[Cyberspy]

VUNDO LOG:VundoFix V6.5.4Checking Java version...Java version is 1.5.0.3Old versions of java are exploitable and should be removed.Scan started at 1:15:13 AM 6/29/2007Listing files found while scanning....No infected files were found.HIJACKTHIS LOG (RECENT):C:PROGRA~1ALWILS~1Avast4ashDisp.exeC:Program FilesAlwil SoftwareAvast4aswUpdSv.exeC:Program FilesAlwil SoftwareAvast4ashServ.exeC:Program FilesLogitechG-series SoftwareLCDMon.exeC:Program FilesioloSystem Mechanic Professional 7SMSystemAnalyzer.exeC:Program FilesDeskperienceWeb ReplayWebReplay.exeC:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exeC:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exeC:Program FilesioloSystem Mechanic Professional 7IoloSGCtrl.exeC:WINDOWSsystem32HPZipm12.exeC:WINDOWSSystem32svchost.exeC:Program FilesVentriloVentrilo.exeC:Program FilesInternet Exploreriexplore.exeD:SoftwareWindows ApplicationsSystem ProgramsHIJACKTHISHijackThis.exeR1 - HKLMSoftwareMicrosoftInternet ExplorerMain,DefaultPageURL = http://go.microsoft....?LinkId=69157R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,DefaultSearchURL = http://go.microsoft....?LinkId=54896R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....?LinkId=54896R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft....?LinkId=69157R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dllO4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exeO4 - HKLM..Run: [Launch LGDCore] "C:Program FilesLogitechG-series SoftwareLGDCore.exe" /SHOWHIDEO4 - HKLM..Run: [Launch LCDMon] "C:Program FilesLogitechG-series SoftwareLCDMon.exe"O4 - HKLM..Run: [SMSystemAnalyzer] "C:Program FilesioloSystem Mechanic Professional 7SMSystemAnalyzer.exe"O4 - HKLM..Run: [SystemGuardalerter] C:Program FilesioloSystem Mechanic Professional 7SystemGuardalerter.exeO4 - HKCU..Run: [WebReplayAutoRun] C:Program FilesDeskperienceWeb ReplayWebReplay.exeO4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exeO4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exeO4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exeO9 - Extra button: Web Replay - {3401B8CC-95A4-4dbe-B73F-00E2D23F2B73} - C:Program FilesDeskperienceWeb ReplayShowToolbar.dllO10 - Unknown file in Winsock LSP: c:program filesiolocommonfirewallifwxfilter.dllO10 - Unknown file in Winsock LSP: c:program filesiolocommonfirewallifwxfilter.dllO10 - Unknown file in Winsock LSP: c:program filesiolocommonfirewallifwxfilter.dllO10 - Unknown file in Winsock LSP: c:program filesiolocommonfirewallifwxfilter.dllO10 - Unknown file in Winsock LSP: c:program filesiolocommonfirewallifwxfilter.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....linkid=39204O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaser...Control5.cabO20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:Program FilesLavasoftAd-Aware 2007aawservice.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exeO23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:Program FilesioloCommonLibioloDMVSvc.exeO23 - Service: iolo System Guard (IOLOSRV) - Unknown owner - C:Program FilesioloSystem Mechanic Professional 7IoloSGCtrl.exeO23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe

[Cyberspy]

