Ok here is my problem....
*i cannot change my backround when i try.. it stays the same and in the properties>desktop section all of the options are solid grey
*many times when i go on the web i get the "Debug or Cancel" window coming up but i can still be on that page which is wierd because b4 i could not go back and start workin on it i either had go cancel or debug...
*at the bottom right of my desktop where my Local Are Connectios etc icons are, i have a yellow triangle with and exclamation mark telling me i have some viruses and system problems. The wierd thing is that i have never ever seen that before, my avg is turned off, and i have no other virus removers so is that a virus?
*when i click on a link on a page many times it will take me to another website other then that page, like a pop-up, spam site
i have to go back and click it again many times to get to where i wanna go
THIS IS MY LOGFILE AFTER A SCAN WITH SPYBOT S&D
Please help i dont want the situation to get worse......
it would be really appreciated
Logfile of HijackThis v1.99.1
Scan saved at 7:14:38 PM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\amsgrcrq.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
O2 - BHO: (no name) - {0158DA9D-EC95-4D36-B804-2A146A0453B8} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Htqfbbdv\jwjwhowd.dll
O2 - BHO: (no name) - {3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935} - C:\WINDOWS\system32\xxyxvwx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\cbxurrq.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\nistewtc.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IEHlprObjClass - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\KENSIN~1\MouseWorks\IE_KMW.DLL (file missing)
O2 - BHO: (no name) - {D84CFCD7-EDE6-46F8-81AF-7713CCE70059} - C:\WINDOWS\system32\yayxv.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ttdgssxa.dll",sitypnow
O4 - HKLM\..\Run: [mfyludqj] rundll32.exe "C:\Program Files\mfyludqj\qtonulqf.dll",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [opanetol] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\opanetol.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxurrq - cbxurrq.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winbjf32 - C:\WINDOWS\SYSTEM32\winbjf32.dll
O20 - Winlogon Notify: xxyxvwx - xxyxvwx.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\amsgrcrq.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
Full Version: Virus Infection I Cannot Detect
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
ok heres the combo fix thing
"Wilmer" - 2007-10-25 16:13:19 Service Pack 2
ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\Wilmer\Desktop\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\install.log
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\WINDOWS\RACLE~1
C:\qoobox\purity\C\WINDOWS\RACLE~1\?racle
((((((((((((((((((((((((((((((( Files Created from 2007-09-00 to 2007-10-25 ))))))))))))))))))))))))))))))))))
2007-10-24 23:35 94,208 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\kfghgpqt.dll
2007-10-24 23:35 <DIR> d-------- C:\Program Files\Tqhspmfc
2007-10-24 14:50 6,465 --ahs---- C:\WINDOWS\system32\ehhkj.bak1
2007-10-24 14:50 144,696 --a------ C:\Program Files\ucleaner_setup.exe
2007-10-24 14:50 <DIR> d-------- C:\Program Files\Ultimate Cleaner
2007-10-24 14:46 9,728 --a------ C:\Program Files\hlpsrv.exe
2007-10-24 14:46 14,900 --a------ C:\Program Files\3269.exe
2007-10-24 14:46 14,848 --a------ C:\Program Files\msc.exe
2007-10-24 14:46 <DIR> d-------- C:\Program Files\E404 Helper
2007-10-24 14:44 94,208 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\opanetol.dll
2007-10-24 14:44 <DIR> d-------- C:\WINDOWS\system32\lidkfqkv
2007-10-24 14:44 <DIR> d-------- C:\Program Files\SecCenter
2007-10-24 14:44 <DIR> d-------- C:\Program Files\mfyludqj
2007-10-24 14:44 <DIR> d-------- C:\Program Files\Htqfbbdv
2007-10-22 15:57 75,328 --a------ C:\WINDOWS\system32\amsgrcrq.exe
2007-10-22 15:54 410,063 --ahs---- C:\WINDOWS\system32\vxyay.bak2
2007-10-21 16:21 6,465 --ahs---- C:\WINDOWS\system32\vxyay.bak1
2007-10-21 16:06 20,480 --a------ C:\WINDOWS\system32\winbjf32.dll
2007-10-21 16:06 15,360 --a------ C:\WINDOWS\system32\drvkalr.dll
2007-10-19 20:12 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-19 20:12 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-19 20:10 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-10-19 20:10 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-10-19 20:10 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-10-19 20:10 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-10-19 20:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-19 20:10 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-10-17 20:48 153,088 --a------ C:\UNWISE.EXE
2007-10-17 20:48 <DIR> d-------- C:\Program Files\RFA Explorer
2007-10-03 19:43 <DIR> d-------- C:\Program Files\VSTplugins
2007-10-03 18:21 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-10-03 18:06 <DIR> d-------- C:\Program Files\Sony
2007-09-28 15:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-28 15:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0158DA9D-EC95-4D36-B804-2A146A0453B8}=C:\WINDOWS\system32\jkhhe.dll []
{0DFCFB5E-3974-3338-8F09-0B2552E546A8}=C:\Program Files\Tqhspmfc\vyzixswh.dll [2007-10-24 23:35]
{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}=C:\WINDOWS\system32\xxyxvwx.dll []
{837B45D6-BF85-457D-AABF-6D2E7815F791}=C:\WINDOWS\system32\cbxurrq.dll []
{89AD4D75-2429-462e-BD4E-443F233F6033}=C:\WINDOWS\system32\nistewtc.dll []
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{D84CFCD7-EDE6-46F8-81AF-7713CCE70059}=C:\WINDOWS\system32\yayxv.dll []
{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}=C:\Program Files\E404 Helper\e404.v1.dll [2007-10-24 14:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"kkw_run.exe"="kkw_run.exe"
"kmw_run.exe"="kmw_run.exe"
"MSWheel"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SearchIndexer"="rundll32.exe \"C:\\WINDOWS\\system32\\ttdgssxa.dll\",sitypnow"
"mfyludqj"="rundll32.exe \"C:\\Program Files\\mfyludqj\\qtonulqf.dll\",Init"
"SC2"="C:\\Program Files\\SecCenter\\scprot4.exe"
"opanetol"="regsvr32 /u \"C:\\Documents and Settings\\All Users\\Application Data\\opanetol.dll\""
"kfghgpqt"="regsvr32 /u \"C:\\Documents and Settings\\All Users\\Application Data\\kfghgpqt.dll\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kkw_run.exe"="kkw_run.exe" [2005-12-15 16:00 C:\WINDOWS\system32\kkw_run.exe])
"kmw_run.exe"="kmw_run.exe" [2005-09-01 10:43 C:\WINDOWS\system32\kmw_run.exe])
"MSWheel"="" [])
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
"SearchIndexer"="C:\WINDOWS\system32\ttdgssxa.dll" []
"mfyludqj"="C:\Program Files\mfyludqj\qtonulqf.dll" [2007-10-24 14:44]
"SC2"="C:\Program Files\SecCenter\scprot4.exe" [2007-10-24 14:44]
