|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
12-28-2007, 10:02 AM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 18
OS: win xp
|
Need help - Followed all directions - Please see thread
Hello, I'm hoping you will be able to solve our problem. One of our work computers was affected with this what I would say is a virus. The following is happening:
1. Cannot adjust background, which is stuck at a black screen that says Spyware was found on the computer. 2. Constant popups for PCSecuritylab.com 3. Notifications from something that is acting like windows security center. 4. Cannot use Task Manager Following and attached is the information you asked for in the threads I read. Thank you and I hope you can help. **I did not use word wrap, but it appears to be spreading out the text anyways for some reason. PANDASCAN--------------- Incident Status Location Adware:Adware/VirusAlarma Not disinfected c:\windows\winshow .exe Adware:Adware/SpyAway Not disinfected C:\WINDOWS\system32\egmulhxk.dll Adware:Adware/Diocleaner Not disinfected C:\WINDOWS\system32\lpcywinp.exe Virus:trj/rirat.f Disinfected Operating system Adware:adware/eshopper Not disinfected c:\windows\system32\ESHOPEE.exe Adware:adware/popuper Not disinfected c:\windows\system32\msole32.exe Adware:adware/searchaid Not disinfected c:\windows\winshow.exe Potentially unwanted tool:application/activitymon Not disinfected c:\program files\amsys Adware:adware/activshopper Not disinfected c:\program files\e-zshopper Adware:adware/adbars Not disinfected Windows Registry Dialer:dialer.xd Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546} Adware:adware/activesearch Not disinfected Windows Registry Adware:adware/deskwizz Not disinfected Windows Registry Adware:adware/404search Not disinfected Windows Registry Adware:adware/adblaster Not disinfected Windows Registry Adware:adware/adsincontext Not disinfected Windows Registry Virus:trj/qhost.gen Disinfected Operating system Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-587b5d86-36e94c67.zip[Dummy.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-4d048a14-569f7380.zip[BaaaaBaa.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-4d048a14-569f7380.zip[VaaaaaaaBaa.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-4d048a14-569f7380.zip[Dvnny.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-4d048a14-569f7380.zip[Baaaaa.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-4d048a14-569f7380.zip[Dex.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-4d048a14-569f7380.zip[Dix.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-4d048a14-569f7380.zip[Dux.class] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\jamie\Cookies\jamie@ad.yieldmanager[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\jamie\Cookies\jamie@advertising[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jamie\Cookies\jamie@atdmt[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\jamie\Cookies\jamie@casalemedia[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\jamie\Cookies\jamie@com[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jamie\Cookies\jamie@doubleclick[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jamie\Cookies\jamie@fastclick[2].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\jamie\Cookies\jamie@searchportal.information[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\jamie\Cookies\jamie@statcounter[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\jamie\Cookies\jamie@trafficmp[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\jamie\Cookies\jamie@tribalfusion[1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\jamie\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe] Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\jamie\Desktop\SmitfraudFix.zip[SmitfraudFix/Reboot.exe] Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\jamie\Desktop\SmitfraudFix.zip[SmitfraudFix/restart.exe] Virus:W32/Sober.V.worm!CME-456 Disinfected Personal Folders\Inbox\mailing error\error-mail_info.zip[Winzipped-Text_Data.txt .pif] Virus:Trj/Agent.CRF Disinfected C:\Documents and Settings\jamie\Local Settings\Temp\16890\explorer.exe Virus:Trj/Downloader.MDW Disinfected C:\Documents and Settings\jamie\Local Settings\Temp\17142\2236.exe Possible Virus. Not disinfected C:\Documents and Settings\jamie\Local Settings\Temp\17569\explorer.exe Adware:Adware/VideoCach Not disinfected C:\Documents and Settings\jamie\Local Settings\Temp\20691\acexe.exe Possible Virus. Not disinfected C:\Documents and Settings\jamie\Local Settings\Temp\29894\explorer.exe Possible Virus. Not disinfected C:\Documents and Settings\jamie\Local Settings\Temp\TMP54.tmp Possible Virus. Not disinfected C:\Documents and Settings\jamie\Local Settings\Temp\TMP59.tmp Possible Virus. Not disinfected C:\Documents and Settings\jamie\Local Settings\Temp\TMP5A.tmp Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\jamie\wn0032.exe Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-1701480028-924270953-3461926640-1108\Dc1\SmitfraudFix\Process.exe Virus:Trj/Rebooter.J Disinfected C:\RECYCLER\S-1-5-21-1701480028-924270953-3461926640-1108\Dc1\SmitfraudFix\Reboot.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\RECYCLER\S-1-5-21-1701480028-924270953-3461926640-1108\Dc1\SmitfraudFix\restart.exe Adware:Adware/SpyAway Not disinfected C:\WINDOWS\fkwggshm.exe Adware:Adware/Yazzle Not disinfected C:\WINDOWS\mrofinu1000106.exe Adware:Adware/Yazzle Not disinfected C:\WINDOWS\mrofinu77.exe Adware:Adware/Diocleaner Not disinfected C:\WINDOWS\SYSTEM32\0.8225672.exe Virus:Trj/Downloader.PLF MAIN.TXT----------------------------------------------- Deckard's System Scanner v20071014.68 Run by jamie on 2007-12-28 11:45:20 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 62: 2007-12-28 16:45:35 UTC - RP917 - Deckard's System Scanner Restore Point 61: 2007-12-27 21:27:27 UTC - RP916 - Removed Windows Defender 60: 2007-12-27 19:37:38 UTC - RP915 - Windows Defender Checkpoint 59: 2007-12-27 17:16:30 UTC - RP914 - Windows Defender Checkpoint 58: 2007-12-27 16:36:52 UTC - RP913 - Last known good configuration -- First Restore Point -- 1: 2007-12-27 16:35:39 UTC - RP856 - System Checkpoint Backed up registry hives. Performed disk cleanup. Total Physical Memory: 510 MiB (512 MiB recommended). -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2007-12-28 11:47:50 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\SYSTEM32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\SYSTEM32\services.exe C:\WINDOWS\SYSTEM32\lsass.exe C:\WINDOWS\SYSTEM32\svchost.exe C:\WINDOWS\SYSTEM32\svchost.exe C:\WINDOWS\SYSTEM32\spoolsv.