Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Computer Rendered Unusable

This is a discussion on Computer Rendered Unusable within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. My girl friend's laptop has gotten to a point where using it is impossible save for safe mode. I was


 
 
Thread Tools Search this Thread
Old 08-06-2007, 08:57 PM   #1
Guest
 
Join Date: Jul 2006
Posts: 34
OS:



My girl friend's laptop has gotten to a point where using it is impossible save for safe mode. I was able to get HJT and run a scan. She is running windows XP home.

Logfile of HijackThis v1.99.1
Scan saved at 10:50:50 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 services.google.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {279D2611-4231-4E55-BEE2-607F85F98D97} - C:\Program Files\Common Files\hoke83122.dll
O2 - BHO: (no name) - {38818482-587A-D55C-2154-057925C3E96C} - C:\Program Files\Mdzbgivz\edsdefey.dll
O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\system32\msdn_lib.dll (file missing)
O2 - BHO: (no name) - {436965AA-891B-AF9E-4F10-FB8DC951D3C8} - C:\WINDOWS\system32\zuntuxx.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (file missing)
O2 - BHO: (no name) - {77F2E0C4-BA36-47A2-A3C0-846B5B109CCF} - C:\Program Files\Common Files\hoke.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\ssqqqpm.dll
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll (file missing)
O2 - BHO: 0 - {C6E98C3A-2D3B-4FFA-5AAB-386E2CE8B907} - C:\Program Files\ComPlus Applications\lavuga.dll
O2 - BHO: (no name) - {D7F42A89-4581-4B07-8847-30DC27A246E5} - \
O2 - BHO: (no name) - {E4596F6D-88DA-AE09-DF0C-FAADAB952795} - C:\WINDOWS\system32\pjhin.dll (file missing)
O2 - BHO: (no name) - {F8013C93-8009-48B4-809B-31BEAC985810} - C:\WINDOWS\system32\gebya.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell QuickSet] C:\PROGRA~1\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [{EC-C8-80-04-ZN}] C:\windows\system32\modsregr.exe SKY009
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\twinpndt.exe SKY009
O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe
O4 - HKLM\..\Run: [4162374521.exe] C:\WINDOWS\system32\4162374521.exe
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernelwind32.exe
O4 - HKLM\..\Run: [yvcrkfob] rundll32.exe "C:\Program Files\unkpyxuv\yjqjwput.dll",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\Uzzyqkag\aqrdanxb.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win28.tmp.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvsov.dll,startup
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vexg6ame4.exe
O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [Ykyeac] "C:\Documents and Settings\Home\My Documents\??mantec\n?tdde.exe"
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Home\APPLIC~1\SSTEM~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Magicantispy] C:\Program Files\Magicantispy\Magicantispy.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\twinpndt.exe
O4 - Startup: winlogon.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - https://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - https://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documents\Settings\bot.dll
O20 - Winlogon Notify: gebya - C:\WINDOWS\system32\gebya.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: ssqqqpm - C:\WINDOWS\SYSTEM32\ssqqqpm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: cIwmMBbIkPE - {BC5EC805-16F4-62AF-E33E-1E1AA7C566D4} - C:\WINDOWS\system32\xk.dll (file missing)
O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - C:\WINDOWS\system32\inkebme.dll
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
unklejman is offline  
Sponsored Links
Advertisement
 
Old 08-06-2007, 10:14 PM   #2
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A



1. Download & Save this file to Desktop -> https://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________

sUBs is offline  
Old 08-09-2007, 07:23 AM   #3
Guest
 
Join Date: Jul 2006
Posts: 34
OS:



Combo fix log:

ComboFix 07-08-08 - "Home" 2007-08-08 22:33:37.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.376 [GMT -5:00]

ADS removed - svchost.exe: deleted 57856 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Home\APPLIC~1.\macromedia\Flash Player\#SharedObjects\MWVK7NE8\www.broadcaster.com
C:\DOCUME~1\Home\APPLIC~1.\macromedia\Flash Player\#SharedObjects\MWVK7NE8\www.broadcaster.com\played_list.sol
C:\DOCUME~1\Home\APPLIC~1.\macromedia\Flash Player\#SharedObjects\MWVK7NE8\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\Home\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Home\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\Home\APPLIC~1.\scurit~1
C:\DOCUME~1\Home\APPLIC~1.\sstem~1
C:\DOCUME~1\Home\APPLIC~1.\sstem~1\alg.exe
C:\DOCUME~1\Home\Desktop.\Find Spyware Remover.lnk
C:\DOCUME~1\Home\Desktop.\Free Online Dating.lnk
C:\DOCUME~1\Home\Desktop.\Go to Casino.lnk
C:\DOCUME~1\Home\MYDOCU~1.\icroso~1.net
C:\DOCUME~1\Home\MYDOCU~1.\mantec~1
C:\DOCUME~1\Home\MYDOCU~1.\mantec~1\n?tdde.exe
C:\DOCUME~1\Home\STARTM~1\Programs.\Brave-Sentry
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Program Files\codec_setup.exe
C:\Program Files\Common Files\{3C5EC~1
C:\Program Files\Common Files\{3C5EC~1\toolbardll.lzma
C:\Program Files\Common Files\{3C5EC~1\UnInstall.exe
C:\Program Files\Common Files\{BC5EC~1
C:\Program Files\Common Files\{BC5EC~2
C:\Program Files\Common Files\{BC5EC~3
C:\Program Files\Common Files\sks~1
C:\Program Files\Common Files\ymante~1
C:\Program Files\crosof~1.net
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\racle~1
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\0c2
C:\temp\0c2\tmpFF.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\180ax.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\bi.dll
C:\WINDOWS\biprep.exe
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\flt.dll
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\icroso~1
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\pbar.dll
C:\WINDOWS\pppatc~1
C:\WINDOWS\rau001978.exe
C:\WINDOWS\s32.txt
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\satmat.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\stcloader.exe
C:\WINDOWS\susp.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\a3dx8.dll
C:\WINDOWS\system32\asembl~1
C:\WINDOWS\system32\b06FdUe
C:\WINDOWS\system32\b06FdUe\b06FdUe1083.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\asc3550u.sys
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\hlpsrv.exe
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\System32\Mcvk53.sys
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\nso12k.sys
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\rpcc.exe
C:\WINDOWS\system32\sl.bin
C:\WINDOWS\system32\spoolsvv.exe
C:\WINDOWS\system32\spoolsvv.sys
C:\WINDOWS\system32\stem32~1
C:\WINDOWS\system32\T1
C:\WINDOWS\system32\T1\kmhp83122.exe
C:\WINDOWS\system32\T11
C:\WINDOWS\system32\T11\z553.exe
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T3\am67.exe
C:\WINDOWS\system32\T3\wr716.exe
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T5
C:\WINDOWS\system32\T5\tns2.exe
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\T6\amwr.exe
C:\WINDOWS\system32\T7
C:\WINDOWS\system32\T7\icm.exe
C:\WINDOWS\system32\T9
C:\WINDOWS\system32\T9\zn531.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\windev-peers.ini
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wmvds32.dll
C:\WINDOWS\system32\wnsintsv.exe
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\temp\salm.exe
C:\WINDOWS\TISKY009.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll
C:\WINDOWS\wml.exe
C:\WINDOWS\wr.txt
C:\WINDOWS\ws386.ini
C:\WINDOWS\ystem~1
C:\WINDOWS\ystem3~1