"opanetol"="regsvr32" [])
"kfghgpqt"="regsvr32" [])
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
"igndlm.exe"="C:\\Program Files\\IGN\\Download Manager\\DLM.exe /windowsstart /startifwork"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{837B45D6-BF85-457D-AABF-6D2E7815F791}"="C:\WINDOWS\system32\cbxurrq.dll" []
"{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}"="C:\WINDOWS\system32\xxyxvwx.dll" []
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxurrq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjf32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxvwx
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0C:\WINDOWS\system32\jkhhe.dll\
Security Packages kerberosmsv1_0schannelwdigest\
Notification Packages scecli\
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService DnsCache\
rpcss RpcSs\
imgsvc StiSvc\
termsvcs TermService\
HTTPFilter HTTPFilter\
DcomLaunch DcomLaunchTermService\
WudfServiceGroup WUDFSvc\
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-25 16:22:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-10-25 16:23:13
C:\ComboFix-quarantined-files.txt ... 2007-10-25 16:23
C:\ComboFix2.txt ... 2007-05-15 18:54
C:\ComboFix3.txt ... 2007-05-13 17:06
"Wilmer" - 2007-10-25 16:13:19 Service Pack 2
ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\Wilmer\Desktop\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\install.log
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\WINDOWS\RACLE~1
C:\qoobox\purity\C\WINDOWS\RACLE~1\?racle
((((((((((((((((((((((((((((((( Files Created from 2007-09-00 to 2007-10-25 ))))))))))))))))))))))))))))))))))
2007-10-24 23:35 94,208 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\kfghgpqt.dll
2007-10-24 23:35 <DIR> d-------- C:\Program Files\Tqhspmfc
2007-10-24 14:50 6,465 --ahs---- C:\WINDOWS\system32\ehhkj.bak1
2007-10-24 14:50 144,696 --a------ C:\Program Files\ucleaner_setup.exe
2007-10-24 14:50 <DIR> d-------- C:\Program Files\Ultimate Cleaner
2007-10-24 14:46 9,728 --a------ C:\Program Files\hlpsrv.exe
2007-10-24 14:46 14,900 --a------ C:\Program Files\3269.exe
2007-10-24 14:46 14,848 --a------ C:\Program Files\msc.exe
2007-10-24 14:46 <DIR> d-------- C:\Program Files\E404 Helper
2007-10-24 14:44 94,208 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\opanetol.dll
2007-10-24 14:44 <DIR> d-------- C:\WINDOWS\system32\lidkfqkv
2007-10-24 14:44 <DIR> d-------- C:\Program Files\SecCenter
2007-10-24 14:44 <DIR> d-------- C:\Program Files\mfyludqj
2007-10-24 14:44 <DIR> d-------- C:\Program Files\Htqfbbdv
2007-10-22 15:57 75,328 --a------ C:\WINDOWS\system32\amsgrcrq.exe
2007-10-22 15:54 410,063 --ahs---- C:\WINDOWS\system32\vxyay.bak2
2007-10-21 16:21 6,465 --ahs---- C:\WINDOWS\system32\vxyay.bak1
2007-10-21 16:06 20,480 --a------ C:\WINDOWS\system32\winbjf32.dll
2007-10-21 16:06 15,360 --a------ C:\WINDOWS\system32\drvkalr.dll
2007-10-19 20:12 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-19 20:12 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-19 20:10 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-10-19 20:10 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-10-19 20:10 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-10-19 20:10 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-10-19 20:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-19 20:10 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-10-17 20:48 153,088 --a------ C:\UNWISE.EXE
2007-10-17 20:48 <DIR> d-------- C:\Program Files\RFA Explorer
2007-10-03 19:43 <DIR> d-------- C:\Program Files\VSTplugins
2007-10-03 18:21 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-10-03 18:06 <DIR> d-------- C:\Program Files\Sony
2007-09-28 15:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-28 15:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0158DA9D-EC95-4D36-B804-2A146A0453B8}=C:\WINDOWS\system32\jkhhe.dll []
{0DFCFB5E-3974-3338-8F09-0B2552E546A8}=C:\Program Files\Tqhspmfc\vyzixswh.dll [2007-10-24 23:35]
{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}=C:\WINDOWS\system32\xxyxvwx.dll []
{837B45D6-BF85-457D-AABF-6D2E7815F791}=C:\WINDOWS\system32\cbxurrq.dll []
{89AD4D75-2429-462e-BD4E-443F233F6033}=C:\WINDOWS\system32\nistewtc.dll []
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{D84CFCD7-EDE6-46F8-81AF-7713CCE70059}=C:\WINDOWS\system32\yayxv.dll []
{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}=C:\Program Files\E404 Helper\e404.v1.dll [2007-10-24 14:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"kkw_run.exe"="kkw_run.exe"
"kmw_run.exe"="kmw_run.exe"
"MSWheel"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SearchIndexer"="rundll32.exe \"C:\\WINDOWS\\system32\\ttdgssxa.dll\",sitypnow"
"mfyludqj"="rundll32.exe \"C:\\Program Files\\mfyludqj\\qtonulqf.dll\",Init"
"SC2"="C:\\Program Files\\SecCenter\\scprot4.exe"
"opanetol"="regsvr32 /u \"C:\\Documents and Settings\\All Users\\Application Data\\opanetol.dll\""
"kfghgpqt"="regsvr32 /u \"C:\\Documents and Settings\\All Users\\Application Data\\kfghgpqt.dll\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kkw_run.exe"="kkw_run.exe" [2005-12-15 16:00 C:\WINDOWS\system32\kkw_run.exe])
"kmw_run.exe"="kmw_run.exe" [2005-09-01 10:43 C:\WINDOWS\system32\kmw_run.exe])
"MSWheel"="" [])
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
"SearchIndexer"="C:\WINDOWS\system32\ttdgssxa.dll" []
"mfyludqj"="C:\Program Files\mfyludqj\qtonulqf.dll" [2007-10-24 14:44]
"SC2"="C:\Program Files\SecCenter\scprot4.exe" [2007-10-24 14:44]
"opanetol"="regsvr32" [])
"kfghgpqt"="regsvr32" [])
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
"igndlm.exe"="C:\\Program Files\\IGN\\Download Manager\\DLM.exe /windowsstart /startifwork"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{837B45D6-BF85-457D-AABF-6D2E7815F791}"="C:\WINDOWS\system32\cbxurrq.dll" []
"{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}"="C:\WINDOWS\system32\xxyxvwx.dll" []
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxurrq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjf32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxvwx
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0C:\WINDOWS\system32\jkhhe.dll\
Security Packages kerberosmsv1_0schannelwdigest\
Notification Packages scecli\
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService DnsCache\
rpcss RpcSs\
imgsvc StiSvc\
termsvcs TermService\
HTTPFilter HTTPFilter\
DcomLaunch DcomLaunchTermService\
WudfServiceGroup WUDFSvc\
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-25 16:22:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-10-25 16:23:13
C:\ComboFix-quarantined-files.txt ... 2007-10-25 16:23
C:\ComboFix2.txt ... 2007-05-15 18:54
C:\ComboFix3.txt ... 2007-05-13 17:06
* Download OTMoveIt.exe from here and place it on your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
* Open OTMoveIt.exe.