To show that the IOLO is legit, Ive gone ahead and uninstalled it (the trial version was almost up anyways) lol here is the updated HIJACKTHIS log after uninstalling iolo's system mechanic.Logfile of HijackThis v1.99.1Scan saved at 1:33:43 AM, on 6/29/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32csrss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSExplorer.EXEC:Program FilesLavasoftAd-Aware 2007aawservice.exeC:PROGRA~1ALWILS~1Avast4ashDisp.exeC:Program FilesLogitechG-series SoftwareLCDMon.exeC:Program FilesDeskperienceWeb ReplayWebReplay.exeC:Program FilesAlwil SoftwareAvast4aswUpdSv.exeC:Program FilesSpybot - Search & DestroyTeaTimer.exeC:Program FilesAlwil SoftwareAvast4ashServ.exeC:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exeC:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exeC:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exeC:WINDOWSsystem32HPZipm12.exeC:WINDOWSSystem32svchost.exeC:Program FilesAlwil SoftwareAvast4ashMaiSv.exeC:Program FilesAlwil SoftwareAvast4ashWebSv.exeC:WINDOWSsystem32wuauclt.exeC:WINDOWSSystem32wbemwmiprvse.exeC:WINDOWSsystem32wuauclt.exeD:SoftwareWindows ApplicationsSystem ProgramsHIJACKTHISHijackThis.exeR1 - HKLMSoftwareMicrosoftInternet ExplorerMain,DefaultPageURL = http://go.microsoft....?LinkId=69157R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,DefaultSearchURL = http://go.microsoft....?LinkId=54896R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....?LinkId=54896R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft....?LinkId=69157R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dllO4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exeO4 - HKLM..Run: [Launch LGDCore] "C:Program FilesLogitechG-series SoftwareLGDCore.exe" /SHOWHIDEO4 - HKLM..Run: [Launch LCDMon] "C:Program FilesLogitechG-series SoftwareLCDMon.exe"O4 - HKCU..Run: [WebReplayAutoRun] C:Program FilesDeskperienceWeb ReplayWebReplay.exeO4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exeO4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exeO4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exeO9 - Extra button: Web Replay - {3401B8CC-95A4-4dbe-B73F-00E2D23F2B73} - C:Program FilesDeskperienceWeb ReplayShowToolbar.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....linkid=39204O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaser...Control5.cabO20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dllO20 - Winlogon Notify: pmkhf - C:WINDOWSO20 - Winlogon Notify: WgaLogon - C:WINDOWSO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:Program FilesLavasoftAd-Aware 2007aawservice.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exeO23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe

[Wainui]

Cyberspy.You still have a few bugs. Have HiJackthis remove the following entries :[?] - C:WINDOWSsystem32services.e xe[?] - C:WINDOWSsystem32svchost.ex e[?] - C:WINDOWSsystem32svchost.ex e[?] - C:WINDOWSSystem32svchost.ex e[?] - C:WINDOWSSystem32svchost.ex e[?] - C:WINDOWSSystem32svchost.ex e[?] - C:Program FilesDeskperienceWeb ReplayWebReplay.exe[?] - C:WINDOWSSystem32svchost.ex e[?] - C:WINDOWSsystem32wuauclt.ex e[?] - C:WINDOWSsystem32wuauclt.ex e[?] - O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-00902 7A5CD4F} - c:program filesgooglegoogletoolbar1.dl l[?] - O4 - HKCU..Run: [WebReplayAutoRun] C:Program FilesDeskperienceWeb ReplayWebReplay.exe[?] - O9 - Extra button: Web Replay - {3401B8CC-95A4-4dbe-B73F-00E2D 23F2B73} - C:Program FilesDeskperienceWeb ReplayShowToolbar.dll[?] - O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1 D6F255B} (UMediaPlayer Class) - http://www.umediaserver.net/bi n/UMediaControl5.cab[?] - O20 - Winlogon Notify: pmkhf - C:WINDOWSRestart your computer.Run HJT again and post another log.

[SpiritWind]

{size:18px}[/size]:D Hi Cyberspy : "TeMerc" is one of those experienced, trained Malware-Fighters I spoke about in a previous Post; he has his own site where he advises people with Malware problems. I would encourage you to follow ONLY his Advise when it comes to removing Malware from your computer . On the other hand, I suspect "Wainui" is running your HJT Log through an Online "Analyze" program, and their Results are dubious. Those "[?]" before the line Entries means MAYBE they should be "fixed". The "Vundo Log" you posted implied you have a seriously out-of-date Sun Java program and this would be an equally serious security risk ; however, I saw NO ( Sun ) Java program listed in your HijackThis log. Would be wise to check your "Add or Remove Programs" for a "J2SE Runtime Environment" and if present, uninstall it . The latest version is available at www.java.com .

[Cyberspy]

Alright, I will check into that (meaning the hijackthis log file), and as for the Java update, I will do that also. If anyone has any suggestions on how to fix the add/remove programs section (guessing its something in the registry), so I can uninstall "junk" programs that are in there that would be great. I will be leaving shorty to go out of town for the weekend, so it will be monday (7-2-2007) before I will be around to keep trying and posting here. Thank you again to everyone.

[hissy100]

Give me the names of the programs that don't have uninstall buttons

[Wainui]

Cyberspy,Download and Run {size:18px}LSPFix[/size:faf1337f27]

[TeMerc]

Cyberspy you have some conflicting things in the logs to some degree.First off, the entries posted for removal which were listed thusly:C:WINDOWSSystem32svchost.ex e <<<--note spaceThose entries were buggered up by the forum software and are legit so don't remove them.Disable TeaTimer as it will interfere with any fixes we make. Disable TeaTimer by doing the following:list:0f5976a9e6][:0f5976a9e6] Run Spybot-S&D[:0f5976a9e6] Go to the Mode menu, and make sure Advanced Mode is selected[:0f5976a9e6] On the left hand side, choose Tools -> Resident[:0f5976a9e6] Uncheck Resident TeaTimer and OK any prompts[/list:u:0f5976a9e6]You can reenable TeaTimer once your system is clean.Also disable any 'active' protection afforded by SAS, I'm not familiar with how to do so. It may also interfere with fixes.Open Hijackthis, select the [Do a system scan only] button and look over the following entries I have listed, check the boxes [] next to them and press the [Fix Checked] button. When you are doing this, make sure you have No IE windows, nor any other browsers open, including this one. Reboot if I have specified below, and post a fresh {color:blue}HijackThis {color}log.R1 - HKLMSoftwareMicrosoftIntern et ExplorerMain,DefaultPageURL = http://go.microsoft.com/fwlink /?LinkId=69157 R1 - HKLMSoftwareMicrosoftIntern et ExplorerMain,DefaultSearchU RL = http://go.microsoft.com/fwlink /?LinkId=54896 R1 - HKLMSoftwareMicrosoftIntern et ExplorerMain,Search Page = http://go.microsoft.com/fwlink /?LinkId=54896 R0 - HKLMSoftwareMicrosoftIntern et ExplorerMain,Start Page = http://go.microsoft.com/fwlink /?LinkId=69157 R0 - HKCUSoftwareMicrosoftIntern et ExplorerMain,Local Page = R0 - HKLMSoftwareMicrosoftIntern et ExplorerMain,Local Page = Reboot, run HJT, if the above are gone, no need to repost with new log. However, I'd like to have you run another system info tool to double check, I'm not liking the conflicting logs.download [{color:blue}ComboScan{color} to your desktop. {color:blue}Alternate download link{color}Close all applications and windows. [list] A folder, C:ComboScan, will also open. In it will be another text file, Supplementary.txt.Please attach Supplementary.txt to your post.Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.This tool will also run HJT again as well.

[SpiritWind]

{size:18px}[/size]:D Hi Cyberspy & TeMerc : The FREE version of SUPERAntiSpyware has a "Service" running in the background; some recommend "disabling" this "Service" by clicking on "Preferences" on its GUI, then unchecking the box "Show SUPERAntiSpyware icon in system tray" . However, when a new "version" is released, it is necessary to put a checkmark in this box to most easily do a PROGRAM Update .

[totallydude]

I have been having the same latter predicaments. Can anyone help me as well?

[TERMINALCON]

Reg Cleaner is free and its works ,way better than anything bill can come up with ifyou use Reg Cleaner you wont have any of those stupid windows problems If you ever have doubt just Google it .David A. TERMINAL CONNECTION 8)

[Cyberspy]

sorry its taken so long for me to reply back, ive been very busy and this is the first chance ive had to get back to this problem. Im still having an issue with Windows add/remove programs showing programs that are installed, but not giving me the option to uninstall them. The main program im trying to uninstall is Adobe Photoshop, there is no uninstaller for this program, and when I insert the cd, it does not offer an uninstaller either. I have thrown together a quick webpage with screen shots on it so everyone can see exactly what im looking at. I have screen shots of windows add/remove programs, a few 3rd party programs that I have run, and also the error message im getting from the adobe cd. link is http://evpager.com/help/I have also posted this in the windows section of this forum, i wasnt sure if this still falls under the security section or not, so I apologize if I wasnt suppose to do that...any help would be greatly appreciated. Thanks in advanced.