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\WINDOWS\SYSTEM32\lpcywinp.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\SYSTEM32\ctfmon.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe C:\WINDOWS\SYSTEM32\hkcmd.exe C:\Program Files\Dell\Media Experience\PCMService .exe C:\WINDOWS\SYSTEM32\igfxpers.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer.exe C:\WINDOWS\SYSTEM32\hkcmd .exe C:\WINDOWS\SYSTEM32\igfxpers .exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched .exe C:\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer .exe C:\WINDOWS\winshow .exe C:\Program Files\iTunes\iTunesHelper .exe C:\WINDOWS\SYSTEM32\zstatus.exe C:\WINDOWS\winshow .exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\WINDOWS\SYSTEM32\rundll32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Spruce\X_Spruce.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Documents and Settings\jamie\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch F0 - win.ini: load=C:\WINDOWS\system32\pmkjk.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe F3 - REG:win.ini: Load=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file) O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file) O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file) O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file) O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file) O2 - BHO: (no name) - {2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73} - C:\WINDOWS\SYSTEM32\mljkjkj.dll O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file) O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\SYSTEM32\egmulhxk.dll O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file) O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file) O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file) O2 - BHO: SpruceBHO - {54DE7259-C729-45B1-BBD8-4BE9B5BD8248} - C:\Program Files\Spruce\Spruce.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file) O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file) O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file) O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file) O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file) O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file) O2 - BHO: (no name) - {DE30CEA0-163F-4000-91B2-C7EBB901C3AC} - (no file) O2 - BHO: (no name) - {E4773465-E0E3-483E-910F-F324A66E0B65} - C:\WINDOWS\SYSTEM32\pmkjk.dll O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file) O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [rock] rock.exe O4 - HKLM\..\Run: [xqdwp] C:\WINDOWS\system32\rrxvxiqpr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Explorer 2238] C:\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer .exe O4 - HKLM\..\Run: [tutcdchk2] c:\windows\system32\tutcdchk2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow .exe" O4 - HKLM\..\RunServices: [xqdwp] C:\WINDOWS\system32\rrxvxiqpr.exe O4 - HKLM\..\RunServices: [tutcdchk2] c:\windows\system32\tutcdchk2.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [tutcdchk2] c:\windows\system32\tutcdchk2.exe O4 - Startup: Spruce - Auto Update.lnk = C:\Program Files\Spruce\Spruce.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: QuickBooks Update Agent.lnk = ? O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1 O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2FE68711-8830-417D-95E0-EAB307DB0447} (mpsPwLc7.PMWebSiteLogin) - http://walbridgehome.biz/pw/mpsPwLc7.CAB O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\Software\..\Telephony: DomainName = weyoderinc.com O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = weyoderinc.com O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = weyoderinc.com O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = weyoderinc.com O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - Winlogon Notify: mljkjkj - C:\WINDOWS\system32\mljkjkj.dll O21 - SSODL: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer .exe (file missing) O22 - SharedTaskScheduler: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer .exe (file missing) O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- End of file - 11161 bytes -- File Associations ----------------------------------------------------------- .scr - AutoCADLTScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1" -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing) R1 core - c:\windows\system32\drivers\core.sys R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver> S2 driverpp (Plug and Play Support Driver) - c:\windows\system32\msdrives\driverpp.sys (file missing) S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2007-06-22 06:01:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-11-28 and 2007-12-28 ----------------------------- 2007-12-28 10:31:30 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus> 2007-12-28 10:29:32 8576 --a------ C:\WINDOWS\system32\drivers\bwivqljpuvbd.sys <Not Verified; Panda Software International; RKPavProc Driver> 2007-12-28 10  58 0 d-------- C:\WINDOWS\system32\ActiveScan2007-12-28 10 53 0 d-------- C:\WINDOWS\LastGood2007-12-28 10:05:10 35840 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow> 2007-12-28 09:31:27 6797 --ahs---- C:\WINDOWS\system32\kjkmp.ini2 2007-12-28 09:31:04 386048 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow> 2007-12-27 16:50:34 9984 --a------ C:\WINDOWS\system32\msole32.exe 2007-12-27 16:50:32 27648 --a------ C:\WINDOWS\system32\ace16win.dll 2007-12-27 16:45:30 386048 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow> 2007-12-27 16:35:59 3280 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-27 16:27:55 0 d-------- C:\WINDOWS\system32\appmgmt 