Thread: Why Will Nobody Help Me? Please respond
View Single Post
Old 12-13-2007, 11:12 PM   #8 (permalink)
jordanbakersays
Registered User
 
Join Date: Dec 2007
Posts: 9
OS: XP


Laugh Re: Why Will Nobody Help Me? Please respond
Here is my combofix log, I attached the HJT log because that's what you had me do last time I hope that's okay. Thank you so much for the help it looks like we're making some great progress!!!

Jordan


ComboFix 07-12-12.3 - JD 2007-12-14 0:40:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.605 [GMT -5:00]
Running from: C:\Documents and Settings\JD\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\ajcsmwhi.dll
C:\WINDOWS\system32\akvbokqj.dll
C:\WINDOWS\system32\aqveirdd.dll
C:\WINDOWS\system32\bsnlhvoo.dll
C:\WINDOWS\system32\cbbgcwyr.exe
C:\WINDOWS\system32\ccrsrrsj.dll
C:\WINDOWS\system32\cjjvorjq.exe
C:\WINDOWS\system32\dgkqkvyd.dll
C:\WINDOWS\system32\difyktij.dll
C:\WINDOWS\system32\dyvkqkgd.ini
C:\WINDOWS\system32\exxeyxrj.ini
C:\WINDOWS\system32\fcagamue.exe
C:\WINDOWS\system32\fobkopia.exe
C:\WINDOWS\system32\fpsirlae.dll
C:\WINDOWS\system32\fxxqsymx.dll
C:\WINDOWS\system32\hihimbkx.ini
C:\WINDOWS\system32\hqvipdhv.ini
C:\WINDOWS\system32\htkluaes.exe
C:\WINDOWS\system32\ihwmscja.ini
C:\WINDOWS\system32\imwukwxs.exe
C:\WINDOWS\system32\ivqhaivq.dll
C:\WINDOWS\system32\jitkyfid.ini
C:\WINDOWS\system32\jrxyexxe.dll
C:\WINDOWS\system32\kicoqalt.dll
C:\WINDOWS\system32\lhhhnmtw.dll
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini2
C:\WINDOWS\system32\lvlemfdn.dll
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mryfrtuc.exe
C:\WINDOWS\system32\mwdqwaus.exe
C:\WINDOWS\system32\nwakyjpc.dll
C:\WINDOWS\system32\nwdleyxk.dll
C:\WINDOWS\system32\nxuafxys.dll
C:\WINDOWS\system32\otsyxahu.dll
C:\WINDOWS\system32\oxtuatjq.dll
C:\WINDOWS\system32\pfdkolib.exe
C:\WINDOWS\system32\phgtjslk.exe
C:\WINDOWS\system32\pjgtdegv.ini
C:\WINDOWS\system32\prfsmxia.dll
C:\WINDOWS\system32\psfkuhwv.dll
C:\WINDOWS\system32\pupyusia.dll
C:\WINDOWS\system32\qkterthk.exe
C:\WINDOWS\system32\quwcbafg.dll
C:\WINDOWS\system32\rkachqii.exe
C:\WINDOWS\system32\rwysghno.dll
C:\WINDOWS\system32\snwhjnxw.dll
C:\WINDOWS\system32\stealhqf.dll
C:\WINDOWS\system32\tdrkiise.exe
C:\WINDOWS\system32\tnkkqyau.exe
C:\WINDOWS\system32\ubogvqnl.exe
C:\WINDOWS\system32\udohniju.dll
C:\WINDOWS\system32\uovjterq.dll
C:\WINDOWS\system32\vbdocciv.dll
C:\WINDOWS\system32\vcoiwddu.dll
C:\WINDOWS\system32\vgedtgjp.dll
C:\WINDOWS\system32\vhdpivqh.dll
C:\WINDOWS\system32\voxiyoug.dll
C:\WINDOWS\system32\vqjcwkkd.dll
C:\WINDOWS\system32\vsxrgkwd.dll
C:\WINDOWS\system32\vuomstix.exe
C:\WINDOWS\system32\vxwidqcj.exe
C:\WINDOWS\system32\wgtwcsic.exe
C:\WINDOWS\system32\xanfblid.dll
C:\WINDOWS\system32\xkbmihih.dll
C:\WINDOWS\system32\xmysqxxf.ini
C:\WINDOWS\system32\ymsmyvmg.exe
C:\WINDOWS\system32\yufxhjyx.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NTMLSVC
-------\DomainService
-------\NtmlSvc


((((((((((((((((((((((((( Files Created from 2007-11-14 to 2007-12-14 )))))))))))))))))))))))))))))))
.

2007-12-12 13:12 . 2007-12-12 17:34 354 --ahs---- C:\WINDOWS\system32\osdweuec.ini
2007-12-11 17:02 . 2007-12-11 00:14 858,944 --ahs---- C:\WINDOWS\system32\sanwyxij.ini
2007-12-11 14:55 . 2007-12-11 14:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-11 14:55 . 2007-12-11 14:55 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-11 14:39 . 2007-12-11 14:47 764 --a------ C:\WINDOWS\rtcwgoty.INI
2007-12-11 12:39 . 2007-12-10 12:44 912,964 --ahs---- C:\WINDOWS\system32\tiwovjll.ini
2007-12-11 01:47 . 2007-12-10 01:57 834,171 --ahs---- C:\WINDOWS\system32\kmdkspwg.ini
2007-12-11 00:20 . 2007-12-10 01:02 896,199 --ahs---- C:\WINDOWS\system32\jxrtwpjj.ini
2007-12-10 12:51 . 2007-12-11 13:04 913,024 --ahs---- C:\WINDOWS\system32\xyquuwxb.ini
2007-12-10 01:29 . 2007-12-11 01:47 837,097 --ahs---- C:\WINDOWS\system32\fwbvwexp.ini
2007-12-10 01:08 . 2007-12-11 12:34 912,904 --ahs---- C:\WINDOWS\system32\rdwlttda.ini
2007-12-09 11:57 . 2007-12-10 12:09 858,824 --ahs---- C:\WINDOWS\system32\lvarjruy.ini
2007-12-07 15:33 . 2007-12-10 02:23 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-07 15:33 . 2007-12-07 11:46 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-07 15:33 . 2007-12-07 11:46 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-07 15:33 . 2007-12-07 11:46 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-07 15:30 . 2007-12-08 01:20 833,835 --ahs---- C:\WINDOWS\system32\upwalauy.ini
2007-12-07 14:07 . 2007-12-07 14:07 <DIR> d-------- C:\Program Files\Sun
2007-12-07 14:07 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-07 14:03 . 2007-12-07 14:07 <DIR> d-------- C:\Program Files\Java
2007-12-07 14:01 . 2007-12-07 14:01 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-07 12:11 . 2007-12-07 12:22 710,418,432 --a------ C:\111.tmp
2007-12-06 15:09 . 2007-12-06 15:09 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-06 13:59 . 2007-12-07 15:13 808,188 --ahs---- C:\WINDOWS\system32\pxhpvpey.ini
2007-12-06 09:58 . 2007-12-06 13:59 807,888 --ahs---- C:\WINDOWS\system32\mxosevkp.ini
2007-12-06 01:13 . 2007-12-05 09:27 807,528 --ahs---- C:\WINDOWS\system32\hcdqxsqt.ini
2007-12-05 09:37 . 2007-12-06 09:44 807,588 --ahs---- C:\WINDOWS\system32\kxvdpbir.ini
2007-12-05 02:41 . 2007-12-05 02:41 792,522 --ahs---- C:\WINDOWS\system32\uvtnsbux.ini
2007-12-05 00:53 . 2007-12-05 00:53 <DIR> d-------- C:\Program Files\SAMSUNG
2007-12-04 14:51 . 2007-12-06 01:06 668,932 --ahs---- C:\WINDOWS\system32\juguxhjp.ini
2007-12-04 02:08 . 2007-12-05 02:26 792,462 --ahs---- C:\WINDOWS\system32\rxcalgri.ini
2007-12-03 14:36 . 2007-12-04 14:50 795,044 --ahs---- C:\WINDOWS\system32\sghyhvrj.ini
2007-12-02 14:01 . 2007-12-03 14:27 794,324 --ahs---- C:\WINDOWS\system32\cjkcounv.ini
2007-12-01 13:16 . 2007-12-02 13:49 794,144 --ahs---- C:\WINDOWS\system32\fubwgont.ini
2007-11-30 19:52 . 2007-11-30 19:52 236 --a------ C:\WINDOWS\Name Maker Studio Help.ini
2007-11-30 16:06 . 2007-12-01 01:51 794,093 --ahs---- C:\WINDOWS\system32\kjvlvrgn.ini
2007-11-29 01:07 . 2007-11-30 13:00 793,904 --ahs---- C:\WINDOWS\system32\wxfydjhn.ini
2007-11-28 20:53 . 2007-11-29 01:01 789,839 --ahs---- C:\WINDOWS\system32\yuwjgwar.ini
2007-11-28 16:17 . 2007-11-28 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-28 10:38 . 2007-11-28 10:38 23,696 --a------ C:\WINDOWS\system32\khfghgh.dll
2007-11-26 01:43 . 2007-11-26 01:43 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2007-11-26 01:43 . 2007-11-26 13:21 <DIR> d-------- C:\Program Files\Antares Audio Technologies
2007-11-26 01:42 . 2003-06-20 13:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-11-26 00:38 . 2007-12-04 13:26 <DIR> d-------- C:\VundoFix Backups
2007-11-25 20:12 . 2007-11-25 20:12 <DIR> d-------- C:\Documents and Settings\JD\Application Data\Antares
2007-11-25 17:16 . 2007-11-25 17:16 <DIR> d-------- C:\Documents and Settings\JD\Application Data\Template
2007-11-25 17:16 . 2007-11-25 17:16 0 --a------ C:\Documents and Settings\JD\Application Data\wklnhst.dat
2007-11-24 19:10 . 2007-11-24 19:10 58,368 --a------ C:\oaif.exe
2007-11-24 19:10 . 2007-11-24 19:10 44,993 --a------ C:\nbhsamd.exe