In the left pane where it says: "Paste List of Files/Folders to be Moved", copy and paste next part:
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\kfghgpqt.dll
C:\WINDOWS\system32\ehhkj.bak1
C:\Program Files\3269.exe
C:\Program Files\msc.exe
C:\WINDOWS\system32\amsgrcrq.exe
C:\WINDOWS\system32\vxyay.bak2
C:\WINDOWS\system32\vxyay.bak1
C:\WINDOWS\system32\winbjf32.dll
C:\WINDOWS\system32\drvkalr.dll
Then click the MoveIt button below.
In case you get a "Bad Image" error, just click OK at the promt. It will move the file anyway.
When done, it will create a log (********_******.log -- * stands for date and time) in next folder: C:\_OTMoveIt\MovedFiles.
Copy and paste this log in your next reply with a new hijackthis log.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
* Open OTMoveIt.exe.
In the left pane where it says: "Paste List of Files/Folders to be Moved", copy and paste next part:
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\kfghgpqt.dll
C:\WINDOWS\system32\ehhkj.bak1
C:\Program Files\3269.exe
C:\Program Files\msc.exe
C:\WINDOWS\system32\amsgrcrq.exe
C:\WINDOWS\system32\vxyay.bak2
C:\WINDOWS\system32\vxyay.bak1
C:\WINDOWS\system32\winbjf32.dll
C:\WINDOWS\system32\drvkalr.dll
Then click the MoveIt button below.
In case you get a "Bad Image" error, just click OK at the promt. It will move the file anyway.
When done, it will create a log (********_******.log -- * stands for date and time) in next folder: C:\_OTMoveIt\MovedFiles.
Copy and paste this log in your next reply with a new hijackthis log.
is the OTmoveit.exe suppose to take for a long time because its been almost an hour and i see no Log??
also i think it froze because i clicked on the screen and it says ITS NOT RESPONDING?
also i think it froze because i clicked on the screen and it says ITS NOT RESPONDING?
OTmoveit LOGFILE i had to do this one offline cuz it wouldnt let me online.....PLEASE ITS GETTING REALLY URGENT
File/Folder C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\kfghgpqt.dll not found.
File/Folder C:\WINDOWS\system32\ehhkj.bak1 not found.
File/Folder C:\Program Files\3269.exe not found.
File/Folder C:\Program Files\msc.exe not found.
File/Folder C:\WINDOWS\system32\amsgrcrq.exe not found.
File/Folder C:\WINDOWS\system32\vxyay.bak2 not found.
File/Folder C:\WINDOWS\system32\vxyay.bak1 not found.
File/Folder C:\WINDOWS\system32\winbjf32.dll not found.
File/Folder C:\WINDOWS\system32\drvkalr.dll not found.
Created on 10/25/2007 21:00:15
Logfile of HijackThis v1.99.1
Scan saved at 9:01:18 PM, on 10/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\TEMP\win474.tmp.exe
C:\Program Files\S?mantec\??erinit.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\TEMP\lookhost.exe
C:\WINDOWS\TEMP\64sys.exe
C:\WINDOWS\TEMP\32agent.exe
C:\WINDOWS\TEMP\sys16.exe
C:\WINDOWS\TEMP\sys16.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
O2 - BHO: (no name) - {0158DA9D-EC95-4D36-B804-2A146A0453B8} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Tqhspmfc\vyzixswh.dll
O2 - BHO: (no name) - {3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935} - C:\WINDOWS\system32\xxyxvwx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\cbxurrq.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\nistewtc.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: (no name) - {D84CFCD7-EDE6-46F8-81AF-7713CCE70059} - C:\WINDOWS\system32\yayxv.dll (file missing)
O2 - BHO: (no name) - {E29A6404-A3B5-AC46-BB28-8D8A31822AB7} - C:\WINDOWS\system32\tkh.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ttdgssxa.dll",sitypnow
O4 - HKLM\..\Run: [mfyludqj] rundll32.exe "C:\Program Files\mfyludqj\qtonulqf.dll",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [opanetol] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\opanetol.dll"
O4 - HKLM\..\Run: [kfghgpqt] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kfghgpqt.dll"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvdof.dll,startup
O4 - HKLM\..\Run: [hunivolw] rundll32.exe "C:\Program Files\hunivolw\nelgfazi.dll",Init
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win474.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Aoum] "C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" -vt yazb
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Evmna] "C:\Program Files\S?mantec\??erinit.exe"
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxurrq - cbxurrq.dll (file missing)
O20 - Winlogon Notify: gebcdba - C:\WINDOWS\SYSTEM32\gebcdba.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winbjf32 - winbjf32.dll (file missing)
O20 - Winlogon Notify: xxyxvwx - xxyxvwx.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\amsgrcrq.exe (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
please my system is getting destroyed by the second.....many things i removed with AVG are coming back!!!!!!!!!!!!!!!!!
File/Folder C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\kfghgpqt.dll not found.
File/Folder C:\WINDOWS\system32\ehhkj.bak1 not found.
File/Folder C:\Program Files\3269.exe not found.
File/Folder C:\Program Files\msc.exe not found.
File/Folder C:\WINDOWS\system32\amsgrcrq.exe not found.