2007-12-27 16:27:52 0 d-------- C:\WINDOWS\SxsCaPendDel 2007-12-27 16:16:59 386048 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow> 2007-12-27 16:12:48 386048 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow> 2007-12-27 16:11:49 27904 --a------ C:\WINDOWS\iexplorr23.dll 2007-12-27 16:11:47 15104 --a------ C:\WINDOWS\system32\wml.exe 2007-12-27 16:11:44 0 d-------- C:\Program Files\3721 2007-12-27 16:10:38 0 d-------- C:\Program Files\Accoona 2007-12-27 15:33:42 18944 --a------ C:\WINDOWS\kvnab.exe 2007-12-27 15:33:42 16640 --a------ C:\WINDOWS\kvnab.dll 2007-12-27 15:33:41 32256 --a------ C:\WINDOWS\wbeInst$.exe 2007-12-27 15:33:41 30976 --a------ C:\WINDOWS\wbeCheck.exe 2007-12-27 15:33:41 29440 --a------ C:\WINDOWS\settn.dll 2007-12-27 15:33:41 28416 --a------ C:\WINDOWS\pbsysie.dll 2007-12-27 15:33:41 12544 --a------ C:\WINDOWS\kvnab$.exe 2007-12-27 15:33:41 15360 --a------ C:\WINDOWS\hcwprn.exe 2007-12-27 15:33:31 12800 --a------ C:\WINDOWS\vxddsk.exe 2007-12-27 15:33:27 24832 --a------ C:\WINDOWS\7search.dll 2007-12-27 15:01:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-27 14:38:35 18432 --a------ C:\WINDOWS\fkwggshm.exe <Not Verified; Microsoft Corp.; Project1> 2007-12-27 14:21:03 15104 --a------ C:\WINDOWS\xadbrk.dll 2007-12-27 14:21:03 11264 --a------ C:\WINDOWS\liqui.dll 2007-12-27 14:21:02 22016 --a------ C:\WINDOWS\kkcomp.dll 2007-12-27 14:21:01 29952 --a------ C:\WINDOWS\liqad.dll 2007-12-27 14:20:47 386048 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow> 2007-12-27 13:54:01 386048 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow> 2007-12-27 12:13:15 212992 --a------ C:\WINDOWS\troy44 .exe <Not Verified; ; troy44> 2007-12-27 12:13:12 386048 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow> 2007-12-27 11:43:53 386048 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow> 2007-12-27 11:35:56 348160 --a------ C:\WINDOWS\system32\pmkjk.exe 2007-12-27 11:35:17 344576 -----n--- C:\WINDOWS\system32\pmkjk.dll 2007-12-27 11:33:39 4 --a------ C:\WINDOWS\system32\stfv.bin 2007-12-27 11:31:41 17152 --a------ C:\WINDOWS\eventlowg.dll 2007-12-27 11:31:41 22528 --a------ C:\WINDOWS\daxtime.dll 2007-12-27 11:31:37 12544 --a------ C:\WINDOWS\liqui-Uninstaller.exe 2007-12-27 11:31:37 10752 --a------ C:\WINDOWS\liqui.exe 2007-12-27 11:31:37 23296 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe 2007-12-27 11:31:37 15872 --a------ C:\WINDOWS\fhfmm.exe 2007-12-27 11:31:36 25856 --a------ C:\WINDOWS\xadbrk_.exe 2007-12-27 11:31:36 14336 --a------ C:\WINDOWS\xadbrk.exe 2007-12-27 11:31:36 9984 --a------ C:\WINDOWS\kkcomp.exe 2007-12-27 11:31:35 26624 --a------ C:\WINDOWS\liqad.exe 2007-12-27 11:31:35 29184 --a------ C:\WINDOWS\liqad$.exe 2007-12-27 11:31:35 28160 --a------ C:\WINDOWS\kkcomp$.exe 2007-12-27 11:31:34 9472 --a------ C:\WINDOWS\cbinst$.exe 2007-12-27 11:31:30 23296 --a------ C:\WINDOWS\adbar.dll 2007-12-27 11:31:28 11264 --a------ C:\WINDOWS\jd2002.dll 2007-12-27 11:31:27 16384 --a------ C:\WINDOWS\system32\ESHOPEE.exe 2007-12-27 11:31:27 11776 --a------ C:\WINDOWS\spredirect.dll 2007-12-27 11:31:27 0 d-------- C:\Program Files\e-zshopper 2007-12-27 11:31:25 0 d-------- C:\Program Files\amsys 2007-12-27 11:31:23 11008 --a------ C:\WINDOWS\aconti.exe 2007-12-27 11:31:21 0 d-------- C:\WINDOWS\system32\acespy 2007-12-27 11:31:21 11264 --a------ C:\WINDOWS\ie_32.exe 2007-12-27 11:31:19 11776 --a------ C:\WINDOWS\xxxvideo.exe 2007-12-27 11:31:19 26368 --a------ C:\WINDOWS\ngd.dll 2007-12-27 11:31:19 20992 --a------ C:\WINDOWS\hotporn.exe 2007-12-27 11:31:19 20992 --a------ C:\WINDOWS\dp0.dll 2007-12-27 11:31:16 0 d-------- C:\Program Files\p2pnetworks 2007-12-27 11:31:15 0 d-------- C:\Program Files\akl 2007-12-27 11:31:14 27392 --a------ C:\WINDOWS\wml.exe 2007-12-27 11:31:14 12800 --a------ C:\WINDOWS\system32\vxddsk.exe 2007-12-27 11:31:12 30464 --a------ C:\WINDOWS\flt.dll 2007-12-27 11:31:11 31744 --a------ C:\WINDOWS\pbar.dll 2007-12-27 11:31:11 28416 --a------ C:\WINDOWS\764.exe 2007-12-27 11:30:51 0 d-------- C:\Program Files\WinAble 2007-12-27 11:26:06 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin 2007-12-27 11:26:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio 2007-12-27 11:25:51 0 d-------- C:\Program Files\Spruce 2007-12-27 11:25:33 108551 --a------ C:\WINDOWS\system32\lpcywinp.exe <Not Verified; Microsoft; _> 2007-12-27 11:25:33 21504 --a------ C:\WINDOWS\system32\egmulhxk.dll <Not Verified; Microsoft; Windows Explorer cdrom optimizer> 2007-12-27 11:24:23 2 --a------ C:\WINDOWS\system32\wapiisv32.exe 2007-12-27 11:24:20 0 d-------- C:\Program Files\Common Files\?dobe 2007-12-27 11:23:52 39936 --a------ C:\WINDOWS\mrofinu77.exe 2007-12-27 11:23:32 39936 --a------ C:\WINDOWS\mrofinu1000106.exe 2007-12-27 11:23:25 0 d--hs---- C:\WINDOWS\SmFtaWVT 2007-12-27 11:23:14 39936 --a------ C:\WINDOWS\system32\mljkjkj.dll 2007-12-27 11:23:08 80640 -----n--- C:\WINDOWS\system32\drivers\core.sys 2007-12-27 11:23:07 0 d-------- C:\WINDOWS\system32\to9 2007-12-27 11:23:07 0 d-------- C:\WINDOWS\system32\dj2 2007-12-27 11:23:07 0 d-------- C:\WINDOWS\system32\bbc9 2007-12-27 11:23:07 0 d-------- C:\WINDOWS\system32\b1 2007-12-27 11:23:00 0 d-------- C:\WINDOWS\system32\ardCo02 2007-12-27 11:23:00 0 d-------- C:\Temp 2007-12-27 11:22:48 386048 --a------ C:\WINDOWS\winshow.exe <Not Verified; ; winshow> 2007-12-25 05:55:00 53760 --a------ C:\WINDOWS\b122.exe 2007-12-10 12:01:35 0 d-------- C:\WINDOWS\network diagnostic -- Find3M Report --------------------------------------------------------------- 2007-12-28 11:13:24 0 d-------- C:\Program Files\iTunes 2007-12-28 11:12:34 0 d-------- C:\Program Files\Google 2007-12-28 11:10:57 0 d-------- C:\Program Files\Common Files\Autodesk Shared 2007-12-28 10:05:20 0 d-------- C:\Program Files\QuickTime 2007-12-28 10:05:18 0 d-------- C:\Program Files\hp LaserJet 1000 2007-12-28 10:05:15 0 d-------- C:\Program Files\Messenger 2007-12-28 10:04:20 463872 --a------ C:\WINDOWS\system32\igfxpers.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface> 2007-12-28 10:04:19 427008 --a------ C:\WINDOWS\system32\hkcmd.