Jump to content

Archived

This topic is now archived and is closed to further replies.

oneslowz28

Can someone please look at my HJT log? Help!

Recommended Posts

I am a photographer and have to mail out 8 dvds tomorrow to customers and am worried that these malwares will infect my customers computers. Please take a look at this hiackthis log and tell me what I can do to fix these problems.

 

----------------------------------------------------------------------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 8:25:27 AM, on 6/3/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\csrss.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\WINDOWS\notepad.exe

C:\Program Files\Common Files\AOL\1135987853\ee\aolsoftware.exe

c:\program files\common files\aol\1135987853\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe

C:\WINDOWS\System32\Explorer.exe

C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yourphotoforum.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)

O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)

O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)

O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\System32\msdn_lib.dll

O2 - BHO: (no name) - {4D98754B-0B73-4057-986A-0D0F5479C22d} - C:\WINDOWS\System32\jpibndwp.dll (file missing)

O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)

O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)

O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)

O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll (file missing)

O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)

O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)

O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll (file missing)

O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)

O2 - BHO: (no name) - {CA2CFBDE-0F94-491B-9286-00C60C553954} - C:\WINDOWS\System32\iiffcax.dll (file missing)

O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\System32\rxrkulsf.dll

O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)

O2 - BHO: (no name) - {E6B95576-83C3-478C-9A97-854B76FDE546} - C:\WINDOWS\System32\ddcca.dll (file missing)

O2 - BHO: 0 - {F47682B5-068A-40D3-219E-3E6A510A2BEC} - C:\Program Files\Internet Explorer\lavuqaluc182.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll

O4 - HKLM\..\Run: [nifeuzqA] C:\WINDOWS\nifeuzqA.exe

O4 - HKLM\..\Run: [iESet] IExplorer.dll .dbt

O4 - HKLM\..\RunServices: [iESet] IExplorer.dll .dbt

O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe

O4 - HKCU\..\Run: [userinit] C:\WINDOWS\System32\ntos.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b

O4 - HKCU\..\Run: [iESet] IExplorer.dll .dbt

O4 - HKLM\..\Policies\Explorer\Run: [svchost] C:\WINDOWS\svchost.exe

O4 - HKCU\..\Policies\Explorer\Run: [{F418D279-0448-1033-1201-010012180001}] "C:\Program Files\Common Files\{F418D279-0448-1033-1201-010012180001}\Update.exe" te-110-12-0000213

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\System32\ntos.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [iESet] IExplorer.dll .dbt (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{F418D279-0448-1033-1201-010012180001}] "C:\Program Files\Common Files\{F418D279-0448-1033-1201-010012180001}\Update.exe" te-110-12-0000213 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{F418D279-0448-1033-1201-010012180001}] "C:\Program Files\Common Files\{F418D279-0448-1033-1201-010012180001}\Update.exe" te-110-12-0000213 (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DE2F2FC1-539C-4873-927A-8A91760C0436}: NameServer = 205.188.146.145

O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll

O20 - Winlogon Notify: __c002B90 - C:\WINDOWS\

O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\vfbjzgp.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\vfbjzgp.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe

O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\nifeuzq.exe

O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\profsyfsyfseb.html

O24 - Desktop Component 1: (no name) - C:\Program Files\Internet Explorer\profsyfsyfseb.html

 

--

End of file - 7349 bytes

Share this post


Link to post
Share on other sites

Hello oneslowz28,

:wp:

 

You got yourself in quite a pickle here. :hammer: You have NO AntiVirus running either......we have a lot of work to do.

 

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)

O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)

O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)

O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\System32\msdn_lib.dll

O2 - BHO: (no name) - {4D98754B-0B73-4057-986A-0D0F5479C22d} - C:\WINDOWS\System32\jpibndwp.dll (file missing)

O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)

O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)

O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)

O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)

O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll (file missing)

O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)

O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)

O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll (file missing)

O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)

O2 - BHO: (no name) - {CA2CFBDE-0F94-491B-9286-00C60C553954} - C:\WINDOWS\System32\iiffcax.dll (file missing)

O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\System32\rxrkulsf.dll

O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)

O2 - BHO: (no name) - {E6B95576-83C3-478C-9A97-854B76FDE546} - C:\WINDOWS\System32\ddcca.dll (file missing)

O2 - BHO: 0 - {F47682B5-068A-40D3-219E-3E6A510A2BEC} - C:\Program Files\Internet Explorer\lavuqaluc182.dll

O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll

O4 - HKLM\..\Run: [nifeuzqA] C:\WINDOWS\nifeuzqA.exe

O4 - HKLM\..\Run: [iESet] IExplorer.dll .dbt

O4 - HKLM\..\RunServices: [iESet] IExplorer.dll .dbt

O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe

O4 - HKCU\..\Run: [userinit] C:\WINDOWS\System32\ntos.exe

O4 - HKCU\..\Run: [iESet] IExplorer.dll .dbt

O4 - HKLM\..\Policies\Explorer\Run: [svchost] C:\WINDOWS\svchost.exe

O4 - HKCU\..\Policies\Explorer\Run: [{F418D279-0448-1033-1201-010012180001}] "C:\Program Files\Common Files\{F418D279-0448-1033-1201-010012180001}\Update.exe" te-110-12-0000213

O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\System32\ntos.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [iESet] IExplorer.dll .dbt (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{F418D279-0448-1033-1201-010012180001}] "C:\Program Files\Common Files\{F418D279-0448-1033-1201-010012180001}\Update.exe" te-110-12-0000213 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{F418D279-0448-1033-1201-010012180001}] "C:\Program Files\Common Files\{F418D279-0448-1033-1201-010012180001}\Update.exe" te-110-12-0000213 (User 'Default user')

O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll

O20 - Winlogon Notify: __c002B90 - C:\WINDOWS\

O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\vfbjzgp.dll

O22 - SharedTaskScheduler: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\vfbjzgp.dll

O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe

O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\nifeuzq.exe

O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\profsyfsyfseb.html

O24 - Desktop Component 1: (no name) - C:\Program Files\Internet Explorer\profsyfsyfseb.html

 

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

 

Navigate to and delete the following files :

 

C:\Program Files\Internet Explorer\profsyfsyfseb.html

C:\Program Files\Windows Media Player\profsyfsyfseb.html

 

Note that the file will be found in two different, legit folders.

 

Then Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),

 

Also remove the checkmark from the the Lock Desktop Items box if it is checked.

Apply.

Apply and Exit Display properties.

 

1. Download this file - combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

 

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall.

 

Get an AV on the system! AVG, Avira OR Avast are good FREE antivirus. Run a full system scan when you get it installed. Be sure you do this AFTER you run ComboFix. I don't want to inadvertantly delete any installers/uninstallers we might need. Let me know how it's running.

 

Thanks,

tea

Share this post


Link to post
Share on other sites

Teacup. Thanks for the help. I did everything you said except for the AV programs. I'm going to head to walmart or bestbuy in a few min to pick up norton.

 

Heres the logs you wanted. HTJ and Combofix

--------------------------------------------------------------------------------------------------------------------------

HTJ Log.

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 2:49:51 PM, on 6/3/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\notepad.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\Program Files\Common Files\AOL\1135987853\ee\aolsoftware.exe

c:\program files\common files\aol\1135987853\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe

C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yourphotoforum.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Policies\Explorer\Run: [svchost] C:\WINDOWS\svchost.exe

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DE2F2FC1-539C-4873-927A-8A91760C0436}: NameServer = 205.188.146.145

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

 

--

End of file - 3040 bytes

 

--------------------------------------------------------------------------------------------------------------------------

 

 

 

-------------------------------------------------------------------------------------------------------------------------

 

ComboFix log.

 

"Administrator" - 2007-06-03 14:37:46 Service Pack 1 NTFS

ComboFix 07-06-3 - Running from: "C:\Documents and Settings\Administrator\Desktop\"

 

ADS removed - svchost.exe: deleted 68 bytes in 1 streams.

 

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\nxuosthj.dll

C:\WINDOWS\system32\oaybjddd.dll

C:\WINDOWS\system32\rxrkulsf.dll

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

 

-- Purity Folders:

C:\79748711.exe

C:\DOCUME~1\ADMINI~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\A9636ZBM\www.broadcaster.com

C:\DOCUME~1\ADMINI~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\DOCUME~1\ADMINI~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft\25319.dat

C:\DOCUME~1\ADMINI~1\APPLIC~1\SKS~1

C:\DOCUME~1\ADMINI~1\MYDOCU~1\SCURIT~1

C:\DOCUME~1\ADMINI~1\MYDOCU~1\YMANTE~1

C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon

C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\domains.txt

C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\log.txt

C:\Documents and Settings\All Users.\documents\settings

C:\Documents and Settings\All Users.\documents\settings\desktop.ini

C:\Documents and Settings\All Users.\documents\settings\partnership.dll

C:\Program Files\Common Files\{3418D~1

C:\Program Files\Common Files\{F418D~1

C:\Program Files\inetget2

C:\Program Files\Internet Explorer\lavuqaluc.dll

C:\Program Files\Internet Explorer\lavuqaluc182.dll

C:\Program Files\ipwindows

C:\Temp\0b9

C:\Temp\0b9\tmpTF.log

C:\Temp\tn3

C:\WINDOWS\764.exe

C:\WINDOWS\b122.exe

C:\WINDOWS\cfg32a.exe

C:\WINDOWS\cfg32s.dll

C:\WINDOWS\cs_cache.ini

C:\WINDOWS\csrss.exe

C:\WINDOWS\dls0523pmw.exe

C:\WINDOWS\Duce6.exe

C:\WINDOWS\notedad.exe

C:\WINDOWS\offun.exe

C:\WINDOWS\rau001978.exe

C:\WINDOWS\Setup89.exe

C:\WINDOWS\stub_mma2.exe

C:\WINDOWS\svchost.exe

C:\WINDOWS\system32\dlh9jkd1q2.exe

C:\WINDOWS\system32\dlh9jkd1q5.exe

C:\WINDOWS\system32\dlh9jkd1q6.exe

C:\WINDOWS\system32\dlh9jkd1q7.exe

C:\WINDOWS\system32\dlh9jkd1q8.exe

C:\WINDOWS\system32\drivers\core.sys

C:\WINDOWS\system32\drivers\ip6fw.sys

C:\windows\system32\explorer.exe

C:\WINDOWS\system32\IExplorer.dll .dbt

C:\WINDOWS\system32\KB07376580.exe

C:\WINDOWS\system32\KB12931930.exe

C:\WINDOWS\system32\KB18561603.exe

C:\WINDOWS\system32\KB21542167.exe

C:\WINDOWS\system32\KB26583367.exe

C:\WINDOWS\system32\KB28125911.exe

C:\WINDOWS\system32\KB34040802.exe

C:\WINDOWS\system32\KB52383366.exe

C:\WINDOWS\system32\KB66507128.exe

C:\WINDOWS\system32\KB76775265.exe

C:\WINDOWS\system32\KB93427757.exe

C:\WINDOWS\system32\KB93736873.exe

C:\WINDOWS\system32\KB96926207.exe

C:\WINDOWS\system32\koos.exe

C:\WINDOWS\system32\kprof

C:\WINDOWS\system32\mp43.exe

C:\WINDOWS\system32\pog

C:\WINDOWS\system32\poof

C:\WINDOWS\system32\RunOnce2.t__

C:\WINDOWS\system32\T3

C:\WINDOWS\system32\T3\dlltk67.exe

C:\WINDOWS\system32\T4

C:\WINDOWS\system32\T4\d5ll.exe

C:\WINDOWS\system32\vfbjzgp.dll

C:\WINDOWS\system32\vx.tll

C:\WINDOWS\system32\windbg48.sys

C:\WINDOWS\system32\wmvds32.dll

C:\WINDOWS\system32\wsnpoem

C:\WINDOWS\system32\wsnpoem\audio.dll

C:\WINDOWS\system32\wsnpoem\video.dll

C:\WINDOWS\system32RunOnce2.t__

C:\WINDOWS\system32RunOnce2.tm_

C:\WINDOWS\uni_e6h.exe

C:\WINDOWS\uninst108.exe

C:\WINDOWS\Uninst2.htm

C:\WINDOWS\Unist1.htm

C:\WINDOWS\wr.txt

C:\xcrashdump.dat

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_CORE

-------\LEGACY_NET_AGENT

-------\LEGACY_POOF

-------\LEGACY_RUNTIME

-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS

-------\core

-------\Net Agent

-------\Runtime

-------\windbg48

-------\Windows Overlay Components

 

 

((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 )))))))))))))))))))))))))))))))

 

 

2007-06-03 14:41 <DIR> d--h----- C:\Program Files\WindowsUpdate

2007-06-03 14:40 <DIR> d-------- C:\Avenger

2007-06-03 07:40 176,503 --a------ C:\WINDOWS\system32\pmnnk.dll

2007-06-03 07:28 <DIR> d-------- C:\VundoFix Backups

2007-06-02 14:53 2,580 --a------ C:\WINDOWS\system32\hxfepdeo.exe

2007-06-02 14:50 13,357 --a------ C:\WINDOWS\system32\KB_963493.exe

2007-06-02 13:09 2,580 --a------ C:\WINDOWS\system32\htemlmte.exe

2007-06-02 13:09 131,124 --a------ C:\WINDOWS\system32\wmsetugu.dll

2007-06-02 12:17 <DIR> d-------- C:\Program Files\RegSupreme Pro

2007-06-02 11:54 <DIR> d-------- C:\WINDOWS\Prefetch

2007-06-02 11:45 2,580 --a------ C:\WINDOWS\system32\uvxynvih.exe

2007-06-01 11:45 131,124 --a------ C:\WINDOWS\system32\nqlvkvla.dll

2007-06-01 10:33 14,868 --a------ C:\WINDOWS\system32\mamalkkg.exe

2007-06-01 10:33 10,752 --a------ C:\WINDOWS\system32\j0271230.dll

2007-05-31 07:58 0 --a------ C:\WINDOWS\system32\it_reg.exe

2007-05-31 07:53 <DIR> d-------- C:\WINDOWS\system32\TQ0

2007-05-31 07:53 <DIR> d-------- C:\WINDOWS\system32\T7

2007-05-31 07:53 <DIR> d-------- C:\WINDOWS\system32\T6

2007-05-31 07:53 <DIR> d-------- C:\Program Files\myCleanerPC

2007-05-31 07:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\myCleanerPC

2007-05-31 07:52 18,432 --a------ C:\WINDOWS\sysrlb32.exe

2007-05-31 04:58 <DIR> d-------- C:\WINDOWS\system32\T5QaSQ

2007-05-31 04:55 14,390 --a------ C:\sysbhpv.exe

2007-05-28 11:56 142,336 --a------ C:\WINDOWS\win32069847-199692007.exe

2007-05-27 21:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Canon

2007-05-27 21:25 <DIR> d-------- C:\Program Files\Common Files\Canon

2007-05-27 21:25 <DIR> d-------- C:\Program Files\Canon

2007-05-22 22:53 49,152 --a------ C:\WINDOWS\win32097-199699842007.exe

2007-05-20 00:54 46,592 --a------ C:\WINDOWS\zhkhxts.exe

2007-05-20 00:54 1,161,920 -r-hs---- C:\WINDOWS\zhkhxtsA.exe

2007-05-14 10:09 19,520 --a------ C:\WINDOWS\system32\tMMOA2C8.exe

2007-05-03 03:06 <DIR> d-------- C:\Program Files\directx

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2008-05-03 20:18:21 -------- d-----w C:\Program Files\Kaspersky Lab

2008-04-30 06:13:35 -------- d-----w C:\Program Files\IndustryGiant 2

2008-04-30 03:01:28 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\GetRightToGo

2007-06-03 18:03:36 4 ----a-w C:\WINDOWS\system32\stfv.bin

2007-06-02 16:06:51 13,291 ----a-w C:\WINDOWS\qwr67.exe

2007-05-31 11:53:06 12 ----a-w C:\WINDOWS\system32\sl.bin

2007-05-31 11:52:30 12 ----a-w C:\WINDOWS\system32\gtv_sd.bin

2007-05-25 09:45:55 -------- d-----w C:\Program Files\Common Files\AOL

2007-05-20 06:04:03 3,286 ----a-w C:\WINDOWS\mozver.dat

2007-05-06 01:55:28 -------- d-----w C:\Program Files\Common Files\mqqi

2007-05-03 07:11:13 2 ----a-w C:\WINDOWS\system32\wcpsvtr32.exe

2007-04-22 23:31:23 -------- d-----w C:\Program Files\iTunes

2007-04-22 23:28:43 -------- d-----w C:\Program Files\Common Files\InstallShield

2007-04-22 20:57:26 -------- d-----w C:\Program Files\Photomatix

2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll

2007-04-13 17:30:43 33,592 ----a-w C:\WINDOWS\system32\drivers\atwpkt264.sys

2007-04-13 17:30:39 25,136 ----a-w C:\WINDOWS\system32\drivers\atwpkt2.sys

2007-04-04 09:57:46 -------- d-----w C:\Program Files\Google

2007-04-04 09:56:26 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-04-04 01:36:00 286,720 ------w C:\WINDOWS\Setup1.exe

2007-04-04 01:35:59 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2007-03-25 17:31:20 1,636 ----a-w C:\WINDOWS\system32\d3d9caps.dat

2007-03-21 12:48:40 266,240 ----a-w C:\WINDOWS\system32\PhotomatixLib.dll

2007-03-11 20:22:54 112,128 ----a-w C:\WINDOWS\system32\PhotomatixLib3.dll

1989-12-12 14:10:10 1,191,920 --sh--r C:\WINDOWS\nifeuzqA.exe

2005-12-30 05:45:19 56 --sh--r C:\WINDOWS\system32\C132DE5525.sys

2005-12-30 05:45:19 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

@=

"0"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

"svchost"=C:\WINDOWS\svchost.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Slide.exe.lnk]

backup=C:\WINDOWS\pss\Slide.exe.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CallWave.lnk]

backup=C:\WINDOWS\pss\CallWave.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F178944.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F17C63E.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F9721F1.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F97226E.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F97227D.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F97228D.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

E:\Program Files\AIM\aim.exe -cnetwait.odl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]

"C:\Program Files\America Online 9.0\AOL.EXE" -b

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Computer Alarm Clock]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration Manager]

c:\windows\cfg32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]

C:\WINDOWS\csrss.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Genuine]

rundll32.exe "C:\WINDOWS\System32\wmsetugu.dll",realset

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

C:\Program Files\Common Files\AOL\1135987853\ee\AOLSoftware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IESet]

IExplorer.dll .dbt

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program Files\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j0271230]

rundll32 C:\WINDOWS\System32\j0271230.dll sook

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mqqi]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms039699847-19]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]

C:\Program Files\MySpace\IM\MySpaceIM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nifeuzqA]

C:\WINDOWS\nifeuzqA.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Outpost Firewall]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunOnce2Upd]

"C:\WINDOWS\System32\KB_963493.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]

rundll32.exe "C:\WINDOWS\System32\tqnkugsh.dll",realset

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys0299699847-1]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]

C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\userinit]

C:\WINDOWS\System32\ntos.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\win3207847-199699]

C:\WINDOWS\win3207847-199699.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zhkhxtsA]

C:\WINDOWS\zhkhxtsA.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"kavsvc"=2 (0x2)

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

 

 

Contents of the 'Scheduled Tasks' folder

2007-06-03 04:00:30 C:\WINDOWS\tasks\At1.job

2007-06-03 13:01:18 C:\WINDOWS\tasks\At10.job

2007-06-03 14:01:09 C:\WINDOWS\tasks\At11.job

2007-06-03 15:00:30 C:\WINDOWS\tasks\At12.job

2007-06-03 16:00:30 C:\WINDOWS\tasks\At13.job

2007-06-03 17:00:30 C:\WINDOWS\tasks\At14.job

2007-06-03 18:01:20 C:\WINDOWS\tasks\At15.job

2007-06-02 19:01:26 C:\WINDOWS\tasks\At16.job

2007-06-01 20:00:30 C:\WINDOWS\tasks\At17.job

2007-06-02 21:01:14 C:\WINDOWS\tasks\At18.job

2007-06-02 22:00:30 C:\WINDOWS\tasks\At19.job

2007-06-02 05:00:30 C:\WINDOWS\tasks\At2.job

2007-06-02 23:00:30 C:\WINDOWS\tasks\At20.job

2007-06-03 00:01:09 C:\WINDOWS\tasks\At21.job

2007-06-03 01:00:30 C:\WINDOWS\tasks\At22.job

2007-06-03 02:00:30 C:\WINDOWS\tasks\At23.job

2007-06-03 03:00:30 C:\WINDOWS\tasks\At24.job

2007-06-02 06:00:30 C:\WINDOWS\tasks\At3.job

2007-06-02 07:00:30 C:\WINDOWS\tasks\At4.job

2007-06-02 08:00:31 C:\WINDOWS\tasks\At5.job

2007-06-02 09:00:30 C:\WINDOWS\tasks\At6.job

2007-06-02 10:00:30 C:\WINDOWS\tasks\At7.job

2007-06-02 11:00:30 C:\WINDOWS\tasks\At8.job

2007-06-03 12:01:15 C:\WINDOWS\tasks\At9.job

 

**************************************************************************

 

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-03 14:42:10

Windows 5.1.2600 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-06-03 14:42:57 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-06-03 14:42

 

--- E O F ---

Share this post


Link to post
Share on other sites

Hello,

 

How is it running now please?

 

Norton? :huh: Well, it's your money and your computer. :shrug:

 

Download the trial version of Spy Sweeper from

Here

 

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

 

You will be prompted to check for updated definitions, please do so.

(This may take several minutes)

 

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

 

Click on Sweep and allow it to fully scan your system.

 

When the sweep has finished, click Remove. Click Select All and then Next

 

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

 

Exit Spy Sweeper.

 

Restart your computer, and then please copy and paste the SpySweeper log into this thread.

 

Your Java is way out of date, which leaves your computer vulnerable.

 

Updating Java

  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Thanks,

tea

Share this post


Link to post
Share on other sites

×