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ASC3550U
-------\LEGACY_CMDSERVICE
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_CORE
-------\LEGACY_DRIVER
-------\LEGACY_ICF
-------\LEGACY_MCVK53
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NET_AGENT
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\LEGACY_WINCOM32
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\asc3550u
-------\cmdService
-------\core
-------\Driver
-------\Mcvk53
-------\Net Agent
-------\RpcApi
-------\runtime


((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))


2007-08-08 22:32 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 22:51 6,466 ---hs---- C:\WINDOWS\system32\aybeg.bak1
2007-07-24 22:51 228,960 --a------ C:\WINDOWS\system32\gebya.dll
2007-07-24 22:48 <DIR> d-------- C:\Program Files\Magicantispy
2007-07-24 22:47 93,696 --a------ C:\WINDOWS\system32\drvsov.dll
2007-07-24 22:47 60,928 --a------ C:\WINDOWS\system32\zuntuxx.dll
2007-07-24 22:47 31,254 --a------ C:\WINDOWS\system32\byxxxwu.dll
2007-07-24 22:47 1,117,045 --a------ C:\DOCUME~1\Home\APPLIC~1\Install.dat
2007-07-24 21:00 9,804 --a------ C:\WINDOWS\system32\vedxga5me3.exe
2007-07-24 21:00 9,339 --a------ C:\WINDOWS\system32\dllh8jkd1q5.exe
2007-07-24 21:00 9,271 --a------ C:\WINDOWS\system32\dllh8jkd1q7.exe
2007-07-24 21:00 9,271 --a------ C:\WINDOWS\system32\dllh8jkd1q6.exe
2007-07-24 21:00 8,385 --a------ C:\WINDOWS\system32\vedxg4am1et2.exe
2007-07-24 21:00 5,120 --a------ C:\WINDOWS\system32\vedxga3me2.exe
2007-07-24 21:00 31,917 --a------ C:\WINDOWS\system32\vedxga4m1et4.exe
2007-07-24 21:00 23,607 --a------ C:\WINDOWS\system32\dllh8jkd1q2.exe
2007-07-24 21:00 2,518 --a------ C:\WINDOWS\system32\dllh8jkd1q1.exe
2007-07-24 21:00 17,408 --a------ C:\WINDOWS\system32\vedxga4me1.exe
2007-07-24 21:00 13,824 --a------ C:\WINDOWS\system32\max1d1164v.exe
2007-07-24 21:00 12,674 --a------ C:\WINDOWS\system32\vedxg6ame4.exe
2007-07-24 21:00 1,632 --a------ C:\WINDOWS\system32\vedxga1me4t1.exe
2007-07-24 21:00 1,174,796 --a------ C:\DOCUME~1\NETWOR~1\APPLIC~1\Install.dat
2007-07-24 21:00 1,174,796 --a------ C:\DOCUME~1\LOCALS~1\APPLIC~1\Install.dat
2007-07-24 21:00 <DIR> d-------- C:\WINDOWS\system32\wjcjnbqn
2007-07-24 21:00 <DIR> d-------- C:\Program Files\Uzzyqkag
2007-07-24 21:00 <DIR> d-------- C:\Program Files\unkpyxuv
2007-07-24 21:00 <DIR> d-------- C:\Program Files\SecCenter
2007-07-24 21:00 <DIR> d-------- C:\Program Files\Mdzbgivz
2007-07-24 20:59 9,769 --a------ C:\WINDOWS\zojed0578.exe
2007-07-24 20:59 31,254 --a------ C:\WINDOWS\system32\ssqqqpm.dll
2007-07-24 20:59 19,968 --a------ C:\WINDOWS\system32\winjrs32.dll
2007-07-24 20:58 34,560 --a------ C:\WINDOWS\system32\drivers\runtime2.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-24 23:08 --------- d-------- C:\Program Files\Trillian
2007-07-24 21:00 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-06-14 06:54 163840 --a------ C:\Program Files\Common Files\hoke83122.dll
2007-06-07 12:29 169472 --a------ C:\WINDOWS\system32\inkebme.dll
2007-06-07 00:07 105434 --a------ C:\WINDOWS\qwr67.exe
2007-06-07 00:01 3746 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-05 23:09 218112 --a------ C:\HJT.exe
2007-06-05 22:30 0 --a------ C:\WINDOWS\system32\it_reg.exe
2007-06-03 23:12 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-06-03 22:24 2 --a------ C:\WINDOWS\system32\wnsintisv.exe
2007-06-03 22:21 32177 ---hs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
2007-06-03 21:59 24570 --a------ C:\WINDOWS\b103.exe.bin
2007-06-02 22:08 134276 --a------ C:\WINDOWS\system32\alt.exe
2007-06-02 22:05 27648 --a------ C:\WINDOWS\vxddsk.exe
2007-06-02 22:05 169984 --a------ C:\WINDOWS\system32\qhdrff.dll
2007-06-02 22:04 55428 --a------ C:\WINDOWS\system32\pee.exe.exe
2007-06-02 22:04 25088 --a------ C:\WINDOWS\764.exe
2007-06-02 22:04 1632 --a------ C:\WINDOWS\system32\sqvxga7met4.exe
2007-06-02 22:04 1632 --a------ C:\WINDOWS\system32\sqvxga6met3.exe
2007-06-02 22:04 1632 --a------ C:\WINDOWS\system32\sqvx5gamet2.exe
2007-06-02 22:04 14336 --a------ C:\WINDOWS\system32\svchost.exe
2007-06-02 22:04 134276 --a------ C:\WINDOWS\system32\alt.exe.exe
2007-06-02 22:03 31364 --a------ C:\WINDOWS\system32\vexga4m1et4.exe
2007-06-02 22:02 8324 --a------ C:\WINDOWS\system32\vexg4am1et2.exe
2007-06-02 22:02 8010 --a------ C:\WINDOWS\system32\vexga1me4t1.exe
2007-06-02 22:02 46592 --a------ C:\WINDOWS\blxxpty.exe
2007-06-02 22:02 36864 --a------ C:\WINDOWS\system32\vexga4me1.exe
2007-06-02 22:02 20632 --a------ C:\WINDOWS\system32\vexga5me3.exe
2007-06-02 22:02 1632 --a------ C:\WINDOWS\system32\vexga3me2.exe
2007-06-02 22:02 13824 --a------ C:\WINDOWS\system32\max1d164v.exe
2007-06-02 22:02 1044480 --a------ C:\WINDOWS\cfg32.exe
2007-06-02 22:01 14390 --a------ C:\WINDOWS\system32\~.exe
2007-05-01 10:35 146432 --a------ C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
2007-04-06 14:27 139264 --a------ C:\Program Files\Common Files\hoke.dll
2005-07-29 22:24:26 472 --sha-r C:\WINDOWS\SG9tZQ\m36Qtk.vbs
2006-12-30 23:44:06 74,752 --sh--r C:\WINDOWS\system32\ovbolao\winlogon.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{279D2611-4231-4E55-BEE2-607F85F98D97}]
2007-06-14 06:54 163840 --a------ C:\Program Files\Common Files\hoke83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38818482-587A-D55C-2154-057925C3E96C}]
2007-07-24 21:00 98304 --a------ C:\Program Files\Mdzbgivz\edsdefey.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38847C4B-1AB1-4A47-9026-9A6CF7B43D31}]
C:\WINDOWS\system32\msdn_lib.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{436965AA-891B-AF9E-4F10-FB8DC951D3C8}]
2007-06-20 09:49 60928 --a------ C:\WINDOWS\system32\zuntuxx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C3520A9-C545-4023-989E-04225CD2C114}]
2007-07-24 22:51 228960 --a------ C:\WINDOWS\system32\gebya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77F2E0C4-BA36-47A2-A3C0-846B5B109CCF}]
2007-04-06 14:27 139264 --a------ C:\Program Files\Common Files\hoke.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{941508F8-CCD9-44E0-AC29-4F1E141373F7}]
2007-07-24 20:59 31254 --a------ C:\WINDOWS\system32\ssqqqpm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6E98C3A-2D3B-4FFA-5AAB-386E2CE8B907}]
2007-06-02 22:02 70144 --a------ C:\Program Files\ComPlus Applications\lavuga.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7F42A89-4581-4B07-8847-30DC27A246E5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4596F6D-88DA-AE09-DF0C-FAADAB952795}]
C:\WINDOWS\system32\pjhin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 18:14]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 21:00]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"Dell QuickSet"="C:\PROGRA~1\Dell\QuickSet\quickset.exe" [2005-03-04 11:26]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-08 20:28]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-02 19:06]
"SpywareBot"="C:\Program Files\SpywareBot\SpywareBot.exe" []
"{EC-C8-80-04-ZN}"="C:\windows\system32\modsregr.exe" []
"WMDM PMSP Service"="C:\WINDOWS\system32\cssrss.exe" []
"4162374521.exe"="C:\WINDOWS\system32\4162374521.exe" []
"yvcrkfob"="C:\Program Files\unkpyxuv\yjqjwput.dll" [2007-07-24 21:00]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"Ykyeac"="C:\Documents and Settings\Home\My Documents\??mantec\n?tdde.exe" []
"Sen"="C:\DOCUME~1\Home\APPLIC~1\SSTEM~1\alg.exe" []
"Magicantispy"="C:\Program Files\Magicantispy\Magicantispy.exe" [2007-07-24 22:48]