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface> 2007-12-28 10:04:18 443392 --a------ C:\WINDOWS\system32\igfxtray.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface> 2007-12-27 16:27:47 0 d-------- C:\Program Files\Windows Defender 2007-12-27 15:32:37 0 d-------- C:\Program Files\RegistryFix 2007-12-27 13:55:44 0 d-------- C:\Program Files\Common Files 2007-12-27 11:32:52 0 d-------- C:\Program Files\Common Files\?dobe 2007-11-08 12:27:43 0 d-------- C:\Documents and Settings\jamie\Application Data\Autodesk 2007-11-08 11:11:56 0 d-------- C:\Program Files\AutoCAD LT 2006 2007-11-08 11:11:04 0 d-------- C:\Program Files\AnswerWorks 4.0 -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}] 12/27/2007 11:23 AM 39936 --a------ C:\WINDOWS\system32\mljkjkj.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{477840F3-BA52-44D9-8E41-38D61CAA010F}] 12/27/2007 11:25 AM 21504 --a------ C:\WINDOWS\system32\egmulhxk.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54DE7259-C729-45B1-BBD8-4BE9B5BD8248}] 11/29/2007 10:28 AM 401408 --a------ C:\Program Files\Spruce\Spruce.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE30CEA0-163F-4000-91B2-C7EBB901C3AC}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4773465-E0E3-483E-910F-F324A66E0B65}] 12/27/2007 11:35 AM 344576 --------- C:\WINDOWS\system32\pmkjk.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [12/28/2007 10:04 AM] "StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [12/28/2007 10:04 AM] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [12/28/2007 10:04 AM] "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [] "DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [12/28/2007 10:05 AM] "hp 1000 firmware"="C:\Program Files\hp LaserJet 1000\fwdl.exe" [12/28/2007 10:04 AM] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/28/2007 10:04 AM] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/28/2007 10:04 AM] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/28/2007 10:04 AM] "rock"="rock.exe" [] "xqdwp"="C:\WINDOWS\system32\rrxvxiqpr.exe" [] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/28/2007 10:04 AM] "Explorer 2238"="C:\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer .exe" [] "tutcdchk2"="c:\windows\system32\tutcdchk2.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [12/28/2007 10:05 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/28/2007 10:04 AM] "winshow"="C:\WINDOWS\winshow .exe" [12/28/2007 10:05 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sonic RecordNow!"="" [] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [12/28/2007 10:04 AM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM] "tutcdchk2"="c:\windows\system32\tutcdchk2.exe" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "xqdwp"=C:\WINDOWS\system32\rrxvxiqpr.exe "tutcdchk2"=c:\windows\system32\tutcdchk2.exe C:\Documents and Settings\jamie\Start Menu\Programs\Startup\ DESKTOP.INI [9/3/2002 1:36:04 PM] Spruce - Auto Update.lnk - C:\Program Files\Spruce\Spruce.exe [12/27/2007 11:25:40 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [7/20/2004 1:31:51 PM] APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [4/22/2004 8:13:12 AM] AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [3/5/2005 8:18:22 AM] DESKTOP.INI [9/3/2002 1:36:04 PM] QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [3/24/2006 2:59:13 PM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"= C:\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer .exe [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}"= C:\WINDOWS\system32\mljkjkj.dll [12/27/2007 11:23 AM 39936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "DCOM Server 2238"= {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer .exe [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkjkj] mljkjkj.dll 12/27/2007 11:23 AM 39936 C:\WINDOWS\SYSTEM32\mljkjkj.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkjk [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{895fb503-53c3-11db-9c9b-000cf1df667d}] Explore\command- explorer.exe /n,/e ,. Launch\command- E:\portablevaultaes.exe *Newly Created Service* - BWIVQLJPUVBD *Newly Created Service* - RKPAVPROC *Newly Created Service* - SDTHOOK -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.trendmicro.com 127.0.0.1 downloads1.kaspersky-labs.com -- End of Deckard's System Scanner: finished at 2007-12-28 11:49:11 ------------ Last edited by Angelfire777 : 12-29-2007 at 08:08 PM. |
|
     |
|
12-29-2007, 08:01 PM
|
#2 (permalink) |
|
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Oct 2006
Posts: 3,045
OS: XP
|
Re: Need help - Followed all directions - Please see thread
Hi, welcome to TSF!
I edited your email because there are some bots around which harvests email addresses for them to spam and I'm sure you do not want that to happen. Your machine is badly infected and one reason is that because you don't have an antivirus present in your system. I'll provide instructions for you to download one later. Download combofix.exe
Download RenV.exe 1. Download & double click to run it 2. a log file will be created. Please post all the contents of that log to your next reply.
__________________
Proud member of UNITE and ASAP since 2006  If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it. |
|
|
|
|
12-31-2007, 07:14 AM
|
#3 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 18
OS: win xp
|
Re: Need help - Followed all directions - Please see thread
ComboFix 07-12-31.4 - jamie 2007-12-31 8:51:25.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.204 [GMT -5:00] Running from: C:\Documents and Settings\jamie\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip C:\Documents and Settings\jamie\Application Data\macromedia\Flash Player\#SharedObjects\SPDG95EY\www.broadcaster.com C:\Documents and Settings\jamie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\jamie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\Documents and Settings\jamie\wn0032.exe C:\Program Files\3721 C:\Program Files\3721\assist\asbar.dll C:\Program Files\3721\helper.dll C:\Program Files\Accoona C:\Program Files\Accoona\ASearchAssist.dll C:\Program Files\akl C:\Program Files\akl\akl.dll C:\Program Files\akl\akl.exe C:\Program Files\akl\curlog.htm C:\Program Files\akl\keylog.txt C:\Program Files\akl\readme.txt C:\Program Files\akl\uninstall.exe C:\Program Files\akl\unsetup.dat C:\Program Files\akl\unsetup.exe C:\Program Files\amsys C:\Program Files\amsys\awmsg.dat C:\Program Files\amsys\guid.dat C:\Program Files\amsys\ijl15.dll C:\Program Files\amsys\mfc42.dll C:\Program Files\amsys\msvcrt.dll C:\Program Files\amsys\unins000.dat C:\Program Files\amsys\unis000.exe C:\Program Files\amsys\winam.dat C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Common Files\dobe~1 C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\e-zshopper C:\Program Files\e-zshopper\BarLcher.dll C:\Program Files\hp LaserJet 1000\fwdl.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\p2pnetworks C:\Program Files\p2pnetworks\amp2pl.exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Spruce C:\Program Files\Spruce\Spruce.dll C:\Program Files\Spruce\Spruce.dll.intermediate.manifest C:\Program Files\Spruce\Spruce.exe C:\Program Files\Spruce\Spruce.info C:\Program Files\Spruce\Spruce.original C:\Program Files\Spruce\SpruceRg.dll C:\Program Files\Spruce\un_SpruceSetup_17737.exe C:\Program Files\Spruce\un_SpruceSetup_17737.txt C:\Program Files\Spruce\X_Spruce.exe C:\Program Files\Spruce\X_Spruce.log C:\Program Files\WinAble C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\temp\tn3 C:\WINDOWS\764.exe C:\WINDOWS\7search.dll C:\WINDOWS\absolute key logger.lnk C:\WINDOWS\aconti.exe C:\WINDOWS\aconti.ini C:\WINDOWS\aconti.log C:\WINDOWS\aconti.sdb C:\WINDOWS\acontidialer.txt C:\WINDOWS\adbar.dll C:\WINDOWS\b122.exe C:\WINDOWS\cbinst$.exe C:\WINDOWS\daxtime.dll C:\WINDOWS\default.htm C:\WINDOWS\Downloaded Program Files\Temp C:\WINDOWS\dp0.dll C:\WINDOWS\eventlowg.dll C:\WINDOWS\fhfmm-Uninstaller.exe C:\WINDOWS\fhfmm.exe C:\WINDOWS\flt.dll C:\WINDOWS\hcwprn.exe C:\WINDOWS\hotporn.exe C:\WINDOWS\ie_32.exe C:\WINDOWS\iexplorr23.dll C:\WINDOWS\jd2002.dll C:\WINDOWS\kkcomp$.exe C:\WINDOWS\kkcomp.dll C:\WINDOWS\kkcomp.exe C:\WINDOWS\kvnab$.exe C:\WINDOWS\kvnab.dll C:\WINDOWS\kvnab.exe C:\WINDOWS\liqad$.exe C:\WINDOWS\liqad.dll C:\WINDOWS\liqad.exe C:\WINDOWS\liqui-Uninstaller.exe C:\WINDOWS\liqui.dll C:\WINDOWS\liqui.exe C:\WINDOWS\mrofinu1000106.exe C:\WINDOWS\mrofinu77.exe C:\WINDOWS\ngd.dll C:\WINDOWS\pbar.dll C:\WINDOWS\pbsysie.dll C:\WINDOWS\search_res.txt C:\WINDOWS\settn.dll C:\WINDOWS\spredirect.dll C:\WINDOWS\system32\ace16win.dll C:\WINDOWS\system32\acespy C:\WINDOWS\system32\acespy\__acelog.ndx C:\WINDOWS\system32\acespy\systune.exe C:\WINDOWS\system32\b1 C:\WINDOWS\system32\ctfmon.exe.tmp C:\WINDOWS\system32\din.ip C:\WINDOWS\system32\dpqaqlqx.bin C:\WINDOWS\system32\drivers\blank.gif C:\WINDOWS\system32\drivers\box_2.gif C:\WINDOWS\system32\drivers\button_buynow.gif C:\WINDOWS\system32\drivers\button_freescan.gif C:\WINDOWS\system32\drivers\cell_bg.gif C:\WINDOWS\system32\drivers\cell_footer.gif C:\WINDOWS\system32\drivers\cell_header_block.gif C:\WINDOWS\system32\drivers\cell_header_remove.gif C:\WINDOWS\system32\drivers\cell_header_scan.gif C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\drivers\core.sys C:\WINDOWS\system32\drivers\detect.htm C:\WINDOWS\system32\drivers\download_btn.jpg C:\WINDOWS\system32\drivers\download_now_btn.gif C:\WINDOWS\system32\drivers\footer_back.jpg C:\WINDOWS\system32\drivers\header_1.gif C:\WINDOWS\system32\drivers\header_2.gif C:\WINDOWS\system32\drivers\header_3.gif C:\WINDOWS\system32\drivers\header_4.gif C:\WINDOWS\system32\drivers\header_red_bg.gif C:\WINDOWS\system32\drivers\header_red_free_scan.gif C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif C:\WINDOWS\system32\drivers\infected.gif C:\WINDOWS\system32\drivers\main_back.gif C:\WINDOWS\system32\drivers\product_2_header.gif C:\WINDOWS\system32\drivers\product_2_name_small.gif C:\WINDOWS\system32\drivers\product_features.gif C:\WINDOWS\system32\drivers\pt.htm C:\WINDOWS\system32\drivers\rating.gif C:\WINDOWS\system32\drivers\s_detect.htm C:\WINDOWS\system32\drivers\screenshot.jpg C:\WINDOWS\system32\drivers\sep_hor.gif C:\WINDOWS\system32\drivers\sep_vert.gif C:\WINDOWS\system32\drivers\shadow.jpg C:\WINDOWS\system32\drivers\shadow_bg.gif C:\WINDOWS\system32\drivers\spacer.gif C:\WINDOWS\system32\drivers\star.gif C:\WINDOWS\system32\drivers\star_gray.gif C:\WINDOWS\system32\drivers\star_gray_small.gif C:\WINDOWS\system32\drivers\star_small.gif C:\WINDOWS\system32\drivers\style.css C:\WINDOWS\system32\drivers\v.gif C:\WINDOWS\system32\drivers\warning_icon.gif C:\WINDOWS\system32\drivers\win_logo.gif C:\WINDOWS\system32\drivers\x.gif C:\WINDOWS\system32\egmulhxk.dll C:\WINDOWS\system32\ESHOPEE.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SYSTEM32\igfxpers.exe C:\WINDOWS\SYSTEM32\igfxtray.exe C:\WINDOWS\system32\imas3r C:\WINDOWS\SYSTEM32\kjkmp.ini C:\WINDOWS\SYSTEM32\kjkmp.ini2 C:\WINDOWS\system32\lpcywinp.exe C:\WINDOWS\system32\mljkjkj.dll C:\WINDOWS\system32\msole32.exe C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\pmkjk.dll C:\WINDOWS\system32\pmkjk.exe C:\WINDOWS\system32\stfv.bin C:\WINDOWS\system32\sznf.ascii C:\WINDOWS\system32\vxddsk.exe C:\WINDOWS\system32\wapiisv32.exe C:\WINDOWS\system32\wml.exe C:\WINDOWS\vxddsk.exe C:\WINDOWS\wbeCheck.exe C:\WINDOWS\wbeInst$.exe C:\WINDOWS\winshow .exe C:\WINDOWS\winshow .exe C:\WINDOWS\winshow .exe C:\WINDOWS\winshow .exe C:\WINDOWS\winshow .exe C:\WINDOWS\winshow .exe C:\WINDOWS\winshow .exe C:\WINDOWS\winshow .exe C:\WINDOWS\winshow .exe C:\WINDOWS\winshow.exe C:\WINDOWS\wml.exe C:\WINDOWS\xadbrk.dll C:\WINDOWS\xadbrk.exe C:\WINDOWS\xadbrk_.exe C:\WINDOWS\xxxvideo.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CORE -------\LEGACY_DRIVERPP -------\LEGACY_NETWORK_MONITOR -------\core -------\driverpp ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))) . 2007-12-31 08:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-12-31 08:41 . 2007-12-31 08:41 348,160 --a------ C:\WINDOWS\SYSTEM32\RCX2B.tmp 2007-12-31 08:41 . 2007-12-31 08:41 35,840 --a------ C:\WINDOWS\winshow .exe 2007-12-28 11:45 . 2007-12-28 11:45 <DIR> d-------- C:\Deckard 2007-12-28 10:31 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS 2007-12-28 10:29 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\bwivqljpuvbd.sys 2007-12-28 10:07 . 2007-12-28 10:26 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico 2007-12-28 10:07 . 2007-12-28 10:26 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico 2007-12-28 10:07 . 2007-12-28 10:26 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico 2007-12-28 10:06 . 2007-12-28 11:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan 2007-12-27 16:44 . 2007-12-27 16:44 348,160 --a------ C:\WINDOWS\SYSTEM32\RCX31.tmp 2007-12-27 16:35 . 2007-12-27 16:50 3,280 --a------ C:\WINDOWS\SYSTEM32\tmp.reg 2007-12-27 16:27 . 2007-12-27 16:44 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-12-27 15:01 . 2007-12-28 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-27 14:38 . 2007-12-28 16:25 18,432 --a------ C:\WINDOWS\fkwggshm.exe 2007-12-27 14:19 . 2007-12-27 14:19 348,160 --a------ C:\WINDOWS\SYSTEM32\RCX35.tmp 2007-12-27 13:53 . 2007-12-27 13:53 348,160 --a------ C:\WINDOWS\SYSTEM32\RCX34.tmp 2007-12-27 12:13 . 2007-12-27 12:13 365,056 --a------ C:\WINDOWS\SYSTEM32\OLD76.tmp 2007-12-27 12:13 . 2007-12-27 12:13 212,992 --a------ C:\WINDOWS\troy44 .exe 2007-12-27 12:12 . 2007-12-27 12:12 348,160 --a------ C:\WINDOWS\SYSTEM32\RCX37.tmp 2007-12-27 11:43 . 2007-12-31 08:41 114,688 --a------ C:\WINDOWS\SYSTEM32\igfxpers .exe 2007-12-27 11:43 . 2007-12-31 08:41 94,208 --a------ C:\WINDOWS\SYSTEM32\igfxtray .exe 2007-12-27 11:43 . 2007-12-31 08:41 77,824 --a------ C:\WINDOWS\SYSTEM32\hkcmd .exe 2007-12-27 11:42 . 2007-12-28 09:30 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon .exe 2007-12-27 11:26 . 2007-12-27 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio 2007-12-27 11:25 . 2007-12-27 11:25 4 --a------ C:\WINDOWS\SYSTEM32\jpewocmz.ini 2007-12-27 11:23 . 2007-12-27 12:06 <DIR> d-------- C:\WINDOWS\SYSTEM32\to9 2007-12-27 11:23 . 2007-12-27 12:06 <DIR> d-------- C:\WINDOWS\SYSTEM32\dj2 2007-12-27 11:23 . 2007-12-27 11:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\bbc9 2007-12-27 11:23 . 2007-12-28 11:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\ardCo02 2007-12-27 11:23 . 2007-12-27 11:41 <DIR> d--hs---- C:\WINDOWS\SmFtaWVT 2007-12-27 11:23 . 2007-12-27 11:23 <DIR> d-------- C:\Temp\cEeer12 2007-12-27 11:23 . 2007-12-31 09:01 <DIR> d-------- C:\Temp 2007-12-27 11:23 . 2007-12-27 11:42 389,120 --a------ C:\WINDOWS\mrofinu77.exe.tmp 2007-12-10 12:01 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll 2007-11-08 11:11 . 2007-11-08 12:27 <DIR> d-------- C:\Documents and Settings\jamie\Application Data\Autodesk 2007-11-08 11:10 . 2007-11-08 11:11 <DIR> d-------- C:\Program Files\AnswerWorks 4.0 2007-11-08 11:08 . 2007-11-08 11:11 <DIR> d-------- C:\Program Files\AutoCAD LT 2006 2007-11-08 11:08 . 2007-11-08 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-31 13:59 --------- d-----w C:\Program Files\QuickTime 2007-12-31 13:58 --------- d-----w C:\Program Files\iTunes 2007-12-31 13:58 --------- d-----w C:\Program Files\hp LaserJet 1000 2007-12-28 16:12 --------- d-----w C:\Program Files\Google 2007-12-28 16:10 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2007-12-27 21:27 --------- d-----w C:\Program Files\Windows Defender 2007-12-27 20:32 --------- d-----w C:\Program Files\RegistryFix 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2006-04-30 00:50 3,050 ----a-w C:\Program Files\secure32.html.tcf 2006-03-25 00:38 147,456 ----a-w C:\Documents and Settings\jamie\mbpopup.dll 2006-03-24 21:12 49 ----a-w C:\Documents and Settings\jamie\MktPatchT.bat 2006-03-24 21:12 36,864 ----a-w C:\Documents and Settings\jamie\VersAct.dll 2006-03-24 20:30 2,391 ----a-w C:\Documents and Settings\jamie\qbbackup.sys 2006-03-24 20:25 823,296 ----a-w C:\Documents and Settings\jamie\EfpOfxGen.DLL 2006-03-24 20:25 299,008 ----a-w C:\Documents and Settings\jamie\EfpOfxDao.DLL 2006-03-24 19:59 10,108 ----a-w C:\Documents and Settings\jamie\reboot.bat 2003-10-25 21:20 795,568 ----a-w C:\Documents and Settings\jamie\ecredit.dll 2003-10-25 21:20 316,336 ----a-w C:\Documents and Settings\jamie\qbprefs.dll 2003-10-25 21:20 2,700,208 ----a-w C:\Documents and Settings\jamie\qbw32.exe 2003-10-25 21:20 160,696 ----a-w C:\Documents and Settings\jamie\NAAuthTool.dll 2003-10-25 09:04 974,848 ----a-w C:\Documents and Settings\jamie\QBSetupUtil.dll 2003-10-25 09:04 917,504 ----a-w C:\Documents and Settings\jamie\Prefs.dll 2003-10-25 09:04 905,216 ----a-w C:\Documents and Settings\jamie\qbform32.DLL 2003-10-25 09:04 90,112 ----a-w C:\Documents and Settings\jamie\StatusRequestHandler.dll 2003-10-25 09:04 90,112 ----a-w C:\Documents and Settings\jamie\ShoeBox.dll 2003-10-25 09:04 81,920 ----a-w C:\Documents and Settings\jamie\qbxmlrp.dll 2003-10-25 09:04 81,920 ----a-w C:\Documents and Settings\jamie\qbxladin.dll 2003-10-25 09:04 774,144 ----a-w C:\Documents and Settings\jamie\Qbconv32.dll 2003-10-25 09:04 729,088 ----a-w C:\Documents and Settings\jamie\AppCore.dll 2003-10-25 09:04 720,896 ----a-w C:\Documents and Settings\jamie\txncore.dll 2003-10-25 09:04 7,680 ----a-w C:\Documents and Settings\jamie\qbmfct32.dll 2003-10-25 09:04 69,685 ----a-w C:\Documents and Settings\jamie\QBConnectorBridge.dll 2003-10-25 09:04 684,032 ----a-w C:\Documents and Settings\jamie\Qbstyl32.dll 2003-10-25 09:04 581,632 ----a-w C:\Documents and Settings\jamie\skucore.dll 2003-10-25 09:04 540,672 ----a-w C:\Documents and Settings\jamie\qbbrow32.dll 2003-10-25 09:04 53,248 ----a-w C:\Documents and Settings\jamie\TaxAlertsECL.dll 2003-10-25 09:04 53,248 ----a-w C:\Documents and Settings\jamie\featuremgr.dll 2003-10-25 09:04 520,192 ----a-w C:\Documents and Settings\jamie\QBSDKNotify.dll 2003-10-25 09:04 495,616 ----a-w C:\Documents and Settings\jamie\tracking.dll 2003-10-25 09:04 49,152 ----a-w C:\Documents and Settings\jamie\PM.DLL 2003-10-25 09:04 413,696 ----a-w C:\Documents and Settings\jamie\qbmsintg.dll 2003-10-25 09:04 4,886,528 ----a-w C:\Documents and Settings\jamie\payres.dll 2003-10-25 09:04 4,386,816 ----a-w C:\Documents and Settings\jamie\qbwfls32.dll 2003-10-25 09:04 385,024 ----a-w C:\Documents and Settings\jamie\Qbwpr32.dll 2003-10-25 09:04 36,864 ----a-w C:\Documents and Settings\jamie\excelpayrolldatasource.dll 2003-10-25 09:04 356,352 ----a-w C:\Documents and Settings\jamie\payutil.dll 2003-10-25 09:04 352,256 ----a-w C:\Documents and Settings\jamie\sdkutil.dll 2003-10-25 09:04 331,776 ----a-w C:\Documents and Settings\jamie\ADR.DLL 2003-10-25 09:04 327,680 ----a-w C:\Documents and Settings\jamie\qbinstal.dll 2003-10-25 09:04 323,584 ----a-w C:\Documents and Settings\jamie\Qbqwut32.dll 2003-10-25 09:04 315,392 ----a-w C:\Documents and Settings\jamie\SendError.dll 2003-10-25 09:04 307,200 ----a-w C:\Documents and Settings\jamie\tiupload.dll 2003-10-25 09:04 3,584,000 ----a-w C:\Documents and Settings\jamie\Qbwin32.dll 2003-10-25 09:04 3,473,408 ----a-w C:\Documents and Settings\jamie\sdkdatabind.dll 2003-10-25 09:04 3,420,160 ----a-w C:\Documents and Settings\jamie\Qbwrpt32.dll 2003-10-25 09:04 3,211,264 ----a-w C:\Documents and Settings\jamie\sdkqbimpl.dll 2003-10-25 09:04 294,912 ----a-w C:\Documents and Settings\jamie\qbot.dll 2003-10-25 09:04 28,718 ----a-w C:\Documents and Settings\jamie\QBCMIAddin.dll 2003-10-25 09:04 278,528 ----a-w C:\Documents and Settings\jamie\ElCore.dll 2003-10-25 09:04 270,336 ----a-w C:\Documents and Settings\jamie\SendForms.dll 2003-10-25 09:04 25,088 ----a-w C:\Documents and Settings\jamie\sdkevent.dll 2003-10-25 09:04 225,280 ----a-w C:\Documents and Settings\jamie\payxsgen.dll 2003-10-25 09:04 204,849 ----a-w C:\Documents and Settings\jamie\QBSetupWizard.dll 2003-10-25 09:04 204,800 ----a-w C:\Documents and Settings\jamie\MsgDBAddin.dll 2003-10-25 09:04 2,306,048 ----a-w C:\Documents and Settings\jamie\Features.dll 2003-10-25 09:04 2,215,936 ----a-w C:\Documents and Settings\jamie\Qbonli32.dll 2003-10-25 09:04 2,031,616 ----a-w C:\Documents and Settings\jamie\qboesd32.dll 2003-10-25 09:04 172,032 ----a-w C:\Documents and Settings\jamie\Utilities.dll 2003-10-25 09:04 172,032 ----a-w C:\Documents and Settings\jamie\Qba32.dll 2003-10-25 09:04 155,648 ----a-w C:\Documents and Settings\jamie\NetworkAdapterManager.dll 2003-10-25 09:04 143,360 ----a-w C:\Documents and Settings\jamie\RcvPmtRequestHandler.dll 2003-10-25 09:04 14,848 ----a-w C:\Documents and Settings\jamie\ESHELL.DLL 2003-10-25 09:04 139,264 ----a-w C:\Documents and Settings\jamie\QBSyncUI.dll 2003-10-25 09:04 135,168 ----a-w C:\Documents and Settings\jamie\qbci32.dll 2003-10-25 09:04 135,168 ----a-w C:\Documents and Settings\jamie\QBAttr32.dll 2003-10-25 09:04 122,880 ----a-w C:\Documents and Settings\jamie\sdkcore.dll 2003-10-25 09:04 114,688 ----a-w C:\Documents and Settings\jamie\Qbinbox.dll 2003-10-25 09:04 11,776 ----a-w C:\Documents and Settings\jamie\UM.DLL 2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\QBSyncBridge.dll 2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\qbitools.DLL 2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\PRLoader.dll 2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\merchantcard.dll 2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\icwrapper.dll 2003-10-25 09:04 1,724,416 ----a-w C:\Documents and Settings\jamie\TxnForm.dll 2003-10-25 09:04 1,687,552 ----a-w C:\Documents and Settings\jamie\Qbintr32.dll 2003-10-25 09:04 1,605,632 ----a-w C:\Documents and Settings\jamie\payserv.dll 2003-10-25 09:04 1,445,888 ----a-w C:\Documents and Settings\jamie\tej32.dll 2003-10-25 09:04 1,417,216 ----a-w C:\Documents and Settings\jamie\qbchao32.dll 2003-10-25 09:04 1,335,296 ----a-w C:\Documents and Settings\jamie\qblist32.DLL 2003-10-25 09:04 1,277,952 ----a-w C:\Documents and Settings\jamie\paycore.dll 2003-10-25 09:04 1,273,856 ----a-w C:\Documents and Settings\jamie\qbtool32.DLL 2003-10-25 09:04 1,224,704 ----a-w C:\Documents and Settings\jamie\qbtxn32.dll 2003-10-25 09:04 1,093,632 ----a-w C:\Documents and Settings\jamie\ui.dll 2003-10-25 09:03 544,768 ----a-w C:\Documents and Settings\jamie\ACE.DLL 2003-10-25 09:03 27,136 ----a-w C:\Documents and Settings\jamie\ACM.DLL 2003-10-25 09:03 1,114,112 ----a-w C:\Documents and Settings\jamie\ABMAPI.DLL 2003-10-25 08:35 483,328 ----a-w C:\Documents and Settings\jamie\Techhelp.exe 2003-10-25 07:49 73,728 ----a-w C:\Documents and Settings\jamie\regqb.exe 2003-10-25 07:33 86,016 ----a-w C:\Documents and Settings\jamie\autobackupexe.exe 2003-10-09 17:38 12,221 ------w C:\Documents and Settings\jamie\regqb.dat . Code:
----a-w 69,632 2007-12-31 13:41:06 C:\Program Files\Common Files\Dell\EUSW\Support .exe ----a-w 180,269 2007-12-31 13:41:27 C:\Program Files\Common Files\Real\Update_OB\realsched .exe ----a-w 155,648 2007-12-31 13:41:01 C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe ----a-w 204,800 2007-12-31 13:41:05 C:\Program Files\Dell\Media Experience\PCMService .exe ----a-w 36,864 2007-12-31 13:41:09 C:\Program Files\hp LaserJet 1000\fwdl .exe ----a-w 221,184 2007-12-31 13:40:59 C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe ----a-w 257,088 2007-12-31 13:41:37 C:\Program Files\iTunes\iTunesHelper .exe ----a-w 1,694,208 2007-12-31 13:41:49 C:\Program Files\Messenger\msmsgs .exe ----a-w 1,460,560 2007-12-28 14:31:39 C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe ----a-w 866,584 2007-12-27 21:16:59 C:\Program Files\Windows Defender\MSASCui .exe ----a-w 212,992 2007-12-27 17:13:15 C:\WINDOWS\troy44 .exe ----a-w 35,840 2007-12-31 13:41:41 C:\WINDOWS\winshow .exe ----a-w 15,360 2007-12-28 14:30:13 C:\WINDOWS\SYSTEM32\ctfmon .exe ----a-w 77,824 2007-12-31 13:41:17 C:\WINDOWS\SYSTEM32\hkcmd .exe ----a-w 114,688 2007-12-31 13:41:20 C:\WINDOWS\SYSTEM32\igfxpers .exe ----a-w 94,208 2007-12-31 13:41:13 C:\WINDOWS\SYSTEM32\igfxtray .exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sonic RecordNow!"="" [] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360] "tutcdchk2"="c:\windows\system32\tutcdchk2.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [ ] "StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [ ] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [ ] "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [ ] "DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [ ] "hp 1000 firmware"="C:\Program Files\hp LaserJet 1000\fwdl.exe" [ ] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [ ] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ ] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [ ] "rock"="rock.exe" [] "xqdwp"="C:\WINDOWS\system32\rrxvxiqpr.exe" [ ] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ] "tutcdchk2"="c:\windows\system32\tutcdchk2.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "xqdwp"="C:\WINDOWS\system32\rrxvxiqpr.exe" [ ] "tutcdchk2"="c:\windows\system32\tutcdchk2.exe" [ ] C:\Documents and Settings\jamie\Start Menu\Programs\Startup\ Spruce - Auto Update.lnk - C:\QooBox\Quarantine\C\Program Files\Spruce\Spruce.exe.vir [2007-12-27 11:25:40] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-07-20 13:31:51] APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2004-04-22 08:13:12] AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22] QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-03-24 14:59:13] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{895fb503-53c3-11db-9c9b-000cf1df667d}] \Shell\Explore\command - explorer.exe /n,/e ,. \Shell\Launch\command - E:\portablevaultaes.exe . Contents of the 'Scheduled Tasks' folder "2007-06-22 11:01:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-31 09:05:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-31 9:11:09 - machine was rebooted C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 14:11:06 . 2007-12-20 19:15:03 --- E O F --- NEW HIJACK THIS LOG------------------> Deckard's System Scanner v20071014.68 Run by jamie on 2007-12-31 09:16:48 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 510 MiB (512 MiB recommended). -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2007-12-31 09:17:18 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\SYSTEM32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\SYSTEM32\services.exe C:\WINDOWS\SYSTEM32\lsass.exe C:\WINDOWS\SYSTEM32\svchost.exe C:\WINDOWS\SYSTEM32\svchost.exe C:\WINDOWS\SYSTEM32\spoolsv.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\SYSTEM32\ctfmon.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\WINDOWS\SYSTEM32\zstatus.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\jamie\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [rock] rock.exe O4 - HKLM\..\Run: [xqdwp] C:\WINDOWS\system32\rrxvxiqpr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [tutcdchk2] c:\windows\system32\tutcdchk2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunServices: [xqdwp] C:\WINDOWS\system32\rrxvxiqpr.exe O4 - HKLM\..\RunServices: [tutcdchk2] c:\windows\system32\tutcdchk2.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [tutcdchk2] c:\windows\system32\tutcdchk2.exe O4 - Startup: Spruce - Auto Update.lnk = C:\QooBox\Quarantine\C\Program Files\Spruce\Spruce.exe.vir O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: QuickBooks Update Agent.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2FE68711-8830-417D-95E0-EAB307DB0447} (mpsPwLc7.PMWebSiteLogin) - http://walbridgehome.biz/pw/mpsPwLc7.CAB O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\Software\..\Telephony: DomainName = weyoderinc.com O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = weyoderinc.com O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = weyoderinc.com O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = weyoderinc.com O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- End of file - 7327 bytes -- Files created between 2007-11-30 and 2007-12-31 ----------------------------- 2007-12-31 08:41:40 35840 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow> 2007-12-28 10:31:30 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus> 2007-12-28 10:29:32 8576 --a------ C:\WINDOWS\system32\drivers\bwivqljpuvbd.sys <Not Verified; Panda Software International; RKPavProc Driver> 2007-12-28 10 58 0 d-------- C:\WINDOWS\system32\ActiveScan2007-12-27 16:35:59 3280 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-27 16:27:55 0 d-------- C:\WINDOWS\system32\appmgmt 2007-12-27 16:27:52 0 d-------- C:\WINDOWS\SxsCaPendDel 2007-12-27 15:01:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-27 14:38:35 18432 --a------ C:\WINDOWS\fkwggshm.exe <Not Verified; Microsoft Corp.; Project1> 2007-12-27 12:13:15 212992 --a------ C:\WINDOWS\troy44 .exe <Not Verified; ; troy44> 2007-12-27 11:26:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio 2007-12-27 11:23:25 0 d--hs---- C:\WINDOWS\SmFtaWVT 2007-12-27 11:23:07 0 d-------- C:\WINDOWS\system32\to9 2007-12-27 11:23:07 0 d-------- C:\WINDOWS\system32\dj2 2007-12-27 11:23:07 0 d-------- C:\WINDOWS\system32\bbc9 2007-12-27 11:23:00 0 d-------- C:\WINDOWS\system32\ardCo02 2007-12-27 11:23:00 0 d-------- C:\Temp 2007-12-10 12:01:35 0 d-------- C:\WINDOWS\network diagnostic -- Find3M Report --------------------------------------------------------------- 2007-12-31 09:01:45 0 d-------- C:\Program Files\Common Files 2007-12-31 08:59:16 0 d-------- C:\Program Files\QuickTime 2007-12-31 08:58:47 0 d-------- C:\Program Files\Messenger 2007-12-31 08:58:45 0 d-------- C:\Program Files\iTunes 2007-12-31 08:58:40 0 d-------- C:\Program Files\hp LaserJet 1000 2007-12-28 11:12:34 0 d-------- C:\Program Files\Google 2007-12-28 11:10:57 0 d-------- C:\Program Files\Common Files\Autodesk Shared 2007-12-27 16:27:47 0 d-------- C:\Program Files\Windows Defender 2007-12-27 15:32:37 0 d-------- C:\Program Files\RegistryFix 2007-11-08 12:27:43 0 d-------- C:\Documents and Settings\jamie\Application Data\Autodesk 2007-11-08 11:11:56 0 d-------- C:\Program Files\AutoCAD LT 2006 2007-11-08 11:11:04 0 d-------- C:\Program Files\AnswerWorks 4.0 -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [] "StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [] "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [] "DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [] "hp 1000 firmware"="C:\Program Files\hp LaserJet 1000\fwdl.exe" [] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [] "rock"="rock.exe" [] "xqdwp"="C:\WINDOWS\system32\rrxvxiqpr.exe" [] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [] "tutcdchk2"="c:\windows\system32\tutcdchk2.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [] [HKEY_CURRENT_USER\SOFTWAR |