2007-11-24 18:53 . 2007-11-24 18:53 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-24 16:59 . 2007-11-24 19:03 <DIR> d-------- C:\Program Files\Open Adder
2007-11-24 11:10 . 2007-11-24 11:10 <DIR> d-------- C:\Program Files\RealArcade
2007-11-21 22:37 . 2007-11-21 22:37 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-21 22:37 . 2007-11-21 22:38 <DIR> d-------- C:\Program Files\FLV Player
2007-11-20 01:16 . 2007-12-13 12:52 <DIR> d-------- C:\TMD-Recruit.5.0
2007-11-20 01:12 . 2000-02-21 21:07 413,760 --a------ C:\WINDOWS\system32\MPG4C32.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-14 02:15 --------- d-----w C:\Program Files\McAfee
2007-12-12 03:02 --------- d-----w C:\Program Files\Last.fm
2007-12-11 06:56 --------- d-----w C:\Program Files\Digital Line Detect
2007-12-11 06:56 --------- d-----w C:\Program Files\Dell Support
2007-12-11 06:42 --------- d-----w C:\Program Files\Bonjour
2007-12-11 06:42 --------- d-----w C:\Program Files\BAE
2007-12-11 06:41 --------- d-----w C:\Program Files\Ares
2007-12-10 06:58 --------- d-----w C:\Program Files\iTunes
2007-12-10 06:57 --------- d-----w C:\Program Files\FriendBlasterPro
2007-12-07 22:18 --------- d-----w C:\Program Files\PowerISO
2007-12-07 22:09 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-07 05:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-05 05:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 02:42 --------- d-----w C:\Documents and Settings\JD\Application Data\AdobeUM
2007-11-26 06:43 --------- d-----w C:\Program Files\Vstplugins
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm
2007-10-17 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2007-10-17 15:06 --------- d-----w C:\Program Files\Atari-Infogrames
2002-07-26 21:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 21:57]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-07-16 16:54]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 06:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 02:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 02:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 02:45]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-22 17:35]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 18:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 17:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 08:36]
"MMTray"="MMTray.exe" [2001-11-08 19:19 C:\WINDOWS\system32\MMTray.exe]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-06 19:05]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 10:00]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2007-04-05 15:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

C:\Documents and Settings\JD\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-11-09 13:52:10]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-07-01 16:12:29]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

S2 0249751197598558mcinstcleanup;McAfee Application Installer Cleanup (0249751197598558);C:\WINDOWS\TEMP\024975~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S2 DVC120;Dazzle DVC120;C:\WINDOWS\system32\Drivers\dvc120.sys
S3 MA763010;M-Audio Fast Track;C:\WINDOWS\system32\drivers\MA763010.sys
S3 NUVision;Pinnacle DVC 80 Video;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05160fe3-3949-11dc-8a38-0015c57ba4ec}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aaf7d55-36d8-11dc-8a2f-0015c57ba4ec}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f513ee84-3d72-11dc-8a3e-0015c57ba4ec}]
\Shell\AutoRun\command - F:\setupSNK.exe

*Newly Created Service* - 0249751197598558MCINSTCLEANUP
.
Contents of the 'Scheduled Tasks' folder
"2007-12-08 23:30:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-15 06:00:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-11-01 05:00:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-14 00:50:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-14 0:52:16 - machine was rebooted
.
2007-12-13 08:04:51 --- E O F ---
Attached Files
File Type: txt hijackthis.txt (9.2 KB, 1 views)
jordanbakersays is offline