C:\Documents and Settings\Home\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 14:36:42]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-06 02:42:55]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 11:59:36]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{941508F8-CCD9-44E0-AC29-4F1E141373F7}"= C:\WINDOWS\system32\ssqqqpm.dll [2007-07-24 20:59 31254]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"cIwmMBbIkPE"= {BC5EC805-16F4-62AF-E33E-1E1AA7C566D4} - C:\WINDOWS\system32\xk.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebya]
C:\WINDOWS\system32\gebya.dll 2007-07-24 22:51 228960 C:\WINDOWS\system32\gebya.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqqpm]
ssqqqpm.dll 2007-07-24 20:59 31254 C:\WINDOWS\system32\ssqqqpm.dll

R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP;C:\WINDOWS\system32\DRIVERS\iwca.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
S2 aspimgr;Microsoft ASPI Manager;C:\WINDOWS\system32\aspimgr.exe
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D02300B4E999}]
C:\WINDOWS\system32\tmrsrv32.exe

Contents of the 'Scheduled Tasks' folder
2007-06-01 08:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job - C:\Program Files\AdwareAlert\AdwareAlert.exe
2005-10-23 18:51:45 C:\WINDOWS\Tasks\ISP signup reminder 1.job - C:\WINDOWS\system32\OOBE\oobebaln.exe
2007-06-01 08:00:00 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
2007-06-05 06:14:55 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2007-08-08 22:44:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\windev-5416-24b3.sys
C:\WINDOWS\system32\windev-peers.ini

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\windev-5416-24b3]
"ImagePath"="\??\C:\WINDOWS\system32\windev-5416-24b3.sys"

Completion time: 2007-08-08 22:47:51 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-08 22:47

--- E O F ---



HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:59:37 PM, on 8/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Dell\QuickSet\quickset.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {279D2611-4231-4E55-BEE2-607F85F98D97} - C:\Program Files\Common Files\hoke83122.dll
O2 - BHO: (no name) - {38818482-587A-D55C-2154-057925C3E96C} - C:\Program Files\Mdzbgivz\edsdefey.dll
O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\system32\msdn_lib.dll (file missing)
O2 - BHO: (no name) - {436965AA-891B-AF9E-4F10-FB8DC951D3C8} - C:\WINDOWS\system32\zuntuxx.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C3520A9-C545-4023-989E-04225CD2C114} - C:\WINDOWS\system32\gebya.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (file missing)
O2 - BHO: (no name) - {77F2E0C4-BA36-47A2-A3C0-846B5B109CCF} - C:\Program Files\Common Files\hoke.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\ssqqqpm.dll
O2 - BHO: 0 - {C6E98C3A-2D3B-4FFA-5AAB-386E2CE8B907} - C:\Program Files\ComPlus Applications\lavuga.dll
O2 - BHO: (no name) - {D7F42A89-4581-4B07-8847-30DC27A246E5} - \
O2 - BHO: (no name) - {E4596F6D-88DA-AE09-DF0C-FAADAB952795} - C:\WINDOWS\system32\pjhin.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell QuickSet] C:\PROGRA~1\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [{EC-C8-80-04-ZN}] C:\windows\system32\modsregr.exe SKY009
O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe
O4 - HKLM\..\Run: [4162374521.exe] C:\WINDOWS\system32\4162374521.exe
O4 - HKLM\..\Run: [yvcrkfob] rundll32.exe "C:\Program Files\unkpyxuv\yjqjwput.dll",Init
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Ykyeac] "C:\Documents and Settings\Home\My Documents\??mantec\n?tdde.exe"
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Home\APPLIC~1\SSTEM~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Magicantispy] C:\Program Files\Magicantispy\Magicantispy.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - https://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - https://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebya - C:\WINDOWS\system32\gebya.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: ssqqqpm - C:\WINDOWS\SYSTEM32\ssqqqpm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: cIwmMBbIkPE - {BC5EC805-16F4-62AF-E33E-1E1AA7C566D4} - C:\WINDOWS\system32\xk.dll (file missing)
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe





Further Notes:

Magic AntiSpy popped up after reboot while combo fix was finishing. I closed it through task manager. After Combo fix completed, trying to access my computer or explorer caused desktop to go blank then come back with no results. After a few attepts desktop background turned white saying "Active Desktop Recovery" With a few bullet points and option to Restore Active Desktop. I had to access hjt.exe through fire fox file menu.
unklejman is offline  
Sponsored Links
Advertisement
 
Old 08-09-2007, 08:35 AM   #4
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A



Go to Start > Control Panel > Add or Remove Programs and uninstall the following programs:
  • SpywareBot
    Magicantispy
    AdwareAlert
Please note any other programs that you dont recognize in that list in your next response


---------------


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
O2 - BHO: (no name) - {279D2611-4231-4E55-BEE2-607F85F98D97} - C:\Program Files\Common Files\hoke83122.dll
O2 - BHO: (no name) - {38818482-587A-D55C-2154-057925C3E96C} - C:\Program Files\Mdzbgivz\edsdefey.dll
O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\system32\msdn_lib.dll (file missing)
O2 - BHO: (no name) - {436965AA-891B-AF9E-4F10-FB8DC951D3C8} - C:\WINDOWS\system32\zuntuxx.dll
O2 - BHO: (no name) - {5C3520A9-C545-4023-989E-04225CD2C114} - C:\WINDOWS\system32\gebya.dll
O2 - BHO: (no name) - {77F2E0C4-BA36-47A2-A3C0-846B5B109CCF} - C:\Program Files\Common Files\hoke.dll
O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\ssqqqpm.dll
O2 - BHO: 0 - {C6E98C3A-2D3B-4FFA-5AAB-386E2CE8B907} - C:\Program Files\ComPlus Applications\lavuga.dll
O2 - BHO: (no name) - {D7F42A89-4581-4B07-8847-30DC27A246E5} - \
O2 - BHO: (no name) - {E4596F6D-88DA-AE09-DF0C-FAADAB952795} - C:\WINDOWS\system32\pjhin.dll (file missing)
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [{EC-C8-80-04-ZN}] C:\windows\system32\modsregr.exe SKY009
O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe
O4 - HKLM\..\Run: [4162374521.exe] C:\WINDOWS\system32\4162374521.exe
O4 - HKLM\..\Run: [yvcrkfob] rundll32.exe "C:\Program Files\unkpyxuv\yjqjwput.dll",Init
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Ykyeac] "C:\Documents and Settings\Home\My Documents\??mantec\n?tdde.exe"
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Home\APPLIC~1\SSTEM~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Magicantispy] C:\Program Files\Magicantispy\Magicantispy.exe
O20 - Winlogon Notify: gebya - C:\WINDOWS\system32\gebya.dll
O20 - Winlogon Notify: ssqqqpm - C:\WINDOWS\SYSTEM32\ssqqqpm.dll
O21 - SSODL: cIwmMBbIkPE - {BC5EC805-16F4-62AF-E33E-1E1AA7C566D4} - C:\WINDOWS\system32\xk.dll (file missing)
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe (file missing)



---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:
https://www.techsupportforum.com/security-center/hijackthis-log-help/172548-computer-rendered-unusable.html
Collect::
C:\WINDOWS\system32\windev-5416-24b3.sys
C:\WINDOWS\system32\windev-peers.ini
C:\WINDOWS\system32\tmrsrv32.exe
File::
C:\WINDOWS\system32\aybeg.bak1
C:\WINDOWS\system32\gebya.dll
C:\Program Files\Magicantispy
C:\WINDOWS\system32\drvsov.dll
C:\WINDOWS\system32\zuntuxx.dll
C:\WINDOWS\system32\byxxxwu.dll
C:\DOCUME~1\Home\APPLIC~1\Install.dat
C:\WINDOWS\system32\vedxga5me3.exe
C:\WINDOWS\system32\dllh8jkd1q5.exe
C:\WINDOWS\system32\dllh8jkd1q7.exe
C:\WINDOWS\system32\dllh8jkd1q6.exe
C:\WINDOWS\system32\vedxg4am1et2.exe
C:\WINDOWS\system32\vedxga3me2.exe
C:\WINDOWS\system32\vedxga4m1et4.exe
C:\WINDOWS\system32\dllh8jkd1q2.exe
C:\WINDOWS\system32\dllh8jkd1q1.exe
C:\WINDOWS\system32\vedxga4me1.exe
C:\WINDOWS\system32\max1d1164v.exe
C:\WINDOWS\system32\vedxg6ame4.exe
C:\WINDOWS\system32\vedxga1me4t1.exe
C:\DOCUME~1\NETWOR~1\APPLIC~1\Install.dat
C:\DOCUME~1\LOCALS~1\APPLIC~1\Install.dat
C:\WINDOWS\zojed0578.exe
C:\WINDOWS\system32\ssqqqpm.dll
C:\WINDOWS\system32\winjrs32.dll
C:\WINDOWS\system32\drivers\runtime2.sys
C:\Program Files\Common Files\hoke83122.dll
C:\WINDOWS\system32\inkebme.dll
C:\WINDOWS\qwr67.exe
C:\WINDOWS\system32\it_reg.exe
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job 
C:\WINDOWS\system32\wnsintisv.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\WINDOWS\b103.exe.bin
C:\WINDOWS\system32\alt.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\system32\qhdrff.dll
C:\WINDOWS\system32\pee.exe.exe
C:\WINDOWS\764.exe
C:\WINDOWS\system32\sqvxga7met4.exe
C:\WINDOWS\system32\sqvxga6met3.exe
C:\WINDOWS\system32\sqvx5gamet2.exe
C:\WINDOWS\system32\alt.exe.exe
C:\WINDOWS\system32\vexga4m1et4.exe
C:\WINDOWS\system32\vexg4am1et2.exe
C:\WINDOWS\system32\vexga1me4t1.exe
C:\WINDOWS\blxxpty.exe
C:\WINDOWS\system32\vexga4me1.exe
C:\WINDOWS\system32\vexga5me3.exe
C:\WINDOWS\system32\vexga3me2.exe
C:\WINDOWS\system32\max1d164v.exe
C:\WINDOWS\cfg32.exe
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\hoke.dll
Folder::
C:\WINDOWS\SG9tZQ
C:\WINDOWS\system32\ovbolao
C:\WINDOWS\system32\wjcjnbqn
C:\Program Files\Uzzyqkag
C:\Program Files\unkpyxuv
C:\Program Files\SecCenter
C:\Program Files\Mdzbgivz
C:\Program Files\SpywareBot
C:\Program Files\AdwareAlert
Driver::
aspimgr
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{279D2611-4231-4E55-BEE2-607F85F98D97}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38818482-587A-D55C-2154-057925C3E96C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38847C4B-1AB1-4A47-9026-9A6CF7B43D31}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{436965AA-891B-AF9E-4F10-FB8DC951D3C8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C3520A9-C545-4023-989E-04225CD2C114}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77F2E0C4-BA36-47A2-A3C0-846B5B109CCF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{941508F8-CCD9-44E0-AC29-4F1E141373F7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6E98C3A-2D3B-4FFA-5AAB-386E2CE8B907}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7F42A89-4581-4B07-8847-30DC27A246E5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4596F6D-88DA-AE09-DF0C-FAADAB952795}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC5EC805-16F4-62AF-E33E-1E1AA7C566D4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareBot"=-
"{EC-C8-80-04-ZN}"=-
"WMDM PMSP Service"=-
"4162374521.exe"=-
"yvcrkfob"=-
"UserFaultCheck"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ykyeac"=-
"Sen"="-
"Magicantispy"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"cIwmMBbIkPE"=- 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebya]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqqpm]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D02300B4E999}]
Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file on your Desktop, called Submit [Date Time].zip
Please submit this file to:

https://www.bleepingcomputer.com/subm....php?channel=4

The file must be uploaded before proceeding to the next step.


