Had tk89 and firefox keeps crashing! Please help.

Hello n00B_mUrdEr and welcome,

Please do not fix or delete anything just yet.

Before I begin, I'd like to see a more comprehensive set of logs.

As noted in the final step (Step 5) of our sticky topic IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review.
• DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:
   C:\Deckard\System Scanner\extra.txt
   ​
3. Click Upload.

Please include the following in your next reply:

main.txt
an attached extra.txt

Deckard's System Scanner v20071014.68
Run by Sean on 2008-03-24 12:42:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


-- Last 5 Restore Point(s) --
44: 2008-03-23 21:25:29 UTC - RP44 - Removed Windows Live Messenger
43: 2008-03-23 21:24:31 UTC - RP43 - Removed Windows Live installer
42: 2008-03-22 23:03:57 UTC - RP42 - System Checkpoint
41: 2008-03-20 09:39:27 UTC - RP41 - System Checkpoint
40: 2008-03-18 14:05:42 UTC - RP40 - System Checkpoint


-- First Restore Point --
1: 2008-03-03 20:05:27 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Sean.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:38 PM, on 3/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Sean\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Sean.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0B52C7EC-D1A3-4054-923C-DD12567F28B1} - C:\WINDOWS\system32\opnnmlk.dll
O2 - BHO: (no name) - {2CA3E38D-1F16-4701-B57C-1791FAD35438} - C:\Program Files\Online Services\xubi89104.dll
O2 - BHO: (no name) - {65e3e473-108c-4617-b28d-d67317c3ef57} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8502D7B8-3916-4BE1-80A1-F92A88416B94} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {a14dce17-deb5-3a8a-82f4-9505811a5bc9} - {9cb5a118-5059-4f28-a8a3-5bed71ecd41a} - C:\WINDOWS\system32\qamyefwc.dll
O2 - BHO: (no name) - {A22D5DA5-7E0D-4D3D-8A52-B93325E2CB58} - C:\WINDOWS\system32\gebyy.dll (file missing)
O2 - BHO: 0 - {CFED1244-157F-4224-8D92-FF010449B6CE} - C:\Program Files\MSN Gaming Zone\lavu196.dll
O2 - BHO: (no name) - {D085B8E5-3D0E-4239-815F-649D382D2994} - C:\WINDOWS\system32\geeby.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [8c3f7805] rundll32.exe "C:\WINDOWS\system32\wusrhhok.dll",b
O4 - HKLM\..\Run: [BM8f0c4b99] Rundll32.exe "C:\WINDOWS\system32\cuqrpvkn.dll",s
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: opnnmlk - C:\WINDOWS\SYSTEM32\opnnmlk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4517 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_17FE&DEV_2120&SUBSYS_00201737&REV_00\3&61AAA01&0&40
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_17FE&DEV_2120&SUBSYS_00201737&REV_00\3&61AAA01&0&40
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys NC100 Fast Ethernet Adapter
Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05701317&REV_11\3&61AAA01&0&48
Manufacturer: Linksys
Name: Linksys NC100 Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05701317&REV_11\3&61AAA01&0&48
Service: AN983


-- Scheduled Tasks -------------------------------------------------------------

2008-03-19 07:08:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-02-24 and 2008-03-24 -----------------------------

2008-03-24 06:50:20 0 dr-h----- C:\Documents and Settings\Sean\Recent
2008-03-24 02:17:27 90176 --a------ C:\WINDOWS\system32\wusrhhok.dll
2008-03-24 02:14:27 92736 --a------ C:\WINDOWS\system32\qamyefwc.dll
2008-03-24 02:11:27 90176 --a------ C:\WINDOWS\system32\cuqrpvkn.dll
2008-03-24 01:49:14 135168 --a------ C:\WINDOWS\tk58.exe
2008-03-24 01:21:14 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-03-23 10:45:52 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-23 10:45:28 0 d-------- C:\Program Files\Windows Live
2008-03-23 10:45:22 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-23 02:14:01 92736 --a------ C:\WINDOWS\system32\esgtjgyt.dll
2008-03-23 02:11:01 90176 --a------ C:\WINDOWS\system32\mlyfkvty.dll
2008-03-23 02:08:41 92224 --a------ C:\WINDOWS\system32\wadefrpa.dll
2008-03-23 02:08:00 342309 --ahs---- C:\WINDOWS\system32\ybeeg.ini2
2008-03-23 02:07:57 272896 --a------ C:\WINDOWS\system32\geeby.dll
2008-03-22 00:50:30 0 d-------- C:\Program Files\Trend Micro
2008-03-22 00:49:18 0 d-------- C:\VundoFix Backups
2008-03-19 03:54:55 0 d-------- C:\Documents and Settings\Sean\Application Data\Recordpad
2008-03-19 03:54:33 0 d-------- C:\Program Files\NCH Swift Sound
2008-03-19 01:10:10 0 d-------- C:\Program Files\AAMS
2008-03-14 01:29:39 0 d-------- C:\Program Files\Incomplete
2008-03-14 01:25:46 0 d-------- C:\Program Files\LimeWire
2008-03-06 23:30:32 0 d-------- C:\Documents and Settings\Sean\Application Data\FinalBurner Audio CD
2008-03-06 23:28:11 0 d-------- C:\Program Files\FinalBurner
2008-03-06 23:04:35 0 d-------- C:\Program Files\VirtualDJ
2008-03-06 17:14:56 0 d-------- C:\WINDOWS\Sun
2008-03-06 17:14:56 0 d-------- C:\Documents and Settings\Sean\Application Data\Sun
2008-03-04 13:38:27 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-03-04 13:35:53 24576 --a------ C:\WINDOWS\system32\SmartSubClass.dll <Not Verified; VBSmart; VBSmart SubClass>
2008-03-04 13:35:51 0 d-------- C:\Program Files\Free MP3 Converter
2008-03-03 14:06:55 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-03-03 13:53:37 0 d-------- C:\Documents and Settings\Sean\Application Data\Symantec
2008-03-03 13:39:37 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-03 13:28:37 77 --a------ C:\Documents and Settings\Sean\3854.bat
2008-03-03 13:13:09 77 --a------ C:\Documents and Settings\Sean\7711.bat
2008-03-03 13:13:04 36864 --a------ C:\Documents and Settings\Sean\services.exe
2008-03-03 13:07:33 0 d-------- C:\Documents and Settings\Administrator.SEAN-1937522E91.000\Favorites
2008-03-03 13:07:33 0 d-------- C:\Documents and Settings\Administrator.SEAN-1937522E91.000\Desktop
2008-03-03 13:07:33 0 d---s---- C:\Documents and Settings\Administrator.SEAN-1937522E91.000\Cookies
2008-03-03 13:07:33 0 dr-h----- C:\Documents and Settings\Administrator.SEAN-1937522E91.000\Application Data
2008-03-03 13:07:33 0 d---s---- C:\Documents and Settings\Administrator.SEAN-1937522E91.000\Application Data\Microsoft
2008-03-03 13:07:32 0 d--h----- C:\Documents and Settings\Administrator.SEAN-1937522E91.000\Templates
2008-03-03 13:07:32 0 dr------- C:\Documents and Settings\Administrator.SEAN-1937522E91.000\Start Menu
2008-03-03 13:07:32 0 dr-h----- C:\Documents and Settings\Administrator.SEAN-1937522E91.000\SendTo
2008-03-03 13:07:32 0 d--h----- C:\Documents and Settings\Administrator.SEAN-1937522E91.000\Recent
2008-03-03 13:07:32 0 d--h----- C:\Documents and Settings\Administrator.SEAN-1937522E91.000\PrintHood
2008-03-03 13:07:32 524288 --ah----- C:\Documents and Settings\Administrator.SEAN-1937522E91.000\NTUSER.DAT
2008-03-03 13:07:32 0 d--h----- C:\Documents and Settings\Administrator.SEAN-1937522E91.000\NetHood
2008-03-03 13:07:32 0 d-------- C:\Documents and Settings\Administrator.SEAN-1937522E91.000\My Documents
2008-03-03 13:07:32 0 d--h----- C:\Documents and Settings\Administrator.SEAN-1937522E91.000\Local Settings
2008-03-03 13:00:05 0 d--hs---- C:\WINDOWS\U2VhbidzIENvbXB1dGVy
2008-03-03 13:00:02 35328 --a------ C:\WINDOWS\system32\opnnmlk.dll
2008-03-03 12:59:58 0 d-------- C:\Temp
2008-03-01 23:12:22 0 d-------- C:\Documents and Settings\Sean\Application Data\Acoustica
2008-03-01 23:12:18 57344 --a------ C:\WINDOWS\system32\Wnaspint.dll <Not Verified; NexiTech, Inc.; NexiTech ASPI for Win32>
2008-03-01 23:12:16 0 d-------- C:\Program Files\Acoustica Shared Effects
2008-03-01 23:11:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Acoustica
2008-02-29 06:58:57 0 d-------- C:\WINDOWS\system32\appmgmt
2008-02-27 23:35:51 0 d-------- C:\Program Files\Audacity
2008-02-27 23:24:08 0 d-------- C:\Program Files\NCH Software
2008-02-27 23:24:00 0 d-------- C:\Documents and Settings\Sean\Application Data\NCH Swift Sound
2008-02-27 23:23:28 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-27 23:19:34 0 d-------- C:\Documents and Settings\Sean\Application Data\LimeWire
2008-02-27 23:18:31 0 d-------- C:\Program Files\Java
2008-02-27 23:18:03 0 d-------- C:\Program Files\Common Files\Java
2008-02-27 20:02:54 2977792 -----n--- C:\WINDOWS\UNNMP.exe <Not Verified; Nero AG; Nero Web Engine>
2008-02-27 19:58:03 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-02-27 19:57:19 0 d-------- C:\Program Files\Common Files\Nero
2008-02-27 19:56:10 2973696 -----n--- C:\WINDOWS\UNNeroVision.exe <Not Verified; Nero AG; Nero Web Engine>
2008-02-27 19:54:36 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-02-27 19:54:36 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-27 19:54:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-02-27 19:54:35 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-27 19:54:34 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-27 19:54:32 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-02-27 19:54:32 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-02-27 19:54:20 0 d-------- C:\Program Files\Common Files\Ahead
2008-02-27 19:54:15 0 d-------- C:\Program Files\Ahead
2008-02-24 18:17:48 0 d-------- C:\Documents and Settings\Sean\Application Data\Apple Computer
2008-02-24 18:17:35 0 d-------- C:\Program Files\iPod
2008-02-24 18:17:29 0 d-------- C:\Program Files\iTunes
2008-02-24 18:17:19 0 d-------- C:\Program Files\Bonjour
2008-02-24 18:16:48 0 d-------- C:\Program Files\QuickTime
2008-02-24 18:16:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-24 18:16:29 0 d-------- C:\Program Files\Apple Software Update
2008-02-24 18:16:07 0 d-------- C:\Program Files\Common Files\Apple
2008-02-24 18:16:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-24 13:37:37 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-02-24 13:37:37 0 d-------- C:\Program Files\VstPlugins
2008-02-24 13:36:15 0 d-------- C:\Program Files\Image-Line


-- Find3M Report ---------------------------------------------------------------

2008-03-24 01:49:15 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-23 10:45:52 0 d-------- C:\Program Files\Common Files
2008-03-22 00:32:26 0 d-------- C:\Program Files\Trillian
2008-03-13 14:08:27 0 d-------- C:\Program Files\Yahoo!
2008-03-03 13:00:01 0 d-------- C:\Program Files\Online Services
2008-02-29 12:03:22 1024 --a------ C:\Documents and Settings\Sean\Application Data\WavCodec.wff
2008-02-29 07:00:28 0 d-------- C:\Documents and Settings\Sean\Application Data\Yahoo!
2008-02-23 19:41:55 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-22 00:47:40 0 d-------- C:\Program Files\SpeedSim
2008-02-21 18:00:31 0 d-------- C:\Documents and Settings\Sean\Application Data\Macromedia
2008-02-21 18:00:04 0 d-------- C:\Documents and Settings\Sean\Application Data\Adobe
2008-02-21 17:27:41 0 d-------- C:\Program Files\CCleaner
2008-02-21 05:45:57 0 d-------- C:\Program Files\Messenger
2008-02-20 23:29:22 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-20 23:29:20 0 d-------- C:\Documents and Settings\Sean\Application Data\Mozilla
2008-02-20 23:18:33 0 d-------- C:\Documents and Settings\Sean\Application Data\Identities
2008-02-20 23:12:22 0 d-------- C:\Program Files\microsoft frontpage
2008-02-20 23:11:58 0 -rahs---- C:\MSDOS.SYS
2008-02-20 23:11:58 0 -rahs---- C:\IO.SYS
2008-02-20 23:11:58 0 --a------ C:\CONFIG.SYS
2008-02-20 23:11:58 0 --a------ C:\AUTOEXEC.BAT
2008-02-20 23:10:22 0 d--h----- C:\Program Files\WindowsUpdate
2008-02-20 23:09:25 0 d-------- C:\Program Files\Common Files\MSSoap
2008-02-20 23:09:17 0 d-------- C:\Program Files\Movie Maker
2008-02-20 23:07:41 0 d-------- C:\Program Files\Windows NT
2008-02-20 15:58:27 0 d-------- C:\Program Files\Common Files\ODBC
2008-02-20 15:58:24 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-02-20 15:57:59 62 --ahs---- C:\Documents and Settings\Sean\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B52C7EC-D1A3-4054-923C-DD12567F28B1}]
03/03/2008 01:00 PM 35328 --a------ C:\WINDOWS\system32\opnnmlk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2CA3E38D-1F16-4701-B57C-1791FAD35438}]
02/07/2008 06:07 PM 217088 --a------ C:\Program Files\Online Services\xubi89104.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65e3e473-108c-4617-b28d-d67317c3ef57}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8502D7B8-3916-4BE1-80A1-F92A88416B94}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9cb5a118-5059-4f28-a8a3-5bed71ecd41a}]
03/24/2008 02:14 AM 92736 --a------ C:\WINDOWS\system32\qamyefwc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A22D5DA5-7E0D-4D3D-8A52-B93325E2CB58}]
C:\WINDOWS\system32\gebyy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFED1244-157F-4224-8D92-FF010449B6CE}]
03/24/2008 01:49 AM 70144 --a------ C:\Program Files\MSN Gaming Zone\lavu196.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D085B8E5-3D0E-4239-815F-649D382D2994}]
03/23/2008 02:07 AM 272896 --a------ C:\WINDOWS\system32\geeby.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM]
"8c3f7805"="C:\WINDOWS\system32\wusrhhok.dll" [03/24/2008 02:17 AM]
"BM8f0c4b99"="C:\WINDOWS\system32\cuqrpvkn.dll" [03/24/2008 02:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [02/20/2008 07:15 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0B52C7EC-D1A3-4054-923C-DD12567F28B1}"= C:\WINDOWS\system32\opnnmlk.dll [03/03/2008 01:00 PM 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnmlk]
opnnmlk.dll 03/03/2008 01:00 PM 35328 C:\WINDOWS\system32\opnnmlk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geeby.dll




-- End of Deckard's System Scanner: finished at 2008-03-24 12:43:27 ------------

Thank you, n00B_mUrdEr.

You are still very much infected.

I don't know what BM8f0c4b99 is, it's logging times/dates/and some other information.

Click to expand...

Before we begin the removal, the malware fighting experts may be interested in seeing what type of information that file is capturing. Would you be kind enough to submit the contents of that file to this secure site --> http://www.bleepingcomputer.com/submit-malware.php?channel=28 and include a link to this topic in the message.

After you've done that...

We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware.

• When the tool is finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

Thank you for letting me know.

Now would be a good time to set this system up for optimum protection. One of the first things I noticed is that you did not have an onboard Anti Virus program.

You must install an AV, connecting to the Internet without antivirus protection is a "Welcome" doormat for malware.

Here are 2 very good free Antivirus products which are available:

• Download Avira AntiVir PersonalEdition Classic.
• AVG

Select one of these, or another of your choice. Download, install, update definitions, and run a full system scan.

======================

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

• It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.