Solve : Hijack logfile part 1and part 2?

1.	Solve : Hijack logfile part 1and part 2?
Answer» log file is too big I had to put it in 2 messages I have AVG antivirus and use Windows Firewall everytime I log on the computer I find like 10 viruses Whats the next step? Thanks in advance Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:52:47 PM, on 11/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\USB FlashDisk\UFD Utility 2003\ufdlmon.exe C:\Program Files\USB FlashDisk\UFD Utility 2003\UFDTool.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\PROGRA~1\Grisoft\AVG7\avgw.exe c:\program files\common files\installshield\updateservice\isuspm.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {0255f062-2513-4740-b02c-b59480c91538} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {099FDF61-2801-40D2-B678-CF72E7C95529} - (no file) O2 - BHO: (no name) - {36D388C0-445E-4F50-B5B6-77C838430EED} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7B58A8E2-BA17-4561-BC9E-76C0055867F0} - (no file) O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\mrtisino.dll (file missing) O2 - BHO: (no name) - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - (no file) O2 - BHO: (no name) - {8D379397-86C9-400B-24BF-9BE4C10F9AF3} - C:\Program Files\Windows Plus\lavu387.dll (file missing) O2 - BHO: (no name) - {93884D92-A5FE-4254-B82B-023CF36B0AFF} - (no file) O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {ACF67FCF-E842-4584-8743-182141E396D6} - \ O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {B63149A7-0699-497B-B0C8-A77BEAB5F4C6} - (no file) O2 - BHO: (no name) - {BFF0C184-49DE-4D2A-A332-A02D028FB142} - (no file) O2 - BHO: (no name) - {C2EFFF71-6BA0-46EB-B6B2-F78D039100A6} - (no file) O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - C:\WINDOWS\system32\urqrpon.dll (file missing) O2 - BHO: (no name) - {C4FC47A6-5997-4B93-B279-C82BD058B991} - (no file) O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll O2 - BHO: (no name) - {D8684225-C586-4D61-A32C-D03457DBE6B0} - C:\WINDOWS\system32\mllmj.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Broadcom WIRELESS Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [ShowLOMControl] O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [UFD Monitor9382] C:\Program Files\USB FlashDisk\UFD Utility 2003\ufdlmon.exe O4 - HKLM\..\Run: [UFD Utility9382] C:\Program Files\USB FlashDisk\UFD Utility 2003\UFDTool.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\nmarhiff.dll",sitypnow O4 - HKLM\..\Run: [b834324b] rundll32.exe "C:\WINDOWS\system32\onfofdwt.dll",b O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: urqrpon - urqrpon.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\abwbrivq.exe (file missing) O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Plus\profsy.html -- End of file - 12027 bytesHello... Download ViewpointKiller * Unzip the program and all of the contents of ViewpointKiller.zip to a location such as your desktop. * Double click the ViewpointKiller icon to run ViewpointKiller.exe. Select the "File" menu, and select "Check to see if you have Viewpoint installed". * If ViewpointKiller indicates that any of the Viewpoint variants are installed, select the proper "Kill" OPTION in the File menu. Follow the prompts and instructions very carefully, answering "Yes" or "No" depending on which option you are most comfortable with. The MsConfig instructions are very important, so be sure to read them carefully. * When ViewpointKiller is done a log will be shown. Please add that log as an attachment in the next post. NOTE: When done with ViewpointKiller, simply right click and delete all files that were unzipped. Then attach a new HijackThis log also please. How to attach logs in a post Save the log to somewhere you can easily find it. (usually the desktop) To do this, from within the notepad go to the top of the page and select "File" > "Save As..." enter the file name and click "Save" Be sure the desktop is the location selected to save to. Please save all files as Text Documents (.txt) Posting the log 1. Below the text box click "Additional Options..." * If replying in a thread, before putting text into the reply box select "Preview" 2. Scroll down and select "Additional Options..." 3. Click "Browse" 4. Locate the file you want to attach and double click it to enter it into the window. 