---------------


Click here perform an online scan >> https://www.techsupportforum.com/f112...er-169242.html


---------------


In your next post, please include fresh logs from:
  1. Fresh Hijackthis log taken just before replying
  2. Online scan
  3. ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________

sUBs is offline  
Old 08-09-2007, 09:09 AM   #5
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A



This is to be performed after you have posted the required logs.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1 - https://java.sun.com/javase/downloads/index.jsp
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u2-windowsi586-p.exe to install the newest version.
__________________

sUBs is offline  
Old 08-10-2007, 10:48 PM   #6
Guest
 
Join Date: Jul 2006
Posts: 34
OS:



HJT

Logfile of HijackThis v1.99.1
Scan saved at 12:42:04 AM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Dell\QuickSet\quickset.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell QuickSet] C:\PROGRA~1\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - https://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - https://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{078F3AB1-A1AB-487E-BC08-864A4CC4F9AD}: NameServer = 195.140.142.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{67EB8532-0C13-4171-B6BD-C628F9397FEC}: NameServer = 195.140.142.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD572067-9923-4106-BC76-0DE5156309CB}: NameServer = 195.140.142.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{078F3AB1-A1AB-487E-BC08-864A4CC4F9AD}: NameServer = 195.140.142.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe






Online Scan

KASPERSKY ONLINE SCANNER REPORT
Saturday, August 11, 2007 12:41:18 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 11/08/2007
Kaspersky Anti-Virus database records: 378541


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\Home\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 12019
Number of viruses found 7
Number of infected objects 8
Number of suspicious objects 0
Duration of the scan process 00:11:42

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\dnsersnd.dll.bak Infected: Trojan-Clicker.Win32.Small.cf skipped

C:\WINDOWS\system32\etc.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\msdn_lib.dll.bak Infected: Trojan-Downloader.Win32.VB.apq skipped

C:\WINDOWS\system32\msorcl32.exe Infected: not-virus:Hoax.Win32.Renos.fn skipped

C:\WINDOWS\system32\pe.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped

C:\WINDOWS\system32\pjhin.dll.bak Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped

C:\WINDOWS\system32\T5QaSQ\T5QaSQ1083.exe Infected: Trojan-Downloader.Win32.VB.awj skipped

C:\WINDOWS\system32\TQ0\am52.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.





Combo Fix

ComboFix 07-08-08 - "Home" 2007-08-11 0:00:15.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.366 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Home\Desktop\CFScript.txt

FILE::
C:\WINDOWS\system32\aybeg.bak1
C:\WINDOWS\system32\gebya.dll
C:\Program Files\Magicantispy
C:\WINDOWS\system32\drvsov.dll
C:\WINDOWS\system32\zuntuxx.dll
C:\WINDOWS\system32\byxxxwu.dll
C:\DOCUME~1\Home\APPLIC~1\Install.dat
C:\WINDOWS\system32\vedxga5me3.exe
C:\WINDOWS\system32\dllh8jkd1q5.exe
C:\WINDOWS\system32\dllh8jkd1q7.exe
C:\WINDOWS\system32\dllh8jkd1q6.exe
C:\WINDOWS\system32\vedxg4am1et2.exe
C:\WINDOWS\system32\vedxga3me2.exe
C:\WINDOWS\system32\vedxga4m1et4.exe
C:\WINDOWS\system32\dllh8jkd1q2.exe
C:\WINDOWS\system32\dllh8jkd1q1.exe
C:\WINDOWS\system32\vedxga4me1.exe
C:\WINDOWS\system32\max1d1164v.exe
C:\WINDOWS\system32\vedxg6ame4.exe
C:\WINDOWS\system32\vedxga1me4t1.exe
C:\DOCUME~1\NETWOR~1\APPLIC~1\Install.dat
C:\DOCUME~1\LOCALS~1\APPLIC~1\Install.dat
C:\WINDOWS\zojed0578.exe
C:\WINDOWS\system32\ssqqqpm.dll
C:\WINDOWS\system32\winjrs32.dll
C:\WINDOWS\system32\drivers\runtime2.sys
C:\Program Files\Common Files\hoke83122.dll
C:\WINDOWS\system32\inkebme.dll
C:\WINDOWS\qwr67.exe
C:\WINDOWS\system32\it_reg.exe
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
C:\WINDOWS\system32\wnsintisv.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\WINDOWS\b103.exe.bin
C:\WINDOWS\system32\alt.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\system32\qhdrff.dll
C:\WINDOWS\system32\pee.exe.exe
C:\WINDOWS\764.exe
C:\WINDOWS\system32\sqvxga7met4.exe
C:\WINDOWS\system32\sqvxga6met3.exe
C:\WINDOWS\system32\sqvx5gamet2.exe
C:\WINDOWS\system32\alt.exe.exe
C:\WINDOWS\system32\vexga4m1et4.exe
C:\WINDOWS\system32\vexg4am1et2.exe
C:\WINDOWS\system32\vexga1me4t1.exe
C:\WINDOWS\blxxpty.exe
C:\WINDOWS\system32\vexga4me1.exe
C:\WINDOWS\system32\vexga5me3.exe
C:\WINDOWS\system32\vexga3me2.exe
C:\WINDOWS\system32\max1d164v.exe
C:\WINDOWS\cfg32.exe
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\hoke.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Home\APPLIC~1\.rdr.ini
C:\DOCUME~1\Home\APPLIC~1\install.dat
C:\DOCUME~1\Home\APPLIC~1\Microsoft\20509.dat
C:\DOCUME~1\LOCALS~1\APPLIC~1\install.dat
C:\DOCUME~1\NETWOR~1\APPLIC~1\.rdr.ini
C:\DOCUME~1\NETWOR~1\APPLIC~1\install.dat
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Magicantispy
C:\Program Files\Mdzbgivz
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\unkpyxuv
C:\Program Files\unkpyxuv\yjqjwput.dll
C:\Program Files\Uzzyqkag
C:\Program Files\Uzzyqkag\aqrdanxb.exe
C:\WINDOWS\764.exe
C:\WINDOWS\b103.exe.bin
C:\WINDOWS\b104.exe
C:\WINDOWS\blxxpty.exe
C:\WINDOWS\cfg32.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\qwr67.exe
C:\WINDOWS\SG9tZQ
C:\WINDOWS\SG9tZQ\m36Qtk.vbs
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\8_exception.nls
C:\WINDOWS\system32\alt.exe
C:\WINDOWS\system32\alt.exe.exe
C:\WINDOWS\system32\aybeg.bak1
C:\WINDOWS\system32\aybeg.bak2
C:\WINDOWS\system32\aybeg.ini
C:\WINDOWS\system32\byxxxwu.dll
C:\WINDOWS\system32\dllh8jkd1q1.exe
C:\WINDOWS\system32\dllh8jkd1q2.exe
C:\WINDOWS\system32\dllh8jkd1q5.exe
C:\WINDOWS\system32\dllh8jkd1q6.exe
C:\WINDOWS\system32\dllh8jkd1q7.exe
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\drvsov.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\inkebme.dll
C:\WINDOWS\system32\it_reg.exe
C:\WINDOWS\system32\max1d1164v.exe
C:\WINDOWS\system32\max1d164v.exe
C:\WINDOWS\system32\ovbolao
C:\WINDOWS\system32\ovbolao\winlogon.exe
C:\WINDOWS\system32\ovbolao\winlogon.ini
C:\WINDOWS\system32\pee.exe.exe
C:\WINDOWS\system32\pkfcptxs.ini
C:\WINDOWS\system32\qhdrff.dll
C:\WINDOWS\system32\sqvx5gamet2.exe
C:\WINDOWS\system32\sqvxga6met3.exe
C:\WINDOWS\system32\sqvxga7met4.exe
C:\WINDOWS\system32\ssqqqpm.dll
C:\WINDOWS\system32\sxtpcfkp.dll
C:\WINDOWS\system32\vedxg4am1et2.exe
C:\WINDOWS\system32\vedxg6ame4.exe
C:\WINDOWS\system32\vedxga1me4t1.exe
C:\WINDOWS\system32\vedxga3me2.exe
C:\WINDOWS\system32\vedxga4m1et4.exe
C:\WINDOWS\system32\vedxga4me1.exe
C:\WINDOWS\system32\vedxga5me3.exe
C:\WINDOWS\system32\vexg4am1et2.exe
C:\WINDOWS\system32\vexga1me4t1.exe
C:\WINDOWS\system32\vexga3me2.exe
C:\WINDOWS\system32\vexga4m1et4.exe
C:\WINDOWS\system32\vexga4me1.exe
C:\WINDOWS\system32\vexga5me3.exe
C:\WINDOWS\system32\windev-5416-24b3.sys
C:\WINDOWS\system32\windev-peers.ini
C:\WINDOWS\system32\winjrs32.dll
C:\WINDOWS\system32\wjcjnbqn
C:\WINDOWS\system32\wjcjnbqn\bg1.gif
C:\WINDOWS\system32\wjcjnbqn\bgtop.gif
C:\WINDOWS\system32\wjcjnbqn\bottom1.gif
C:\WINDOWS\system32\wjcjnbqn\essentials.gif
C:\WINDOWS\system32\wjcjnbqn\icon1.ico
C:\WINDOWS\system32\wjcjnbqn\install1.gif
C:\WINDOWS\system32\wjcjnbqn\left1.gif
C:\WINDOWS\system32\wjcjnbqn\li.gif
C:\WINDOWS\system32\wjcjnbqn\logo.gif
C:\WINDOWS\system32\wjcjnbqn\main.htm
C:\WINDOWS\system32\wjcjnbqn\mainframe.htm
C:\WINDOWS\system32\wjcjnbqn\reinstall1.gif
C:\WINDOWS\system32\wjcjnbqn\right1.gif
C:\WINDOWS\system32\wjcjnbqn\s1.htm
C:\WINDOWS\system32\wjcjnbqn\s2.htm
C:\WINDOWS\system32\wjcjnbqn\s3.htm
C:\WINDOWS\system32\wjcjnbqn\SMTop1.gif
C:\WINDOWS\system32\wjcjnbqn\SMTop2.gif
C:\WINDOWS\system32\wjcjnbqn\SMTop3.gif
C:\WINDOWS\system32\wjcjnbqn\SMTop4.gif
C:\WINDOWS\system32\wjcjnbqn\soft1_off.gif
C:\WINDOWS\system32\wjcjnbqn\soft1_off_ext.gif
C:\WINDOWS\system32\wjcjnbqn\soft1_on.gif
C:\WINDOWS\system32\wjcjnbqn\soft1_on_ext.gif
C:\WINDOWS\system32\wjcjnbqn\soft2_off.gif
C:\WINDOWS\system32\wjcjnbqn\soft2_off_ext.gif
C:\WINDOWS\system32\wjcjnbqn\soft2_on.gif
C:\WINDOWS\system32\wjcjnbqn\soft2_on_ext.gif
C:\WINDOWS\system32\wjcjnbqn\soft3_off.gif
C:\WINDOWS\system32\wjcjnbqn\soft3_off_ext.gif
C:\WINDOWS\system32\wjcjnbqn\soft3_on.gif
C:\WINDOWS\system32\wjcjnbqn\soft3_on_ext.gif
C:\WINDOWS\system32\wjcjnbqn\softbottom_off.gif
C:\WINDOWS\system32\wjcjnbqn\softbottom_on.gif
C:\WINDOWS\system32\wjcjnbqn\softleft_off.gif
C:\WINDOWS\system32\wjcjnbqn\softleft_on.gif
C:\WINDOWS\system32\wjcjnbqn\top1.gif
C:\WINDOWS\system32\wjcjnbqn\top2.gif
C:\WINDOWS\system32\wjcjnbqn\turnoff1.gif
C:\WINDOWS\system32\wjcjnbqn\turnon1.gif
C:\WINDOWS\system32\wjcjnbqn\wjcjnbqn1.exe
C:\WINDOWS\system32\wjcjnbqn\wjcjnbqn2.exe
C:\WINDOWS\system32\wjcjnbqn\wjcjnbqn3.exe
C:\WINDOWS\system32\wnsintisv.exe
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\zojed0578.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ASPIMGR
-------\LEGACY_DOMAINSERVICE
-------\aspimgr
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))


2007-08-10 23:57 <DIR> d-------- C:\backups
2007-08-10 23:42 70,208 --a------ C:\WINDOWS\system32\bhkesqbf.dll
2007-08-10 23:34 75,328 --a------ C:\WINDOWS\system32\wqscawcf.exe
2007-08-08 22:32 51,200 --a------ C:\WINDOWS\nircmd.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-10 12:18 --------- d-------- C:\Program Files\Trillian
2007-07-24 21:00 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-06-07 00:01 3746 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-05 23:09 218112 --a------ C:\HJT.exe
2007-06-03 23:12 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-06-02 22:04 14336 --a------ C:\WINDOWS\system32\svchost.exe
2007-05-16 10:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 18:14]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 21:00]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"Dell QuickSet"="C:\PROGRA~1\Dell\QuickSet\quickset.exe" [2005-03-04 11:26]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-08 20:28]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-02 19:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]

C:\Documents and Settings\Home\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 14:36:42]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-06 02:42:55]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 11:59:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP;C:\WINDOWS\system32\DRIVERS\iwca.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
S2 windev-5416-24b3;windev-5416-24b3;\??\C:\WINDOWS\system32\windev-5416-24b3.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys


Contents of the 'Scheduled Tasks' folder
2005-10-23 18:51:45 C:\WINDOWS\Tasks\ISP signup reminder 1.job - C:\WINDOWS\system32\OOBE\oobebaln.exe
2007-06-01 08:00:00 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
2007-06-05 06:14:55 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2007-08-11 00:07:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-11 0:09:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-11 00:09
C:\ComboFix2.txt ... 2007-08-08 22:47

--- E O F ---




Additional Notes:
ZIP file was submitted to bleepingcomputer.com No problems encountered in any steps. I am able to enter Windows in normal mode, and my computer/explorer is now accessible. Computer is running much better, we are getting there. Going to update Java now.
unklejman is offline  
Old 08-10-2007, 10:59 PM   #7
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A



Quote:
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\Home\LOCALS~1\Temp\
This is not a complete scan. Please have Kaspersky scan "My Computer"
__________________

sUBs is offline  
Old 08-12-2007, 09:50 PM   #8
Guest
 
Join Date: Jul 2006
Posts: 34
OS:



Sorry about that, I think I clicked scan memory on accident.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, August 12, 2007 11:50:28 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 13/08/2007
Kaspersky Anti-Virus database records: 379126
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 55391
Number of viruses found: 65
Number of infected objects: 137
Number of suspicious objects: 0
Duration of the scan process: 01:22:48

Infected Object Name / Virus Name / Last Action
C:\backups\backup-20070810-235732-534.dll Infected: not-a-virus:AdWare.Win32.TTC.b skipped
C:\backups\backup-20070810-235733-146.dll Infected: Trojan.Win32.BHO.ab skipped
C:\backups\backup-20070810-235733-216.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\backups\backup-20070810-235733-417.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\backups\backup-20070810-235733-477.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\Home\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Home\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Home\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Home\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\o5j8sa7m.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\o5j8sa7m.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\o5j8sa7m.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\o5j8sa7m.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\o5j8sa7m.default\cert8.db Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\o5j8sa7m.default\history.dat Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\o5j8sa7m.default\key3.db Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\o5j8sa7m.default\parent.lock Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\o5j8sa7m.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-43fcd038-1f1d8f25.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-43fcd038-1f1d8f25.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-43fcd038-1f1d8f25.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-43fcd038-1f1d8f25.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-5ecb1294-7a43721f.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-5ecb1294-7a43721f.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-5ecb1294-7a43721f.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-5ecb1294-7a43721f.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-759bdc60-3e587a11.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-759bdc60-3e587a11.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-759bdc60-3e587a11.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-759bdc60-3e587a11.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Home\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Home\Desktop\amp1083.exe/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\Documents and Settings\Home\Desktop\amp1083.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Home\Desktop\setup1.exe Infected: Trojan-Downloader.Win32.VB.axs skipped
C:\Documents and Settings\Home\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Home\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Home\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Home\Desktop\srchassis2.exe/B4/OWLFORECE_B4.exe/ofb installer.exe Infected: not-a-virus:AdWare.Win32.BHO.db skipped
C:\Documents and Settings\Home\Desktop\srchassis2.exe/B4/OWLFORECE_B4.exe/OFoxbinstaller.exe Infected: not-a-virus:AdWare.Win32.BHO.db skipped
C:\Documents and Settings\Home\Desktop\srchassis2.exe/B4/OWLFORECE_B4.exe/OpenIE_W.exe Infected: not-a-virus:AdWare.Win32.BHO.db skipped
C:\Documents and Settings\Home\Desktop\srchassis2.exe/B4/OWLFORECE_B4.exe Infected: not-a-virus:AdWare.Win32.BHO.db skipped
C:\Documents and Settings\Home\Desktop\srchassis2.exe RAR: infected - 4 skipped
C:\Documents and Settings\Home\Desktop\win321.exe Infected: Trojan-Downloader.Win32.Tibs.ku skipped
C:\Documents and Settings\Home\Desktop\[4]-Submit_2007-08-11_ 00007.35.zip/windev-5416-24b3.sys Infected: Packed.Win32.Tibs.ab skipped
C:\Documents and Settings\Home\Desktop\[4]-Submit_2007-08-11_ 00007.35.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Home\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temp\fla57D.tmp Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Home\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\bY001[1].exe/data0002/data0002 Infected: not-a-virus:AdWare.Win32.TTC.b skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\bY001[1].exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.b skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\bY001[1].exe/data0006 Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\bY001[1].exe/data0007 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\bY001[1].exe/data0008 Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\bY001[1].exe/data0009 Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\bY001[1].exe NSIS: infected - 6 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\alt[1].exe Infected: Packed.Win32.Tibs.y skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\user4[1].exe Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0ESEWVWE\acdt-pid67N[1].exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0ESEWVWE\acdt-pid67N[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QANJTGBZ\retadpu[1].exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Documents\Settings\bot.dll.vir Infected: Trojan-Proxy.Win32.Xorpix.ar skipped
C:\QooBox\Quarantine\C\Documents and Settings\Home\APPLIC~1\SSTEM~1\alg.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.ej skipped
C:\QooBox\Quarantine\C\Documents and Settings\Home\MYDOCU~1\MANTEC~1\nеtdde.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\QooBox\Quarantine\C\Program Files\codec_setup.exe.vir/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bxn skipped
C:\QooBox\Quarantine\C\Program Files\codec_setup.exe.vir/stream Infected: Trojan-Downloader.Win32.Zlob.bxn skipped
C:\QooBox\Quarantine\C\Program Files\codec_setup.exe.vir NSIS: infected - 2 skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1162OinAdmin.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\QooBox\Quarantine\C\Program Files\Magicantispy.vir\Magicantispy0.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped
C:\QooBox\Quarantine\C\Program Files\Magicantispy.vir\Magicantispy3.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir NSIS: infected - 2 skipped
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\WINDOWS\blxxpty.exe.vir Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\QooBox\Quarantine\C\WINDOWS\cfg32.exe.vir Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\QooBox\Quarantine\C\WINDOWS\cfg32a.exe.vir Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\QooBox\Quarantine\C\WINDOWS\qwr67.exe.vir/data0004 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\QooBox\Quarantine\C\WINDOWS\qwr67.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\a3dx8.dll.vir Infected: Trojan-Downloader.Win32.Tibs.ld skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\alt.exe.exe.vir Infected: Packed.Win32.Tibs.y skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\alt.exe.vir Infected: Packed.Win32.Tibs.y skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\b06FdUe\b06FdUe1083.exe.vir Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\byxxxwu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dllh8jkd1q1.exe.vir Infected: Trojan-Downloader.Win32.Small.cxx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dllh8jkd1q2.exe.vir Infected: Email-Worm.Win32.Zhelatin.ga skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dllh8jkd1q5.exe.vir Infected: Email-Worm.Win32.Zhelatin.fr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dllh8jkd1q6.exe.vir Infected: Email-Worm.Win32.Zhelatin.ga skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dllh8jkd1q7.exe.vir Infected: Email-Worm.Win32.Zhelatin.ga skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\asc3550u.sys.vir Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir Infected: Rootkit.Win32.Agent.eq skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\ip6fw.sys.vir Infected: Rootkit.Win32.Agent.dp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\runtime2.sys.vir Infected: Rootkit.Win32.Agent.ey skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drvsov.dll.vir Infected: Trojan.Win32.Agent.qt skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hlpsrv.exe.vir Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\inkebme.dll.vir Infected: Trojan.Win32.Qhost.it skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\max1d1164v.exe.vir Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.i skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\max1d164v.exe.vir Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.j skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\Mcvk53.sys.vir Infected: Rootkit.Win32.Agent.ea skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nso12k.sys.vir Infected: Trojan-Downloader.Win32.Agent.bnz skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ovbolao\winlogon.exe.vir Infected: IM-Worm.Win32.VB.at skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pee.exe.exe.vir Infected: Packed.Win32.Tibs.y skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qhdrff.dll.vir Infected: Trojan.Win32.Qhost.it skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rpcc.exe.vir Infected: Trojan-Proxy.Win32.Dlena.ad skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\spoolsvv.exe.vir Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sqvx5gamet2.exe.vir Infected: Trojan-Downloader.Win32.Small.cxx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sqvxga6met3.exe.vir Infected: Trojan-Downloader.Win32.Small.cxx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sqvxga7met4.exe.vir Infected: Trojan-Downloader.Win32.Small.cxx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sxtpcfkp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\T1\kmhp83122.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.b skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\T1\kmhp83122.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\T11\z553.exe.vir Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\T3\am67.exe.vir Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\T3\wr716.exe.vir Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\T5\tns2.exe.vir Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\T6\amwr.exe.vir Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\T9\zn531.exe.vir Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vedxg4am1et2.exe.vir Infected: Email-Worm.Win32.Zhelatin.ga skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vedxg6ame4.exe.vir Infected: Email-Worm.Win32.Zhelatin.ga skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vedxga1me4t1.exe.vir Infected: Trojan-Downloader.Win32.Small.cxx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vedxga3me2.exe.vir Infected: Email-Worm.Win32.Zhelatin.ga skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vedxga4m1et4.exe.vir Infected: Packed.Win32.Tibs.av skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vedxga4me1.exe.vir Infected: Trojan-Proxy.Win32.Xorpix.be skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vedxga5me3.exe.vir Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vexg4am1et2.exe.vir Infected: Packed.Win32.Tibs.y skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vexga1me4t1.exe.vir Infected: Email-Worm.Win32.Zhelatin.ee skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vexga3me2.exe.vir Infected: Trojan-Downloader.Win32.Small.cxx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vexga4m1et4.exe.vir Infected: Email-Worm.Win32.Zhelatin.eo skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vexga4me1.exe.vir Infected: Trojan-Proxy.Win32.Xorpix.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vexga5me3.exe.vir Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\winjrs32.dll.vir Infected: Trojan.Win32.Agent.qt skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wjcjnbqn\wjcjnbqn1.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wjcjnbqn\wjcjnbqn2.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wjcjnbqn\wjcjnbqn3.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wmvds32.dll.vir Infected: Trojan-Downloader.Win32.VB.asx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\~.exe.vir Infected: Trojan-Downloader.Win32.Agent.bnn skipped
C:\QooBox\Quarantine\C\WINDOWS\TISKY009.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\QooBox\Quarantine\C\WINDOWS\zojed0578.exe.vir Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\QooBox\Quarantine\catchme2007-08-08_224337.95.zip/xpdx.sys Infected: Trojan-Clicker.Win32.Costrat.e skipped
C:\QooBox\Quarantine\catchme2007-08-08_224337.95.zip/ldcore.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\QooBox\Quarantine\catchme2007-08-08_224337.95.zip ZIP: infected - 2 skipped
C:\QooBox\Quarantine\catchme2007-08-11_ 00746.87.zip/ssqqqpm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\catchme2007-08-11_ 00746.87.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\up210.exe Infected: IM-Worm.Win32.VB.at skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dnsersnd.dll.bak Infected: Trojan-Clicker.Win32.Small.cf skipped
C:\WINDOWS\system32\etc.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\msdn_lib.dll.bak Infected: Trojan-Downloader.Win32.VB.apq skipped
C:\WINDOWS\system32\msorcl32.exe Infected: not-virus:Hoax.Win32.Renos.fn skipped
C:\WINDOWS\system32\pe.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\WINDOWS\system32\pjhin.dll.bak Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\WINDOWS\system32\T5QaSQ\T5QaSQ1083.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\WINDOWS\system32\TQ0\am52.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
unklejman is offline  
Old 08-13-2007, 04:50 AM   #9
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A



Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-43fcd038-1f1d8f25.zip"
"C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-5ecb1294-7a43721f.zip"
"C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-759bdc60-3e587a11.zip"
"C:\Documents and Settings\Home\Desktop\amp1083.exe"
"C:\Documents and Settings\Home\Desktop\setup1.exe"
"C:\Documents and Settings\Home\Desktop\SmitfraudFix.zip"
"C:\Documents and Settings\Home\Desktop\srchassis2.exe"
"C:\Documents and Settings\Home\Desktop\win321.exe"
"C:\Documents and Settings\Home\Desktop\[4]-Submit_2007-08-11_ 00007.35.zip"
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\bY001[1].exe"
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\alt[1].exe"
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\user4[1].exe"
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0ESEWVWE\acdt-pid67N[1].exe"
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QANJTGBZ\retadpu[1].exe"
C:\up210.exe
C:\WINDOWS\system32\dnsersnd.dll.bak
C:\WINDOWS\system32\etc.exe
C:\WINDOWS\system32\msdn_lib.dll.bak
C:\WINDOWS\system32\pe.exe
C:\WINDOWS\system32\pjhin.dll.bak
) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (
"C:\Documents and Settings\Home\Desktop\SmitfraudFix"
C:\backups
"C:\WINDOWS\system32\T5QaSQ"
"C:\WINDOWS\system32\TQ0"
"%systemdrive%\VundoFix Backups"
%systemdrive%\Deckard
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Disable("")>SR.vbs
echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Enable("")>>SR.vbs
wscript SR.vbs

(
echo.REGEDIT4&echo.
echo.[hkey_current_user\software\microsoft\windows\currentversion\explorer\advanced]
echo."hidden"=dword:00000002
echo."hidefileext"=dword:00000001
echo."showsuperhidden"=dword:00000000
)>rehide.reg

regedit /s rehide.reg
del rehide.reg SR.vbs
nircmd wait 7000
del %0
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says
__________________

sUBs is offline  
Old 08-18-2007, 09:35 PM   #10
Guest
 
Join Date: Jul 2006
Posts: 34
OS:



Hi, I'm still here. My girl friend was only in town for a little bit so I am going to have to prepare the steps for her if necessary and walk her through it.
unklejman is offline  
Old 08-28-2007, 09:04 PM   #11
Guest
 
Join Date: Jul 2006
Posts: 34
OS:



Ok, sorry for the delay. She said it ran then said "Deleted Successfully" then closed.
unklejman is offline  
Old 08-29-2007, 12:27 AM   #12
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A



Please post a fresh Hijackthis log
__________________

sUBs is offline  
Old 09-05-2007, 08:26 AM   #13
Guest
 
Join Date: Jul 2006
Posts: 34
OS:



Logfile of HijackThis v1.99.1
Scan saved at 8:52:03 PM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Dell\QuickSet\quickset.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell QuickSet] C:\PROGRA~1\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - https://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - https://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{078F3AB1-A1AB-487E-BC08-864A4CC4F9AD}: NameServer = 195.140.142.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{67EB8532-0C13-4171-B6BD-C628F9397FEC}: NameServer = 195.140.142.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD572067-9923-4106-BC76-0DE5156309CB}: NameServer = 195.140.142.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{078F3AB1-A1AB-487E-BC08-864A4CC4F9AD}: NameServer = 195.140.142.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
unklejman is offline  
Old 09-10-2007, 08:15 PM   #14
Guest
 
Join Date: Jul 2006
Posts: 34
OS:



Hi, have you had a chance to review the new log? Just a reminder, thanks!
unklejman is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
System running very slow
Hi, I'm new to posting on a forum so bear with me. My system has started running very slow. I have Norton Anti Virus which loads at startup and I regularly run Spybot, Ad-aware, and Spysweeper. When I opened tools in Spybot I noticed a entry in the start up list which had no description but the...
rcalvin Inactive Malware Help Topics 17 08-13-2006 11:22 PM
new hijackthis log, please help!
been away for 5 months and the family machine is in a bit of a mess. could you check my log and tell me what needs to be done. thanks shaun Logfile of HijackThis v1.99.1 Scan saved at 19:28:09, on 31/05/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1...
el-picto Resolved HJT Threads 11 06-11-2006 04:14 AM
Computer continually resets, only loads in safe mode
Hi, my computer wont load. it gets as far as teh loading screen, and at the poin where i would expect teh desktop to load, it resets. the only way i can get it running is in safe mode. i have scanned my comp using the newest definitions of my scan programs, but nothing works, here is my log: ...
2eXtreme Inactive Malware Help Topics 37 03-02-2006 12:51 PM
Computer Boot Up Problems
Hi, I’m posting this message on several computer help forums, hoping that someone out there knows the answer to my question. This is extreamly complex so I will try to be as detailed as possible. If you need more info just ask, Thanks. Shuttle XPC SN45GV2 / FN45 Motherboard Shuttle 250W Power...
david_97531 Windows XP Support 7 01-07-2005 08:35 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:07 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts