Tech Support Forum - View Single Post

Cookie Monster · 11-28-2007, 05:53 PM

I hope this will work.

ComboFix 07-11-19.4C - Dan the Man 2007-11-28 16:44:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.71 [GMT -7:00]
Running from: C:\Documents and Settings\Dan the Man\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Dan the Man\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Dan the Man\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Dan the Man\Favorites\Online Security Guide.lnk
C:\Program Files\Common Files\kffz\kffza.exe
C:\Program Files\Common Files\kffz\kffza.lck
C:\Program Files\Common Files\kffz\kffzd\class-barrel
C:\Program Files\Common Files\kffz\kffzd\kffzc.dll
C:\Program Files\Common Files\kffz\kffzd\vocabulary
C:\Program Files\Common Files\kffz\kffzl.exe
C:\Program Files\Common Files\kffz\kffzl.lck
C:\Program Files\Common Files\kffz\kffzm.exe
C:\Program Files\Common Files\kffz\kffzm.lck
C:\Program Files\Common Files\kffz\kffzp.exe
C:\Program Files\inetget2
C:\Program Files\myglobalsearch
C:\Program Files\Words
C:\Program Files\Words\list.txt
C:\Program Files\Words\UnInstall.exe
C:\Program Files\Words\Words.exe
C:\windows\b143.exe
C:\windows\cookies.ini
C:\windows\kffz
C:\windows\kffz\kffz.dat
C:\windows\kffz\wu
C:\windows\mrofinu1188.exe
C:\windows\system32\tsuninst.exe
C:\WINDOWS\system32\wxyay.bak1
C:\WINDOWS\system32\wxyay.bak2
C:\WINDOWS\system32\wxyay.ini
C:\WINDOWS\system32\wxyay.ini2
C:\WINDOWS\system32\wxyay.tmp
C:\windows\system32\yayxw.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.

2007-11-26 22:01 <DIR> d-------- C:\VundoFix Backups
2007-11-26 14:12 80,960 --a------ C:\WINDOWS\system32\sgaaghmh.dll
2007-11-26 14:09 780,914 --ahs---- C:\WINDOWS\system32\qcmobqkx.ini
2007-11-26 14:09 71,232 --a------ C:\WINDOWS\system32\blvnuywu.exe
2007-11-25 14:11 <DIR> d-------- C:\Deckard
2007-11-25 14:09 79,936 --a------ C:\WINDOWS\system32\hiotoytu.dll
2007-11-25 14:08 71,232 --a------ C:\WINDOWS\system32\jxocxnbi.exe
2007-11-25 14:08 71,232 --a------ C:\WINDOWS\system32\enbeexia.exe
2007-11-24 13:44 741,850 --ahs---- C:\WINDOWS\system32\kxmrvxbo.ini
2007-11-22 21:54 <DIR> d-------- C:\Program Files\CCleaner
2007-11-22 21:53 741,790 --ahs---- C:\WINDOWS\system32\pwllkroe.ini
2007-11-22 21:53 79,936 --a------ C:\WINDOWS\system32\krfswwxw.dll
2007-11-17 19:03 71,232 --a------ C:\WINDOWS\system32\ixemyies.exe
2007-11-15 16:16 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-15 16:16 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-15 16:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-15 14:30 15 --a------ C:\WINDOWS\system32\c40b8941
2007-11-14 17:01 671,136 --ahs---- C:\WINDOWS\system32\hmelblbl.ini
2007-11-14 17:01 85,056 --a------ C:\WINDOWS\system32\lblblemh.dll
2007-11-14 16:58 79,424 --a------ C:\WINDOWS\system32\fvqetudd.dll
2007-11-14 15:57 79,424 --a------ C:\WINDOWS\system32\lcbscxor.dll
2007-11-14 15:55 671,127 --ahs---- C:\WINDOWS\system32\olveadem.ini
2007-11-14 15:54 85,056 --a------ C:\WINDOWS\system32\medaevlo.dll
2007-11-14 15:46 71,232 --a------ C:\WINDOWS\system32\bqirdjtw.exe
2007-11-14 15:38 36,352 --a------ C:\WINDOWS\system32\nnnmnkj.dll
2007-11-14 15:22 79,424 --a------ C:\WINDOWS\system32\jgbuqvrt.dll
2007-11-14 15:21 0 --a------ C:\Documents and Settings\Dan the Man\x.dat
2007-11-14 15:19 2,152 --a------ C:\Documents and Settings\Dan the Man\z.dat
2007-11-13 16:05 8,454,656 --a------ C:\WINDOWS\system32\SET3C.tmp
2007-11-13 16:05 115,712 --a------ C:\WINDOWS\system32\SET3D.tmp
2007-11-08 20:04 134 --a------ C:\n.bat
2007-11-08 20:03 0 --a------ C:\z.dat
2007-11-08 20:03 0 --a------ C:\x.dat
2007-11-08 20:02 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-01 21:55 <DIR> d-------- C:\Program Files\InterActual
2007-11-01 21:28 <DIR> d-------- C:\Program Files\DIFX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 23:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-27 05:01 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\U3
2007-11-25 02:01 --------- d-----w C:\Program Files\QuickTime
2007-11-25 02:00 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-25 01:49 --------- d-----w C:\Program Files\iTunes
2007-11-25 01:48 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-11-24 02:15 22 ----a-w C:\WINDOWS\Fonts\zia03516
2007-11-24 02:15 22 ----a-w C:\WINDOWS\Fonts\a.zip
2007-11-15 04:33 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\LimeWire
2007-11-15 04:30 --------- d-----w C:\Program Files\LimeWire
2007-11-15 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-25 06:10 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\DivX
2007-10-25 06:06 --------- d-----w C:\Program Files\DivX
2007-10-20 03:20 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\Wal-Mart Digital Photo Manager
2007-10-20 03:19 --------- d-----w C:\Program Files\Wal-Mart
2007-10-20 03:19 --------- d-----w C:\Program Files\Common Files\HP
2007-10-20 03:18 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\Wal-Mart Digital Photo Viewer
2007-09-28 16:07 9,464 ------w C:\windows\system32\drivers\cdralw2k.sys
2007-09-28 16:07 9,336 ------w C:\windows\system32\drivers\cdr4_xp.sys
2007-09-28 16:07 43,528 ------w C:\windows\system32\drivers\PxHelp20.sys
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0cc55c1a-46ea-422c-9fd4-8d62678f1586}]
2007-11-26 14:12 80960 --a------ C:\windows\system32\sgaaghmh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"interrdr"="C:\DOCUME~1\DANTHE~1\APPLIC~1\BROWSE~1\live close pile.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 00:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 10:00]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"IgfxTray"="C:\windows\system32\igfxtray.exe" [2001-08-07 23:25]
"HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2001-08-07 22:36]
"user bib mp3 plan"="C:\Documents and Settings\All Users\Application Data\Amok Copy User Bib\great bind.exe" [2007-11-28 17:03]
"JUMP RECT SAVE PLAN"="C:\Documents and Settings\All Users\Application Data\bags amen plan amok\1 Help Debug.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 16:32]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-08-20 10:53]
"Host Process"="C:\windows\Fonts\svchost.exe" []
"c40b9bcf"="C:\windows\system32\xkqbomcq.dll" []

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47, on 2007-11-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\hkcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\System32\svchost.exe
C:\windows\system32\taskmgr.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Dan the Man\Desktop\Downloads\Dan the Man.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://defendingyourfaith.org/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {6851f876-26d8-4df9-c224-ae64a1c55cc0} - {0cc55c1a-46ea-422c-9fd4-8d62678f1586} - C:\windows\system32\sgaaghmh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [user bib mp3 plan] C:\Documents and Settings\All Users\Application Data\Amok Copy User Bib\great bind.exe
O4 - HKLM\..\Run: [JUMP RECT SAVE PLAN] C:\Documents and Settings\All Users\Application Data\bags amen plan amok\1 Help Debug.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Host Process] C:\windows\Fonts\svchost.exe
O4 - HKLM\..\Run: [c40b9bcf] rundll32.exe "C:\windows\system32\xkqbomcq.dll",b
O4 - HKCU\..\Run: [interrdr] C:\DOCUME~1\DANTHE~1\APPLIC~1\BROWSE~1\live close pile.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1146072999566
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport...ScapeTeleX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8030 bytes

11-28-2007, 05:53 PM	#7 (permalink)
Cookie Monster Registered User Join Date: Sep 2007 Location: Colorado Posts: 34 OS: XP Pro	Re: Help, my computer has been hijacked! I hope this will work. ComboFix 07-11-19.4C - Dan the Man 2007-11-28 16:44:25.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.71 [GMT -7:00] Running from: C:\Documents and Settings\Dan the Man\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\Documents and Settings\Dan the Man\Desktop\Live Safety Center.lnk C:\Documents and Settings\Dan the Man\Desktop\Online Security Guide.lnk C:\Documents and Settings\Dan the Man\Favorites\Online Security Guide.lnk C:\Program Files\Common Files\kffz\kffza.exe C:\Program Files\Common Files\kffz\kffza.lck C:\Program Files\Common Files\kffz\kffzd\class-barrel C:\Program Files\Common Files\kffz\kffzd\kffzc.dll C:\Program Files\Common Files\kffz\kffzd\vocabulary C:\Program Files\Common Files\kffz\kffzl.exe C:\Program Files\Common Files\kffz\kffzl.lck C:\Program Files\Common Files\kffz\kffzm.exe C:\Program Files\Common Files\kffz\kffzm.lck C:\Program Files\Common Files\kffz\kffzp.exe C:\Program Files\inetget2 C:\Program Files\myglobalsearch C:\Program Files\Words C:\Program Files\Words\list.txt C:\Program Files\Words\UnInstall.exe C:\Program Files\Words\Words.exe C:\windows\b143.exe C:\windows\cookies.ini C:\windows\kffz C:\windows\kffz\kffz.dat C:\windows\kffz\wu C:\windows\mrofinu1188.exe C:\windows\system32\tsuninst.exe C:\WINDOWS\system32\wxyay.bak1 C:\WINDOWS\system32\wxyay.bak2 C:\WINDOWS\system32\wxyay.ini C:\WINDOWS\system32\wxyay.ini2 C:\WINDOWS\system32\wxyay.tmp C:\windows\system32\yayxw.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))) . 2007-11-26 22:01 <DIR> d-------- C:\VundoFix Backups 2007-11-26 14:12 80,960 --a------ C:\WINDOWS\system32\sgaaghmh.dll 2007-11-26 14:09 780,914 --ahs---- C:\WINDOWS\system32\qcmobqkx.ini 2007-11-26 14:09 71,232 --a------ C:\WINDOWS\system32\blvnuywu.exe 2007-11-25 14:11 <DIR> d-------- C:\Deckard 2007-11-25 14:09 79,936 --a------ C:\WINDOWS\system32\hiotoytu.dll 2007-11-25 14:08 71,232 --a------ C:\WINDOWS\system32\jxocxnbi.exe 2007-11-25 14:08 71,232 --a------ C:\WINDOWS\system32\enbeexia.exe 2007-11-24 13:44 741,850 --ahs---- C:\WINDOWS\system32\kxmrvxbo.ini 2007-11-22 21:54 <DIR> d-------- C:\Program Files\CCleaner 2007-11-22 21:53 741,790 --ahs---- C:\WINDOWS\system32\pwllkroe.ini 2007-11-22 21:53 79,936 --a------ C:\WINDOWS\system32\krfswwxw.dll 2007-11-17 19:03 71,232 --a------ C:\WINDOWS\system32\ixemyies.exe 2007-11-15 16:16 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-11-15 16:16 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-11-15 16:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-11-15 14:30 15 --a------ C:\WINDOWS\system32\c40b8941 2007-11-14 17:01 671,136 --ahs---- C:\WINDOWS\system32\hmelblbl.ini 2007-11-14 17:01 85,056 --a------ C:\WINDOWS\system32\lblblemh.dll 2007-11-14 16:58 79,424 --a------ C:\WINDOWS\system32\fvqetudd.dll 2007-11-14 15:57 79,424 --a------ C:\WINDOWS\system32\lcbscxor.dll 2007-11-14 15:55 671,127 --ahs---- C:\WINDOWS\system32\olveadem.ini 2007-11-14 15:54 85,056 --a------ C:\WINDOWS\system32\medaevlo.dll 2007-11-14 15:46 71,232 --a------ C:\WINDOWS\system32\bqirdjtw.exe 2007-11-14 15:38 36,352 --a------ C:\WINDOWS\system32\nnnmnkj.dll 2007-11-14 15:22 79,424 --a------ C:\WINDOWS\system32\jgbuqvrt.dll 2007-11-14 15:21 0 --a------ C:\Documents and Settings\Dan the Man\x.dat 2007-11-14 15:19 2,152 --a------ C:\Documents and Settings\Dan the Man\z.dat 2007-11-13 16:05 8,454,656 --a------ C:\WINDOWS\system32\SET3C.tmp 2007-11-13 16:05 115,712 --a------ C:\WINDOWS\system32\SET3D.tmp 2007-11-08 20:04 134 --a------ C:\n.bat 2007-11-08 20:03 0 --a------ C:\z.dat 2007-11-08 20:03 0 --a------ C:\x.dat 2007-11-08 20:02 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-01 21:55 <DIR> d-------- C:\Program Files\InterActual 2007-11-01 21:28 <DIR> d-------- C:\Program Files\DIFX . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-28 23:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-27 05:01 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\U3 2007-11-25 02:01 --------- d-----w C:\Program Files\QuickTime 2007-11-25 02:00 --------- d-----w C:\Program Files\Norton AntiVirus 2007-11-25 01:49 --------- d-----w C:\Program Files\iTunes 2007-11-25 01:48 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2007-11-24 02:15 22 ----a-w C:\WINDOWS\Fonts\zia03516 2007-11-24 02:15 22 ----a-w C:\WINDOWS\Fonts\a.zip 2007-11-15 04:33 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\LimeWire 2007-11-15 04:30 --------- d-----w C:\Program Files\LimeWire 2007-11-15 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-25 06:10 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\DivX 2007-10-25 06:06 --------- d-----w C:\Program Files\DivX 2007-10-20 03:20 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\Wal-Mart Digital Photo Manager 2007-10-20 03:19 --------- d-----w C:\Program Files\Wal-Mart 2007-10-20 03:19 --------- d-----w C:\Program Files\Common Files\HP 2007-10-20 03:18 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\Wal-Mart Digital Photo Viewer 2007-09-28 16:07 9,464 ------w C:\windows\system32\drivers\cdralw2k.sys 2007-09-28 16:07 9,336 ------w C:\windows\system32\drivers\cdr4_xp.sys 2007-09-28 16:07 43,528 ------w C:\windows\system32\drivers\PxHelp20.sys 1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL 1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL 1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL 1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL 1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL 1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0cc55c1a-46ea-422c-9fd4-8d62678f1586}] 2007-11-26 14:12 80960 --a------ C:\windows\system32\sgaaghmh.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "interrdr"="C:\DOCUME~1\DANTHE~1\APPLIC~1\BROWSE~1\live close pile.exe" [] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 00:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 10:00] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "IgfxTray"="C:\windows\system32\igfxtray.exe" [2001-08-07 23:25] "HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2001-08-07 22:36] "user bib mp3 plan"="C:\Documents and Settings\All Users\Application Data\Amok Copy User Bib\great bind.exe" [2007-11-28 17:03] "JUMP RECT SAVE PLAN"="C:\Documents and Settings\All Users\Application Data\bags amen plan amok\1 Help Debug.exe" [] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 16:32] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-08-20 10:53] "Host Process"="C:\windows\Fonts\svchost.exe" [] "c40b9bcf"="C:\windows\system32\xkqbomcq.dll" [] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:47, on 2007-11-28 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\windows\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\windows\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\windows\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\windows\system32\igfxtray.exe C:\windows\system32\hkcmd.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\windows\System32\svchost.exe C:\windows\system32\taskmgr.exe C:\windows\system32\wuauclt.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Documents and Settings\Dan the Man\Desktop\Downloads\Dan the Man.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://defendingyourfaith.org/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost; O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: {6851f876-26d8-4df9-c224-ae64a1c55cc0} - {0cc55c1a-46ea-422c-9fd4-8d62678f1586} - C:\windows\system32\sgaaghmh.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [user bib mp3 plan] C:\Documents and Settings\All Users\Application Data\Amok Copy User Bib\great bind.exe O4 - HKLM\..\Run: [JUMP RECT SAVE PLAN] C:\Documents and Settings\All Users\Application Data\bags amen plan amok\1 Help Debug.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Host Process] C:\windows\Fonts\svchost.exe O4 - HKLM\..\Run: [c40b9bcf] rundll32.exe "C:\windows\system32\xkqbomcq.dll",b O4 - HKCU\..\Run: [interrdr] C:\DOCUME~1\DANTHE~1\APPLIC~1\BROWSE~1\live close pile.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1146072999566 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport...ScapeTeleX.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 8030 bytes