5. If you have more than one log click "(more attachments)" and a new window will open for adding another log. * You will need to enter a message in the text box as well. Attached are the log files for Viewpoint - had difficulty - but I think I got it to work and the Hijack post viewpoint killer log file [saving disk space - old attachment deleted by admin]Open HijackThis and select "Do a system scan only" Place a check mark next to: O2 - BHO: (no name) - {0255f062-2513-4740-b02c-b59480c91538} - (no file) O2 - BHO: (no name) - {099FDF61-2801-40D2-B678-CF72E7C95529} - (no file) O2 - BHO: (no name) - {36D388C0-445E-4F50-B5B6-77C838430EED} - (no file) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing) O2 - BHO: (no name) - {7B58A8E2-BA17-4561-BC9E-76C0055867F0} - (no file) O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\mrtisino.dll (file missing) O2 - BHO: (no name) - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - (no file) O2 - BHO: (no name) - {8D379397-86C9-400B-24BF-9BE4C10F9AF3} - C:\Program Files\Windows Plus\lavu387.dll (file missing) O2 - BHO: (no name) - {93884D92-A5FE-4254-B82B-023CF36B0AFF} - (no file) O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file) O2 - BHO: (no name) - {ACF67FCF-E842-4584-8743-182141E396D6} - \ O2 - BHO: (no name) - {B63149A7-0699-497B-B0C8-A77BEAB5F4C6} - (no file) O2 - BHO: (no name) - {BFF0C184-49DE-4D2A-A332-A02D028FB142} - (no file) O2 - BHO: (no name) - {C2EFFF71-6BA0-46EB-B6B2-F78D039100A6} - (no file) O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - C:\WINDOWS\system32\urqrpon.dll (file missing)O2 - BHO: (no name) - {C4FC47A6-5997-4B93-B279-C82BD058B991} - (no file) O2 - BHO: (no name) - {D8684225-C586-4D61-A32C-D03457DBE6B0} - C:\WINDOWS\system32\mllmj.dll (file missing) O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file) O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - Global Startup: Digital Line Detect.lnk = ? O20 - Winlogon Notify: urqrpon - urqrpon.dll (file missing) O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\abwbrivq.exe (file missing) O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Plus\profsy.html Close all windows and click "Fix checked" Exit HijackThis Go to C:\Program Files\Windows Plus\profsy.html and delete if found: (the part in red) === Please download Vundofix.exe to your desktop. * Double-click VundoFix.exe to run it. * Put a check next to Run VundoFix as a task. * You will receive a message saying vundofix will close and re-open in a minute or less. Click OK * When VundoFix re-opens, click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will shutdown your computer, click OK. * Turn your computer back on. * Please post the contents of C:\vundofix.txt and a new HiJackThis log. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot. Please let Vundo finish, sometimes it can take multiple passes Next Post Attach: vundofix.txt New HijackThis log Also, how is the computer now?So I ran Vundo fix - was not able to acess the txt file I attached the Hijack file. I am still getting and error at startup: ERROR loading C:\WINDOWS\system32\onfofdwt.dll The specified module could not be found. Also I ran the Vudo scan 2 x no errors were found the second time. After this resolves is there a way to get the computer to run faster besides the obvious maintence(defrag, compress files) Thanks [saving disk space - old attachment deleted by admin]Can you get to it by GOING to C:\vundofix.txt If so please attach it.Got it [saving disk space - old attachment deleted by admin]Right click and delete the HijackThis shortcut on the desktop (or wherever it is) We need to rename it. Un-hide protected system files. To enable the viewing of Hidden files follow these steps: 1. Close all programs so that you are at your desktop. 2. Double-click on the My Computer icon. 3. Select the Tools menu and click Folder Options. 4. After the new window appears select the View tab. 5. Put a checkmark in the checkbox labeled Display the contents of system folders. 6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. 7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types. 8. Remove the checkmark from the checkbox labeled Hide protected operating system files. 9. Press the Apply button and then the OK button and close My Computer. Next go to C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <--Right click HijackThis.exe and rename it analyze.exe Right click the new analyze.exe and create a new shortcut on the desktop. Re-hide protected files ===== Go to add/remove programs and uninstall Java version is 1.4.2.3 Reboot the computer. ===== Please download ATF Cleaner by Atribune. ATF Cleaner.exe This program does not require an installation. The executable actually runs the program. NOTE: ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first. * Double-click ATF-Cleaner.exe to run the program. * Under Main choose: Select All * Click the Empty Selected button. If you use Firefox browser * Click Firefox at the top and choose: Select All * Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser * Click Opera at the top and choose: Select All * Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main ATF Cleaner menu to close the program. ===== Online Virus Scan Requires Internet Explorer Use the ESET Nod32 Online Scanner Click YES, I accept the Terms of Use. Then click Start The scan report is saved by default in C:\Program Files\EsetOnlineScanner\log.txt Add the EsetOnlineScanner\log.txt in your post as an Attachment ===== Next post attach EsetOnlineScanner log New Renamed HijackThis log ===== The onfofdwt.dll is something I am looking into. Is there any reason for your USB FlashDisk (ufdlmon.exe and UFDTool.exe) need to be autoloading at startup? I deleted Java and also the Java(TM)6 update 3 I could not run online virus scan you suggested but my browser is not supported I should have told you to keep the Java 6 Update 3, sorry. Download the latest version of Java Runtime Environment (JRE) 6 * Click the Free Java Download button. * Click the Download Now button. * When the Software Installation dialog box opens. Click on the Install Now button. * Follow the prompts to complete installation. You have to run the Online Scan with Internet Explorer, but, I think we should run SUPERAntiSpyware. First though..... Download Superantispyware (SAS) SUPERAntispyware Free Edition Install it and double-click the icon on your desktop to run it. * It will ask if you want to Update the program definitions, click Yes. * Under Configuration and Preferences, click the Preferences button. * Click the Scanning Control tab. * Under Scanner Options make sure the following are checked: + Close browsers before scanning + Scan for tracking cookies + Terminate memory threats before quarantining. + Please leave the others unchecked. + Click the Close button to leave the control center screen. * On the main screen, under Scan for Harmful Software click Scan your computer. * On the left check C:\Fixed Drive. * On the right, under Complete Scan, choose Perform Complete Scan. * Click Next to start the scan. Please be patient while it scans your computer. * After the scan is complete a summary box will appear. Click OK. * Make sure everything in the white box has a check next to it, then click Next. * It will quarantine what it found and if it asks if you want to reboot, click Yes. * To retrieve the removal information please do the following: + After reboot, double-click the SUPERAntiSpyware icon on your desktop. + Click Preferences. Click the Statistics/Logs tab. + Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. + It will open in your default text editor (such as Notepad/Wordpad). + Save the notepad file to your desktop by clicking (in notepad) "File" "Save As" * Save the log somewhere you can easily find it. (normally the desktop) * Click close and close again to exit the program. * Please add the log as an attachment along with a new HijackThis log in the next post. === Next post attach SUPERAntiSpyware (SAS) log New Renamed HijackThis log attached are the files The error is still occuring [saving disk space - old attachment deleted by admin]We "should" be able to take care of the error in the next set of instructions. First however...... Enable Viewing Of Hidden System Files & Folders 1. Right Click Start. 2. Select Control Panel. 3. Select the Tools menu and click Folder Options. 4. Select the View Tab. 5. Under the Hidden files and folders heading select Show hidden files and folders. 6. Uncheck the Hide extensions for known file types option. 7. Uncheck the Hide protected operating system files (recommended) option. 8. Click Apply. 9. Click OK. Now go to www.virustotal.com Click Browse and locate C:\Program Files\USB FlashDisk\UFD Utility 2003\ufdlmon.exe <--Double click ufdlmon.exe Then click Send File Virus Total will run it through 32 different antivirus scanners and show the results. This takes a few minutes. Let me know the results. result was 0/32 (0%)Download Killbox.exe to your desktop. Don't use it yet. ===== You may want to print out or copy and paste the rest of this to notepad and save it to the desktop. You won't be able to see this page in safe mode. ===== Reboot into Safe Mode Safe Mode Instructions ===== Open HijackThis (HJT) and select Do a system scan only Place a check mark next to: O4 - HKLM\..\Run: [b834324b] rundll32.exe "C:\WINDOWS\system32\onfofdwt.dll",b Close all windows and click Fix checked ===== Double-click on Killbox.exe to run it. Make sure Standard File Kill is selected. In the Full Path of File to Delete box, copy and paste the following line into the box. Quote C:\WINDOWS\system32\onfofdwt.dll Then click on the button that has the red circle with the X in the middle after you enter the file. It will ask for confirmation to delete the file. Click Yes. Note: It is possible that Killbox will tell you that the file does not exist. Reboot to normal mode and re-hide the protected files. ===== Let me know how things are now.

Answer»

log file is too big I had to put it in 2 messages

I have AVG antivirus and use Windows Firewall
everytime I log on the computer I find like 10 viruses

Whats the next step? Thanks in advance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:47 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\USB FlashDisk\UFD Utility 2003\ufdlmon.exe
C:\Program Files\USB FlashDisk\UFD Utility 2003\UFDTool.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0255f062-2513-4740-b02c-b59480c91538} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {099FDF61-2801-40D2-B678-CF72E7C95529} - (no file)
O2 - BHO: (no name) - {36D388C0-445E-4F50-B5B6-77C838430EED} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7B58A8E2-BA17-4561-BC9E-76C0055867F0} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\mrtisino.dll (file missing)
O2 - BHO: (no name) - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - (no file)
O2 - BHO: (no name) - {8D379397-86C9-400B-24BF-9BE4C10F9AF3} - C:\Program Files\Windows Plus\lavu387.dll (file missing)
O2 - BHO: (no name) - {93884D92-A5FE-4254-B82B-023CF36B0AFF} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {ACF67FCF-E842-4584-8743-182141E396D6} - \
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B63149A7-0699-497B-B0C8-A77BEAB5F4C6} - (no file)
O2 - BHO: (no name) - {BFF0C184-49DE-4D2A-A332-A02D028FB142} - (no file)
O2 - BHO: (no name) - {C2EFFF71-6BA0-46EB-B6B2-F78D039100A6} - (no file)
O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - C:\WINDOWS\system32\urqrpon.dll (file missing)
O2 - BHO: (no name) - {C4FC47A6-5997-4B93-B279-C82BD058B991} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {D8684225-C586-4D61-A32C-D03457DBE6B0} - C:\WINDOWS\system32\mllmj.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadcom WIRELESS Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [UFD Monitor9382] C:\Program Files\USB FlashDisk\UFD Utility 2003\ufdlmon.exe
O4 - HKLM\..\Run: [UFD Utility9382] C:\Program Files\USB FlashDisk\UFD Utility 2003\UFDTool.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\nmarhiff.dll",sitypnow
O4 - HKLM\..\Run: [b834324b] rundll32.exe "C:\WINDOWS\system32\onfofdwt.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: urqrpon - urqrpon.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\abwbrivq.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Plus\profsy.html

--
End of file - 12027 bytesHello...

Download ViewpointKiller

* Unzip the program and all of the contents of ViewpointKiller.zip to a location such as your desktop.
* Double click the ViewpointKiller icon to run ViewpointKiller.exe. Select the "File" menu, and select "Check to see if you have Viewpoint installed".
* If ViewpointKiller indicates that any of the Viewpoint variants are installed, select the proper "Kill" OPTION in the File menu.

Follow the prompts and instructions very carefully, answering "Yes" or "No" depending on which option you are most comfortable with. The MsConfig instructions are very important, so be sure to read them carefully.

* When ViewpointKiller is done a log will be shown. Please add that log as an attachment in the next post.

NOTE: When done with ViewpointKiller, simply right click and delete all files that were unzipped.

Then attach a new HijackThis log also please.

How to attach logs in a post

Save the log to somewhere you can easily find it. (usually the desktop)

To do this, from within the notepad go to the top of the page and select "File" > "Save As..." enter the file name and click "Save" Be sure the desktop is the location selected to save to.
Please save all files as Text Documents (.txt)

Posting the log

1. Below the text box click "Additional Options..."
* If replying in a thread, before putting text into the reply box select "Preview"
2. Scroll down and select "Additional Options..."
3. Click "Browse"
4. Locate the file you want to attach and double click it to enter it into the window.
5. If you have more than one log click "(more attachments)" and a new window will open for adding another log.
* You will need to enter a message in the text box as well.
Attached are the log files for Viewpoint - had difficulty - but I think I got it to work
and the Hijack post viewpoint killer log file

[saving disk space - old attachment deleted by admin]Open HijackThis and select "Do a system scan only"

Place a check mark next to:

O2 - BHO: (no name) - {0255f062-2513-4740-b02c-b59480c91538} - (no file)
O2 - BHO: (no name) - {099FDF61-2801-40D2-B678-CF72E7C95529} - (no file)
O2 - BHO: (no name) - {36D388C0-445E-4F50-B5B6-77C838430EED} - (no file)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: (no name) - {7B58A8E2-BA17-4561-BC9E-76C0055867F0} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\mrtisino.dll (file missing)
O2 - BHO: (no name) - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - (no file)
O2 - BHO: (no name) - {8D379397-86C9-400B-24BF-9BE4C10F9AF3} - C:\Program Files\Windows Plus\lavu387.dll (file missing)
O2 - BHO: (no name) - {93884D92-A5FE-4254-B82B-023CF36B0AFF} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {ACF67FCF-E842-4584-8743-182141E396D6} - \
O2 - BHO: (no name) - {B63149A7-0699-497B-B0C8-A77BEAB5F4C6} - (no file)
O2 - BHO: (no name) - {BFF0C184-49DE-4D2A-A332-A02D028FB142} - (no file)
O2 - BHO: (no name) - {C2EFFF71-6BA0-46EB-B6B2-F78D039100A6} - (no file)
O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - C:\WINDOWS\system32\urqrpon.dll (file missing)O2 - BHO: (no name) - {C4FC47A6-5997-4B93-B279-C82BD058B991} - (no file)
O2 - BHO: (no name) - {D8684225-C586-4D61-A32C-D03457DBE6B0} - C:\WINDOWS\system32\mllmj.dll (file missing)
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - Global Startup: Digital Line Detect.lnk = ?
O20 - Winlogon Notify: urqrpon - urqrpon.dll (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\abwbrivq.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Plus\profsy.html

Close all windows and click "Fix checked"

Exit HijackThis

Go to C:\Program Files\Windows Plus\profsy.html and delete if found: (the part in red)

===

Please download Vundofix.exe to your desktop.

* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish, sometimes it can take multiple passes

Next Post Attach:
vundofix.txt
New HijackThis log

Also, how is the computer now?So I ran Vundo fix - was not able to acess the txt file
I attached the Hijack file.

I am still getting and error at startup:

ERROR loading C:\WINDOWS\system32\onfofdwt.dll
The specified module could not be found.

Also I ran the Vudo scan 2 x no errors were found the second time.

After this resolves is there a way to get the computer to run faster besides the obvious maintence(defrag, compress files)

Thanks

[saving disk space - old attachment deleted by admin]Can you get to it by GOING to C:\vundofix.txt

If so please attach it.Got it

[saving disk space - old attachment deleted by admin]Right click and delete the HijackThis shortcut on the desktop (or wherever it is) We need to rename it.

Un-hide protected system files.
To enable the viewing of Hidden files follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and close My Computer.

Next go to C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <--Right click HijackThis.exe and rename it analyze.exe

Right click the new analyze.exe and create a new shortcut on the desktop.

Re-hide protected files

=====

Go to add/remove programs and uninstall Java version is 1.4.2.3

Reboot the computer.

=====

Please download ATF Cleaner by Atribune. ATF Cleaner.exe This program does not require an installation. The executable actually runs the program.

NOTE: ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.

If you use Firefox browser
* Click Firefox at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
* Click Opera at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

=====

Online Virus Scan

Requires Internet Explorer

Use the ESET Nod32 Online Scanner
Click YES, I accept the Terms of Use. Then click Start
The scan report is saved by default in C:\Program Files\EsetOnlineScanner\log.txt
Add the EsetOnlineScanner\log.txt in your post as an Attachment

=====

Next post attach
EsetOnlineScanner log
New Renamed HijackThis log

=====

The onfofdwt.dll is something I am looking into.

Is there any reason for your USB FlashDisk (ufdlmon.exe and UFDTool.exe) need to be autoloading at startup?

I deleted Java and also the Java(TM)6 update 3

I could not run online virus scan you suggested but my browser is not supported

I should have told you to keep the Java 6 Update 3, sorry.

Download the latest version of Java Runtime Environment (JRE) 6
* Click the Free Java Download button.
* Click the Download Now button.
* When the Software Installation dialog box opens. Click on the Install Now button.
* Follow the prompts to complete installation.

You have to run the Online Scan with Internet Explorer, but, I think we should run SUPERAntiSpyware.

First though.....

Download Superantispyware (SAS)

SUPERAntispyware Free Edition

Install it and double-click the icon on your desktop to run it.
* It will ask if you want to Update the program definitions, click Yes.
* Under Configuration and Preferences, click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked:
+ Close browsers before scanning
+ Scan for tracking cookies
+ Terminate memory threats before quarantining.
+ Please leave the others unchecked.
+ Click the Close button to leave the control center screen.
* On the main screen, under Scan for Harmful Software click Scan your computer.
* On the left check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK.
* Make sure everything in the white box has a check next to it, then click Next.
* It will quarantine what it found and if it asks if you want to reboot, click Yes.
* To retrieve the removal information please do the following:
+ After reboot, double-click the SUPERAntiSpyware icon on your desktop.
+ Click Preferences. Click the Statistics/Logs tab.
+ Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
+ It will open in your default text editor (such as Notepad/Wordpad).
+ Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
* Please add the log as an attachment along with a new HijackThis log in the next post.

===

Next post attach
SUPERAntiSpyware (SAS) log
New Renamed HijackThis log

attached are the files
The error is still occuring

[saving disk space - old attachment deleted by admin]We "should" be able to take care of the error in the next set of instructions. First however......

Enable Viewing Of Hidden System Files & Folders

1. Right Click Start.
2. Select Control Panel.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide extensions for known file types option.
7. Uncheck the Hide protected operating system files (recommended) option.
8. Click Apply.
9. Click OK.

Now go to www.virustotal.com

Click Browse and locate C:\Program Files\USB FlashDisk\UFD Utility 2003\ufdlmon.exe <--Double click ufdlmon.exe

Then click Send File Virus Total will run it through 32 different antivirus scanners and show the results. This takes a few minutes. Let me know the results.

result was 0/32 (0%)Download Killbox.exe to your desktop. Don't use it yet.

=====

You may want to print out or copy and paste the rest of this to notepad and save it to the desktop. You won't be able to see this page in safe mode.

=====

Reboot into Safe Mode

Safe Mode Instructions

=====

Open HijackThis (HJT) and select Do a system scan only

Place a check mark next to:

O4 - HKLM\..\Run: [b834324b] rundll32.exe "C:\WINDOWS\system32\onfofdwt.dll",b

Close all windows and click Fix checked

=====

Double-click on Killbox.exe to run it. Make sure Standard File Kill is selected.
In the Full Path of File to Delete box, copy and paste the following
line into the box.
Quote

C:\WINDOWS\system32\onfofdwt.dll

Then click on the button that has the red circle with the
X in the middle after you enter the file. It will ask for confirmation to
delete the file. Click Yes.

Note: It is possible that Killbox will tell you that the file does not
exist.

Reboot to normal mode and re-hide the protected files.

=====

Let me know how things are now.

Solve : Hijack logfile part 1and part 2?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment