5FE530157D} - C:\WINDOWS\system32\ssqrr.dll (file missing)
    O2 - BHO: (no name) - {2FCFE852-D376-4722-BFAC-DE2814D631A2} - C:\WINDOWS\system32\ddcyv.dll (file missing)
    O2 - BHO: (no name) - {3F70FF5B-A70F-4008-9237-C4FA571D4EF9} - C:\WINDOWS\system32\awtsq.dll (file missing)
    O2 - BHO: (no name) - {4DE48F64-2781-4725-9296-BDB2D75F9886} - C:\WINDOWS\system32\pmkjg.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {774CC714-12AF-4EB2-A3CD-57D455524C9A} - C:\WINDOWS\system32\geedb.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: {07498d08-f08e-d86b-5584-ec42e10695ab} - {ba59601e-24ce-4855-b68d-e80f80d89470} - C:\WINDOWS\system32\sdioruju.dll
    O2 - BHO: (no name) - {BBC1D0E4-6020-423D-A8E2-F56B82568F5D} - C:\WINDOWS\system32\vtuts.dll (file missing)
    O2 - BHO: (no name) - {D24AB872-5361-4975-B9DC-A35FAD1C5073} - C:\WINDOWS\system32\pmnll.dll (file missing)
    O2 - BHO: (no name) - {DE61433D-3D30-4121-81A1-7585C5924D69} - C:\WINDOWS\system32\vturs.dll (file missing)
    O2 - BHO: (no name) - {EEB2B1AE-AE32-44EA-94F7-613CA9291921} - C:\WINDOWS\system32\vtstu.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [388be01b] rundll32.exe "C:\WINDOWS\system32\rimmsass.dll",b
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E728F9FC17D446BC57D5375FB0FB68AD6
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Avi Player] "C:\Program Files\Avi Player\AviPlayer.exe" hmw
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O15 - Trusted Zone: http://*.ajilonprofinder.com
    O15 - Trusted Zone: http://www.lsac.org
    O15 - Trusted Zone: http://*.lsac.org
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
    O20 - Winlogon Notify: hgghebc - hgghebc.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    O23 - Service: WLANKEEPER - Unknown owner - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (file missing)

    --
    End of file - 10289 bytes



    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 6:59:25 PM 1/7/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\awfksdvx.dll
    C:\WINDOWS\system32\bcuvbfpq.dll
    C:\WINDOWS\system32\dislqncp.ini
    C:\WINDOWS\system32\ftxmjemw.dll
    C:\WINDOWS\system32\hgghebc.dll
    C:\WINDOWS\system32\hxxvsyqk.exe
    C:\WINDOWS\system32\jokndprj.dll
    C:\WINDOWS\system32\kldhscjg.dll
    C:\WINDOWS\system32\mdhcmdda.dll
    C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\pcnqlsid.dll
    C:\WINDOWS\system32\qpfbvucb.ini
    C:\WINDOWS\system32\qudpfmpx.dll
    C:\WINDOWS\system32\ruiekgus.dll
    C:\WINDOWS\system32\swulkwre.dll
    C:\WINDOWS\system32\uhwsougn.dll
    C:\WINDOWS\system32\uqkrlcfk.dll
    C:\WINDOWS\system32\vturs.dll
    C:\WINDOWS\system32\wpehlnbs.dll
    C:\WINDOWS\system32\xbwmdfdq.dll
    C:\WINDOWS\system32\xjibdslx.dll
    C:\WINDOWS\system32\ylpfloqq.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awfksdvx.dll
    C:\WINDOWS\system32\awfksdvx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bcuvbfpq.dll
    C:\WINDOWS\system32\bcuvbfpq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dislqncp.ini
    C:\WINDOWS\system32\dislqncp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ftxmjemw.dll
    C:\WINDOWS\system32\ftxmjemw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hxxvsyqk.exe
    C:\WINDOWS\system32\hxxvsyqk.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jokndprj.dll
    C:\WINDOWS\system32\jokndprj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kldhscjg.dll
    C:\WINDOWS\system32\kldhscjg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mdhcmdda.dll
    C:\WINDOWS\system32\mdhcmdda.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\pcnqlsid.dll
    C:\WINDOWS\system32\pcnqlsid.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qpfbvucb.ini
    C:\WINDOWS\system32\qpfbvucb.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qudpfmpx.dll
    C:\WINDOWS\system32\qudpfmpx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ruiekgus.dll
    C:\WINDOWS\system32\ruiekgus.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\swulkwre.dll
    C:\WINDOWS\system32\swulkwre.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uhwsougn.dll
    C:\WINDOWS\system32\uhwsougn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uqkrlcfk.dll
    C:\WINDOWS\system32\uqkrlcfk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vturs.dll
    C:\WINDOWS\system32\vturs.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wpehlnbs.dll
    C:\WINDOWS\system32\wpehlnbs.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xbwmdfdq.dll
    C:\WINDOWS\system32\xbwmdfdq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xjibdslx.dll
    C:\WINDOWS\system32\xjibdslx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ylpfloqq.dll
    C:\WINDOWS\system32\ylpfloqq.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 7:28:48 PM 1/7/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\ijkmp.ini
    C:\WINDOWS\system32\ijkmp.ini2
    C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\pmkji.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ijkmp.ini
    C:\WINDOWS\system32\ijkmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ijkmp.ini2
    C:\WINDOWS\system32\ijkmp.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\pmkji.dll
    C:\WINDOWS\system32\pmkji.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ijkmp.ini
    C:\WINDOWS\system32\ijkmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ijkmp.ini2
    C:\WINDOWS\system32\ijkmp.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\pmkji.dll
    C:\WINDOWS\system32\pmkji.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 7:57:20 PM 1/7/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\gebyx.dll
    C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\xybeg.ini
    C:\WINDOWS\system32\xybeg.ini2

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebyx.dll
    C:\WINDOWS\system32\gebyx.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\xybeg.ini
    C:\WINDOWS\system32\xybeg.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xybeg.ini2
    C:\WINDOWS\system32\xybeg.ini2 Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebyx.dll
    C:\WINDOWS\system32\gebyx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\xybeg.ini
    C:\WINDOWS\system32\xybeg.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xybeg.ini2
    C:\WINDOWS\system32\xybeg.ini2 Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 8:31:14 PM 1/7/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\rrqss.ini
    C:\WINDOWS\system32\rrqss.ini2
    C:\WINDOWS\system32\ssqrr.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\rrqss.ini
    C:\WINDOWS\system32\rrqss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rrqss.ini2
    C:\WINDOWS\system32\rrqss.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqrr.dll
    C:\WINDOWS\system32\ssqrr.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\rrqss.ini
    C:\WINDOWS\system32\rrqss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rrqss.ini2
    C:\WINDOWS\system32\rrqss.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqrr.dll
    C:\WINDOWS\system32\ssqrr.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 9:15:21 PM 1/7/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\nnnonkh.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 9:51:00 PM 1/7/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\gjkmp.ini
    C:\WINDOWS\system32\gjkmp.ini2
    C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\pmkjg.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gjkmp.ini
    C:\WINDOWS\system32\gjkmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjkmp.ini2
    C:\WINDOWS\system32\gjkmp.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\pmkjg.dll
    C:\WINDOWS\system32\pmkjg.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gjkmp.ini
    C:\WINDOWS\system32\gjkmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjkmp.ini2
    C:\WINDOWS\system32\gjkmp.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\pmkjg.dll
    C:\WINDOWS\system32\pmkjg.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 10:27:36 PM 1/7/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\utstv.ini
    C:\WINDOWS\system32\utstv.ini2
    C:\WINDOWS\system32\vtstu.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\utstv.ini
    C:\WINDOWS\system32\utstv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\utstv.ini2
    C:\WINDOWS\system32\utstv.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtstu.dll
    C:\WINDOWS\system32\vtstu.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 6:59:07 AM 1/8/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\stutv.ini
    C:\WINDOWS\system32\stutv.ini2
    C:\WINDOWS\system32\vtuts.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\stutv.ini
    C:\WINDOWS\system32\stutv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\stutv.ini2
    C:\WINDOWS\system32\stutv.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtuts.dll
    C:\WINDOWS\system32\vtuts.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 7:24:47 AM 1/8/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\stutv.ini
    C:\WINDOWS\system32\stutv.ini2
    C:\WINDOWS\system32\vtuts.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\stutv.ini
    C:\WINDOWS\system32\stutv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\stutv.ini2
    C:\WINDOWS\system32\stutv.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtuts.dll
    C:\WINDOWS\system32\vtuts.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 8:36:24 AM 1/8/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\awtsq.dll
    C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\qstwa.ini
    C:\WINDOWS\system32\qstwa.ini2

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awtsq.dll
    C:\WINDOWS\system32\awtsq.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\qstwa.ini
    C:\WINDOWS\system32\qstwa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qstwa.ini2
    C:\WINDOWS\system32\qstwa.ini2 Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awtsq.dll
    C:\WINDOWS\system32\awtsq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\qstwa.ini
    C:\WINDOWS\system32\qstwa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qstwa.ini2
    C:\WINDOWS\system32\qstwa.ini2 Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 4:50:17 PM 1/8/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\opqss.ini
    C:\WINDOWS\system32\opqss.ini2
    C:\WINDOWS\system32\ssqpo.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\opqss.ini
    C:\WINDOWS\system32\opqss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\opqss.ini2
    C:\WINDOWS\system32\opqss.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqpo.dll
    C:\WINDOWS\system32\ssqpo.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nnnonkh.dll
    C:\WINDOWS\system32\nnnonkh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\opqss.ini
    C:\WINDOWS\system32\opqss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\opqss.ini2
    C:\WINDOWS\system32\opqss.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqpo.dll
    C:\WINDOWS\system32\ssqpo.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 9:20:21 PM 1/9/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\bdeeg.ini
    C:\WINDOWS\system32\bdeeg.ini2
    C:\WINDOWS\system32\geedb.dll
    C:\WINDOWS\system32\qnrexxmj.exe
    C:\WINDOWS\system32\qommljg.dll
    C:\WINDOWS\system32\rimmsass.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\bdeeg.ini
    C:\WINDOWS\system32\bdeeg.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bdeeg.ini2
    C:\WINDOWS\system32\bdeeg.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\geedb.dll
    C:\WINDOWS\system32\geedb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qnrexxmj.exe
    C:\WINDOWS\system32\qnrexxmj.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qommljg.dll
    C:\WINDOWS\system32\qommljg.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\rimmsass.dll
    C:\WINDOWS\system32\rimmsass.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 9:49:29 PM 1/9/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\llnmp.ini
    C:\WINDOWS\system32\llnmp.ini2
    C:\WINDOWS\system32\pmnll.dll
    C:\WINDOWS\system32\qommljg.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\llnmp.ini
    C:\WINDOWS\system32\llnmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\llnmp.ini2
    C:\WINDOWS\system32\llnmp.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnll.dll
    C:\WINDOWS\system32\pmnll.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qommljg.dll
    C:\WINDOWS\system32\qommljg.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\qommljg.dll
    C:\WINDOWS\system32\qommljg.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 6:23:47 PM 1/10/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\ddcyv.dll
    C:\WINDOWS\system32\qommljg.dll
    C:\WINDOWS\system32\vycdd.ini
    C:\WINDOWS\system32\vycdd.ini2

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ddcyv.dll
    C:\WINDOWS\system32\ddcyv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qommljg.dll
    C:\WINDOWS\system32\qommljg.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\vycdd.ini
    C:\WINDOWS\system32\vycdd.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vycdd.ini2
    C:\WINDOWS\system32\vycdd.ini2 Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\qommljg.dll
    C:\WINDOWS\system32\qommljg.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 7:18:15 PM 1/10/2008

    Listing files found while scanning....

    No infected files were found.


    (hurray!)

  10. #10
    Member
    Join Date
    Dec 2007
    Posts
    8
    Points
    0

    Default

    Pop-ups continue and now my computer is saying (only once in a while) that it doesn't have enough memory and it tries to compress files to make room.

Page 1 of 2 12 LastLast