File/Folder C:\WINDOWS\system32\vxyay.bak2 not found.
File/Folder C:\WINDOWS\system32\vxyay.bak1 not found.
File/Folder C:\WINDOWS\system32\winbjf32.dll not found.
File/Folder C:\WINDOWS\system32\drvkalr.dll not found.
Created on 10/25/2007 21:00:15
Logfile of HijackThis v1.99.1
Scan saved at 9:01:18 PM, on 10/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\TEMP\win474.tmp.exe
C:\Program Files\S?mantec\??erinit.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\TEMP\lookhost.exe
C:\WINDOWS\TEMP\64sys.exe
C:\WINDOWS\TEMP\32agent.exe
C:\WINDOWS\TEMP\sys16.exe
C:\WINDOWS\TEMP\sys16.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
O2 - BHO: (no name) - {0158DA9D-EC95-4D36-B804-2A146A0453B8} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Tqhspmfc\vyzixswh.dll
O2 - BHO: (no name) - {3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935} - C:\WINDOWS\system32\xxyxvwx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\cbxurrq.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\nistewtc.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: (no name) - {D84CFCD7-EDE6-46F8-81AF-7713CCE70059} - C:\WINDOWS\system32\yayxv.dll (file missing)
O2 - BHO: (no name) - {E29A6404-A3B5-AC46-BB28-8D8A31822AB7} - C:\WINDOWS\system32\tkh.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ttdgssxa.dll",sitypnow
O4 - HKLM\..\Run: [mfyludqj] rundll32.exe "C:\Program Files\mfyludqj\qtonulqf.dll",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [opanetol] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\opanetol.dll"
O4 - HKLM\..\Run: [kfghgpqt] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kfghgpqt.dll"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvdof.dll,startup
O4 - HKLM\..\Run: [hunivolw] rundll32.exe "C:\Program Files\hunivolw\nelgfazi.dll",Init
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win474.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Aoum] "C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" -vt yazb
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Evmna] "C:\Program Files\S?mantec\??erinit.exe"
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxurrq - cbxurrq.dll (file missing)
O20 - Winlogon Notify: gebcdba - C:\WINDOWS\SYSTEM32\gebcdba.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winbjf32 - winbjf32.dll (file missing)
O20 - Winlogon Notify: xxyxvwx - xxyxvwx.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\amsgrcrq.exe (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
please my system is getting destroyed by the second.....many things i removed with AVG are coming back!!!!!!!!!!!!!!!!!
also yesterday night i found out that at start up i get and error message called RUNDLL
it tells me that a certain file is missing from my sytem32 folder...
i heard this rundll is very malignous
and yesterday i tried getting into safe mode,, but i didnt let me i loaded all of the system32 files then it just freezes and i get flashing colored screens i dont kno what to do anymore
i would reformat but i dont have my XP cd
it tells me that a certain file is missing from my sytem32 folder...
i heard this rundll is very malignous
and yesterday i tried getting into safe mode,, but i didnt let me i loaded all of the system32 files then it just freezes and i get flashing colored screens i dont kno what to do anymore
i would reformat but i dont have my XP cd
* Please open hijackthis and put a check next to the following:
2 - BHO: (no name) - {0158DA9D-EC95-4D36-B804-2A146A0453B8} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Tqhspmfc\vyzixswh.dll
O2 - BHO: (no name) - {3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935} - C:\WINDOWS\system32\xxyxvwx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\cbxurrq.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\nistewtc.dll (file missing)
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: (no name) - {D84CFCD7-EDE6-46F8-81AF-7713CCE70059} - C:\WINDOWS\system32\yayxv.dll (file missing)
O2 - BHO: (no name) - {E29A6404-A3B5-AC46-BB28-8D8A31822AB7} - C:\WINDOWS\system32\tkh.dll
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ttdgssxa.dll",sitypnow
O4 - HKLM\..\Run: [mfyludqj] rundll32.exe "C:\Program Files\mfyludqj\qtonulqf.dll",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [opanetol] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\opanetol.dll"
O4 - HKLM\..\Run: [kfghgpqt] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kfghgpqt.dll"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvdof.dll,startup
O4 - HKLM\..\Run: [hunivolw] rundll32.exe "C:\Program Files\hunivolw\nelgfazi.dll",Init
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win474.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [Aoum] "C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" -vt yazb
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Evmna] "C:\Program Files\S?mantec\??erinit.exe"
O20 - Winlogon Notify: cbxurrq - cbxurrq.dll (file missing)
O20 - Winlogon Notify: gebcdba - C:\WINDOWS\SYSTEM32\gebcdba.dll
O20 - Winlogon Notify: winbjf32 - winbjf32.dll (file missing)
O20 - Winlogon Notify: xxyxvwx - xxyxvwx.dll (file missing)
* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.
* Delete the following files with OTMoveIt:
C:\Program Files\Tqhspmfc\vyzixswh.dll
C:\WINDOWS\system32\tkh.dll
C:\WINDOWS\system32\ttdgssxa.dll
C:\Program Files\mfyludqj\qtonulqf.dll
C:\Documents and Settings\All Users\Application Data\opanetol.dll
C:\Documents and Settings\All Users\Application Data\kfghgpqt.dll
C:\WINDOWS\system32\drvdof.dll
C:\Program Files\hunivolw
C:\WINDOWS\system32\mgrs.exe
C:\Windows\xpupdate.exe
C:\WINDOWS\SYSTEM32\gebcdba.dll
* Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
For Technical Support, double-click the e-mail address located at the bottom of each menu.
* Post the report of OTMoveIt here with a new log from combofix and hijackthis.
2 - BHO: (no name) - {0158DA9D-EC95-4D36-B804-2A146A0453B8} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Tqhspmfc\vyzixswh.dll
O2 - BHO: (no name) - {3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935} - C:\WINDOWS\system32\xxyxvwx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\cbxurrq.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\nistewtc.dll (file missing)
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: (no name) - {D84CFCD7-EDE6-46F8-81AF-7713CCE70059} - C:\WINDOWS\system32\yayxv.dll (file missing)
O2 - BHO: (no name) - {E29A6404-A3B5-AC46-BB28-8D8A31822AB7} - C:\WINDOWS\system32\tkh.dll
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ttdgssxa.dll",sitypnow
O4 - HKLM\..\Run: [mfyludqj] rundll32.exe "C:\Program Files\mfyludqj\qtonulqf.dll",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [opanetol] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\opanetol.dll"
O4 - HKLM\..\Run: [kfghgpqt] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kfghgpqt.dll"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvdof.dll,startup
O4 - HKLM\..\Run: [hunivolw] rundll32.exe "C:\Program Files\hunivolw\nelgfazi.dll",Init
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win474.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [Aoum] "C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" -vt yazb
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Evmna] "C:\Program Files\S?mantec\??erinit.exe"
O20 - Winlogon Notify: cbxurrq - cbxurrq.dll (file missing)
O20 - Winlogon Notify: gebcdba - C:\WINDOWS\SYSTEM32\gebcdba.dll
O20 - Winlogon Notify: winbjf32 - winbjf32.dll (file missing)
O20 - Winlogon Notify: xxyxvwx - xxyxvwx.dll (file missing)
* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.
* Delete the following files with OTMoveIt:
C:\Program Files\Tqhspmfc\vyzixswh.dll
C:\WINDOWS\system32\tkh.dll
C:\WINDOWS\system32\ttdgssxa.dll
C:\Program Files\mfyludqj\qtonulqf.dll
C:\Documents and Settings\All Users\Application Data\opanetol.dll
C:\Documents and Settings\All Users\Application Data\kfghgpqt.dll
C:\WINDOWS\system32\drvdof.dll
C:\Program Files\hunivolw
C:\WINDOWS\system32\mgrs.exe
C:\Windows\xpupdate.exe
C:\WINDOWS\SYSTEM32\gebcdba.dll
* Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
* Post the report of OTMoveIt here with a new log from combofix and hijackthis.
OK HERE ARE THE LOGS
i couldnt give u the OTmoveit LOG because i dont know what to type in there
Logfile of HijackThis v1.99.1
Scan saved at 3:17:26 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\S?mantec\??erinit.exe
C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe
C:\HJT\HijackThis.exe
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Aoum] "C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" -vt yazb
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\amsgrcrq.exe (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
ComboFix 07-10-26.4 - Wilmer 2007-10-26 15:31:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.211 [GMT -4:00]
Running from: C:\Documents and Settings\Wilmer\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\opanetol.dll
C:\Documents and Settings\Wilmer\My Documents\YSTEM~1
C:\Documents and Settings\Wilmer\My Documents\YSTEM~1\?ystem\
C:\Documents and Settings\Wilmer\My Documents\YSTEM~1\svchost.exe
C:\Documents and Settings\Wilmer\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Wilmer\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Wilmer\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\smante~1
C:\Program Files\smante~1\??erinit.exe
C:\Program Files\Ultimate Cleaner
C:\WINDOWS\Casino.ico
C:\WINDOWS\cookies.ini
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\mgrs.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drvdofr.dll
C:\WINDOWS\system32\jijlm.bak1
C:\WINDOWS\system32\jijlm.ini
C:\WINDOWS\system32\lidkfqkv
C:\WINDOWS\system32\lidkfqkv\bg1.gif
C:\WINDOWS\system32\lidkfqkv\bgtop.gif
C:\WINDOWS\system32\lidkfqkv\bottom1.gif
C:\WINDOWS\system32\lidkfqkv\essentials.gif
C:\WINDOWS\system32\lidkfqkv\icon1.ico
C:\WINDOWS\system32\lidkfqkv\install1.gif
C:\WINDOWS\system32\lidkfqkv\left1.gif
C:\WINDOWS\system32\lidkfqkv\li.gif
C:\WINDOWS\system32\lidkfqkv\lidkfqkv1.exe
C:\WINDOWS\system32\lidkfqkv\lidkfqkv2.exe
C:\WINDOWS\system32\lidkfqkv\lidkfqkv3.exe
C:\WINDOWS\system32\lidkfqkv\logo.gif
C:\WINDOWS\system32\lidkfqkv\main.htm
C:\WINDOWS\system32\lidkfqkv\mainframe.htm
C:\WINDOWS\system32\lidkfqkv\reinstall1.gif
C:\WINDOWS\system32\lidkfqkv\right1.gif
C:\WINDOWS\system32\lidkfqkv\s1.htm
C:\WINDOWS\system32\lidkfqkv\s2.htm
C:\WINDOWS\system32\lidkfqkv\s3.htm
C:\WINDOWS\system32\lidkfqkv\SMTop1.gif
C:\WINDOWS\system32\lidkfqkv\SMTop2.gif
C:\WINDOWS\system32\lidkfqkv\SMTop3.gif
C:\WINDOWS\system32\lidkfqkv\SMTop4.gif
C:\WINDOWS\system32\lidkfqkv\soft1_off.gif
C:\WINDOWS\system32\lidkfqkv\soft1_off_ext.gif
C:\WINDOWS\system32\lidkfqkv\soft1_on.gif
C:\WINDOWS\system32\lidkfqkv\soft1_on_ext.gif
C:\WINDOWS\system32\lidkfqkv\soft2_off.gif
C:\WINDOWS\system32\lidkfqkv\soft2_off_ext.gif
C:\WINDOWS\system32\lidkfqkv\soft2_on.gif
C:\WINDOWS\system32\lidkfqkv\soft2_on_ext.gif
C:\WINDOWS\system32\lidkfqkv\soft3_off.gif
C:\WINDOWS\system32\lidkfqkv\soft3_off_ext.gif
C:\WINDOWS\system32\lidkfqkv\soft3_on.gif
C:\WINDOWS\system32\lidkfqkv\soft3_on_ext.gif
C:\WINDOWS\system32\lidkfqkv\softbottom_off.gif
C:\WINDOWS\system32\lidkfqkv\softbottom_on.gif
C:\WINDOWS\system32\lidkfqkv\softleft_off.gif
C:\WINDOWS\system32\lidkfqkv\softleft_on.gif
C:\WINDOWS\system32\lidkfqkv\top1.gif
C:\WINDOWS\system32\lidkfqkv\top2.gif
C:\WINDOWS\system32\lidkfqkv\turnoff1.gif
C:\WINDOWS\system32\lidkfqkv\turnon1.gif
C:\WINDOWS\system32\mljij.dll
C:\WINDOWS\system32\tkh.dll
C:\WINDOWS\system32\wnstsicomsv32.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-09-26 to 2007-10-26 )))))))))))))))))))))))))))))))
.
2007-10-26 15:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-25 20:54 <DIR> d-------- C:\Program Files\hunivolw
2007-10-25 20:54 102,912 --a------ C:\WINDOWS\system32\drvdof.dll
2007-10-25 20:54 34,816 --a------ C:\WINDOWS\system32\gebcdba.dll
2007-10-24 23:35 <DIR> d-------- C:\Program Files\Tqhspmfc
2007-10-24 14:46 <DIR> d-------- C:\Program Files\E404 Helper
2007-10-24 14:44 <DIR> d-------- C:\Program Files\mfyludqj
2007-10-24 14:44 <DIR> d-------- C:\Program Files\Htqfbbdv
2007-10-19 20:12 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-19 20:12 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-19 20:10 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-10-19 20:10 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-10-19 20:10 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-10-19 20:10 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-10-19 20:10 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-10-19 20:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-17 20:48 <DIR> d-------- C:\Program Files\RFA Explorer
2007-10-06 19:09 <DIR> d-------- C:\Documents and Settings\yourusername\.limewire
2007-10-03 19:43 <DIR> d-------- C:\Program Files\VSTplugins
2007-10-03 18:21 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-10-03 18:06 <DIR> d-------- C:\Program Files\Sony
2007-09-28 15:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-28 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2030-10-10 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2030-09-28 22:49 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ventrilo
2030-09-25 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-10-26 01:48 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\AVG7
2007-10-25 23:23 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\ZoomBrowser EX
2007-10-25 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-21 19:47 --------- d-----w C:\Program Files\EA GAMES
2007-10-20 00:22 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ahead
2007-10-20 00:10 --------- d-----w C:\Program Files\Ahead
2007-10-18 00:31 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-18 00:20 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\teamspeak2
2007-10-14 23:43 --------- d-----w C:\Program Files\Pacific Heroes
2007-10-09 20:45 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-10-06 23:04 --------- d-----w C:\Program Files\LimeWire
2007-10-03 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-10-03 22:12 --------- d-----w C:\Program Files\Sony Setup
2007-09-28 19:12 --------- d-----w C:\Program Files\QuickTime
2007-09-28 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-24 20:53 --------- d-----w C:\Program Files\GameSpy Arcade
2007-09-23 00:45 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\dvdcss
2007-09-19 00:11 --------- d-----w C:\Program Files\GoldWave
2007-09-17 00:30 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Xfire
2007-09-15 21:28 --------- d-s---w C:\Program Files\Xfire
2007-09-12 23:17 --------- d-----w C:\Program Files\PC Wizard 2007
2007-09-03 22:44 --------- d-----w C:\Program Files\MagicDVDRipper
2007-09-03 19:44 --------- d-----w C:\Program Files\Java
2007-09-01 00:56 --------- d-----w C:\Program Files\Coding Workshop Ringtone Converter
2007-09-01 00:38 --------- d-----w C:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo
2007-09-01 00:33 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\GetRightToGo
2007-08-31 17:02 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\IGN_DLM
2007-08-30 00:24 --------- d-----w C:\Program Files\Real
2007-08-30 00:22 --------- d-----w C:\Program Files\MSN Messenger
2007-08-29 03:37 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-27 17:05 --------- d-----w C:\Program Files\ReflexiveArcade
2007-08-27 16:56 --------- d-----w C:\Program Files\Common Files\DirectX
2007-08-27 16:55 --------- d-----w C:\Program Files\WarlockStudio
2007-08-26 22:04 --------- d-----w C:\Program Files\MSXML 6.0
2007-05-08 23:32 1,618 ----a-w C:\Program Files\hijackthis.log
2005-02-16 15:06 218,112 ----a-w C:\Program Files\HijackThis.exe
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0158DA9D-EC95-4D36-B804-2A146A0453B8}]
C:\WINDOWS\system32\jkhhe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
2007-10-24 23:35 94208 --a------ C:\Program Files\Tqhspmfc\vyzixswh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}]
C:\WINDOWS\system32\xxyxvwx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}]
2007-10-25 20:54 34816 --a------ C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D84CFCD7-EDE6-46F8-81AF-7713CCE70059}]
C:\WINDOWS\system32\yayxv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
2007-10-24 14:46 15872 --a------ C:\Program Files\E404 Helper\e404.v1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kkw_run.exe"="kkw_run.exe" [2005-12-15 16:00 C:\WINDOWS\system32\kkw_run.exe]
"kmw_run.exe"="kmw_run.exe" [2005-09-01 10:43 C:\WINDOWS\system32\kmw_run.exe]
"MSWheel"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
"Aoum"="C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}"= C:\WINDOWS\system32\xxyxvwx.dll [ ]
"{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}"= C:\WINDOWS\system32\gebcdba.dll [2007-10-25 20:54 34816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxurrq]
cbxurrq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcdba]
gebcdba.dll 2007-10-25 20:54 34816 C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjf32]
winbjf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxvwx]
xxyxvwx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljij.dll
.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 23:34:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-26 15:55:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-26 16:00:31 - machine was rebooted
.
--- E O F ---
i couldnt give u the OTmoveit LOG because i dont know what to type in there
Logfile of HijackThis v1.99.1
Scan saved at 3:17:26 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\S?mantec\??erinit.exe
C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe
C:\HJT\HijackThis.exe
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Aoum] "C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" -vt yazb
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\amsgrcrq.exe (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
ComboFix 07-10-26.4 - Wilmer 2007-10-26 15:31:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.211 [GMT -4:00]
Running from: C:\Documents and Settings\Wilmer\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\opanetol.dll
C:\Documents and Settings\Wilmer\My Documents\YSTEM~1
C:\Documents and Settings\Wilmer\My Documents\YSTEM~1\?ystem\
C:\Documents and Settings\Wilmer\My Documents\YSTEM~1\svchost.exe
C:\Documents and Settings\Wilmer\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Wilmer\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Wilmer\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\smante~1
C:\Program Files\smante~1\??erinit.exe
C:\Program Files\Ultimate Cleaner
C:\WINDOWS\Casino.ico
C:\WINDOWS\cookies.ini
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\mgrs.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drvdofr.dll
C:\WINDOWS\system32\jijlm.bak1
C:\WINDOWS\system32\jijlm.ini
C:\WINDOWS\system32\lidkfqkv
C:\WINDOWS\system32\lidkfqkv\bg1.gif
C:\WINDOWS\system32\lidkfqkv\bgtop.gif
C:\WINDOWS\system32\lidkfqkv\bottom1.gif
C:\WINDOWS\system32\lidkfqkv\essentials.gif
C:\WINDOWS\system32\lidkfqkv\icon1.ico
C:\WINDOWS\system32\lidkfqkv\install1.gif
C:\WINDOWS\system32\lidkfqkv\left1.gif
C:\WINDOWS\system32\lidkfqkv\li.gif
C:\WINDOWS\system32\lidkfqkv\lidkfqkv1.exe
C:\WINDOWS\system32\lidkfqkv\lidkfqkv2.exe
C:\WINDOWS\system32\lidkfqkv\lidkfqkv3.exe
C:\WINDOWS\system32\lidkfqkv\logo.gif
C:\WINDOWS\system32\lidkfqkv\main.htm
C:\WINDOWS\system32\lidkfqkv\mainframe.htm
C:\WINDOWS\system32\lidkfqkv\reinstall1.gif
C:\WINDOWS\system32\lidkfqkv\right1.gif
C:\WINDOWS\system32\lidkfqkv\s1.htm
C:\WINDOWS\system32\lidkfqkv\s2.htm
C:\WINDOWS\system32\lidkfqkv\s3.htm
C:\WINDOWS\system32\lidkfqkv\SMTop1.gif
C:\WINDOWS\system32\lidkfqkv\SMTop2.gif
C:\WINDOWS\system32\lidkfqkv\SMTop3.gif
C:\WINDOWS\system32\lidkfqkv\SMTop4.gif
C:\WINDOWS\system32\lidkfqkv\soft1_off.gif
C:\WINDOWS\system32\lidkfqkv\soft1_off_ext.gif
C:\WINDOWS\system32\lidkfqkv\soft1_on.gif
C:\WINDOWS\system32\lidkfqkv\soft1_on_ext.gif
C:\WINDOWS\system32\lidkfqkv\soft2_off.gif
C:\WINDOWS\system32\lidkfqkv\soft2_off_ext.gif
C:\WINDOWS\system32\lidkfqkv\soft2_on.gif
C:\WINDOWS\system32\lidkfqkv\soft2_on_ext.gif
C:\WINDOWS\system32\lidkfqkv\soft3_off.gif
C:\WINDOWS\system32\lidkfqkv\soft3_off_ext.gif
C:\WINDOWS\system32\lidkfqkv\soft3_on.gif
C:\WINDOWS\system32\lidkfqkv\soft3_on_ext.gif
C:\WINDOWS\system32\lidkfqkv\softbottom_off.gif
C:\WINDOWS\system32\lidkfqkv\softbottom_on.gif
C:\WINDOWS\system32\lidkfqkv\softleft_off.gif
C:\WINDOWS\system32\lidkfqkv\softleft_on.gif
C:\WINDOWS\system32\lidkfqkv\top1.gif
C:\WINDOWS\system32\lidkfqkv\top2.gif
C:\WINDOWS\system32\lidkfqkv\turnoff1.gif
C:\WINDOWS\system32\lidkfqkv\turnon1.gif
C:\WINDOWS\system32\mljij.dll
C:\WINDOWS\system32\tkh.dll
C:\WINDOWS\system32\wnstsicomsv32.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-09-26 to 2007-10-26 )))))))))))))))))))))))))))))))
.
2007-10-26 15:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-25 20:54 <DIR> d-------- C:\Program Files\hunivolw
2007-10-25 20:54 102,912 --a------ C:\WINDOWS\system32\drvdof.dll
2007-10-25 20:54 34,816 --a------ C:\WINDOWS\system32\gebcdba.dll
2007-10-24 23:35 <DIR> d-------- C:\Program Files\Tqhspmfc
2007-10-24 14:46 <DIR> d-------- C:\Program Files\E404 Helper
2007-10-24 14:44 <DIR> d-------- C:\Program Files\mfyludqj
2007-10-24 14:44 <DIR> d-------- C:\Program Files\Htqfbbdv
2007-10-19 20:12 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-19 20:12 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-19 20:10 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-10-19 20:10 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-10-19 20:10 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-10-19 20:10 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-10-19 20:10 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-10-19 20:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-17 20:48 <DIR> d-------- C:\Program Files\RFA Explorer
2007-10-06 19:09 <DIR> d-------- C:\Documents and Settings\yourusername\.limewire
2007-10-03 19:43 <DIR> d-------- C:\Program Files\VSTplugins
2007-10-03 18:21 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-10-03 18:06 <DIR> d-------- C:\Program Files\Sony
2007-09-28 15:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-28 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2030-10-10 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2030-09-28 22:49 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ventrilo
2030-09-25 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-10-26 01:48 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\AVG7
2007-10-25 23:23 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\ZoomBrowser EX
2007-10-25 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-21 19:47 --------- d-----w C:\Program Files\EA GAMES
2007-10-20 00:22 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ahead
2007-10-20 00:10 --------- d-----w C:\Program Files\Ahead
2007-10-18 00:31 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-18 00:20 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\teamspeak2
2007-10-14 23:43 --------- d-----w C:\Program Files\Pacific Heroes
2007-10-09 20:45 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-10-06 23:04 --------- d-----w C:\Program Files\LimeWire
2007-10-03 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-10-03 22:12 --------- d-----w C:\Program Files\Sony Setup
2007-09-28 19:12 --------- d-----w C:\Program Files\QuickTime
2007-09-28 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-24 20:53 --------- d-----w C:\Program Files\GameSpy Arcade
2007-09-23 00:45 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\dvdcss
2007-09-19 00:11 --------- d-----w C:\Program Files\GoldWave
2007-09-17 00:30 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Xfire
2007-09-15 21:28 --------- d-s---w C:\Program Files\Xfire
2007-09-12 23:17 --------- d-----w C:\Program Files\PC Wizard 2007
2007-09-03 22:44 --------- d-----w C:\Program Files\MagicDVDRipper
2007-09-03 19:44 --------- d-----w C:\Program Files\Java
2007-09-01 00:56 --------- d-----w C:\Program Files\Coding Workshop Ringtone Converter
2007-09-01 00:38 --------- d-----w C:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo
2007-09-01 00:33 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\GetRightToGo
2007-08-31 17:02 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\IGN_DLM
2007-08-30 00:24 --------- d-----w C:\Program Files\Real
2007-08-30 00:22 --------- d-----w C:\Program Files\MSN Messenger
2007-08-29 03:37 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-27 17:05 --------- d-----w C:\Program Files\ReflexiveArcade
2007-08-27 16:56 --------- d-----w C:\Program Files\Common Files\DirectX
2007-08-27 16:55 --------- d-----w C:\Program Files\WarlockStudio
2007-08-26 22:04 --------- d-----w C:\Program Files\MSXML 6.0
2007-05-08 23:32 1,618 ----a-w C:\Program Files\hijackthis.log
2005-02-16 15:06 218,112 ----a-w C:\Program Files\HijackThis.exe
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0158DA9D-EC95-4D36-B804-2A146A0453B8}]
C:\WINDOWS\system32\jkhhe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
2007-10-24 23:35 94208 --a------ C:\Program Files\Tqhspmfc\vyzixswh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}]
C:\WINDOWS\system32\xxyxvwx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}]
2007-10-25 20:54 34816 --a------ C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D84CFCD7-EDE6-46F8-81AF-7713CCE70059}]
C:\WINDOWS\system32\yayxv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
2007-10-24 14:46 15872 --a------ C:\Program Files\E404 Helper\e404.v1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kkw_run.exe"="kkw_run.exe" [2005-12-15 16:00 C:\WINDOWS\system32\kkw_run.exe]
"kmw_run.exe"="kmw_run.exe" [2005-09-01 10:43 C:\WINDOWS\system32\kmw_run.exe]
"MSWheel"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
"Aoum"="C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}"= C:\WINDOWS\system32\xxyxvwx.dll [ ]
"{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}"= C:\WINDOWS\system32\gebcdba.dll [2007-10-25 20:54 34816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxurrq]
cbxurrq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcdba]
gebcdba.dll 2007-10-25 20:54 34816 C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjf32]
winbjf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxvwx]
xxyxvwx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljij.dll
.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 23:34:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-26 15:55:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-26 16:00:31 - machine was rebooted
.
--- E O F ---
You just have to copy/paste the bold tekst.
Also delete these files with OTMoveIt:
C:\Program Files\hunivolw
C:\WINDOWS\system32\drvdof.dll
C:\WINDOWS\system32\gebcdba.dll
C:\Program Files\Tqhspmfc
C:\Program Files\mfyludqj
C:\Program Files\Htqfbbdv
Also delete these files with OTMoveIt:
C:\Program Files\hunivolw
C:\WINDOWS\system32\drvdof.dll
C:\WINDOWS\system32\gebcdba.dll
C:\Program Files\Tqhspmfc
C:\Program Files\mfyludqj
C:\Program Files\Htqfbbdv
ok here is the move it log
C:\Program Files\Tqhspmfc\vyzixswh.dll moved successfully.
File/Folder C:\WINDOWS\system32\tkh.dll not found.
File/Folder C:\WINDOWS\system32\ttdgssxa.dll not found.
C:\Program Files\mfyludqj\qtonulqf.dll moved successfully.
File/Folder C:\Documents and Settings\All Users\Application Data\opanetol.dll not found.
File/Folder C:\Documents and Settings\All Users\Application Data\kfghgpqt.dll not found.
C:\WINDOWS\system32\drvdof.dll moved successfully.
C:\Program Files\hunivolw moved successfully.
File/Folder C:\WINDOWS\system32\mgrs.exe not found.
File/Folder C:\Windows\xpupdate.exe not found.
File move failed. C:\WINDOWS\SYSTEM32\gebcdba.dll scheduled to be moved on reboot.
Created on 10/26/2007 17:32:52
File/Folder C:\avenger.zip not found.
File/Folder C:\Avenger not found.
File/Folder C:\avenger.txt not found.
File/Folder C:\bfu.zip not found.
File/Folder C:\BFU not found.
File/Folder C:\combofix.exe not found.
File/Folder C:\QooBox not found.
C:\ComboFix*.txt moved successfully.
C:\ComboFix*.txt moved successfully.
C:\Documents and Settings\Wilmer\Desktop\ComboFix*.txt moved successfully.
C:\WINDOWS\ComboFix*.txt moved successfully.
C:\WINDOWS\system32\ComboFix*.txt moved successfully.
C:\WINDOWS\system32\drivers\ComboFix*.txt moved successfully.
File/Folder C:\catchme.exe not found.
File/Folder C:\nircmd.exe not found.
File/Folder C:\swreg.exe not found.
File/Folder C:\Swxcacls.exe not found.
File/Folder C:\Swsc.exe not found.
File/Folder C:\dss.exe not found.
File/Folder C:\Deckard not found.
File/Folder C:\FindAWF.exe not found.
File/Folder C:\AWF.txt not found.
File/Folder C:\fixwareout.exe not found.
File/Folder C:\fixwareout not found.
File/Folder C:\fsbl.exe not found.
C:\fsbl*.log moved successfully.
C:\fsbl*.log moved successfully.
C:\Documents and Settings\Wilmer\Desktop\fsbl*.log moved successfully.
C:\WINDOWS\fsbl*.log moved successfully.
C:\WINDOWS\system32\fsbl*.log moved successfully.
C:\WINDOWS\system32\drivers\fsbl*.log moved successfully.
File/Folder C:\gmer.exe not found.
File/Folder C:\gmer.dll not found.
File/Folder C:\gmer.ini not found.
File/Folder C:\gmer.log not found.
File/Folder C:\gmer_uninstall.cmd not found.
File/Folder C:\gmer.sys not found.
Unable to delete service gmer.
File/Folder C:\haxfix.exe not found.
File/Folder C:\haxfix.txt not found.
File/Folder C:\killbox.exe not found.
File/Folder C:\!Killbox not found.
File/Folder C:\NoLop.exe not found.
File/Folder C:\NoLop.txt not found.
File/Folder C:\NoLopOLD.txt not found.
File/Folder C:\delete.bat not found.
File move failed. C:\Documents and Settings\Wilmer\Desktop\OTMoveIt.exe scheduled to be moved on reboot.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32 moved successfully.
C:\_OTMoveIt\MovedFiles\WINDOWS moved successfully.
C:\_OTMoveIt\MovedFiles\Program Files\Tqhspmfc moved successfully.
C:\_OTMoveIt\MovedFiles\Program Files\mfyludqj moved successfully.
C:\_OTMoveIt\MovedFiles\Program Files\hunivolw moved successfully.
C:\_OTMoveIt\MovedFiles\Program Files moved successfully.
C:\_OTMoveIt\MovedFiles moved successfully.
C:\_OTMoveIt moved successfully.
File/Folder C:\rustbfix.exe not found.
File/Folder C:\Rustbfix not found.
File/Folder C:\sdfix.exe not found.
File/Folder C:\SDFix not found.
File/Folder C:\SmitfraudFix.exe not found.
File/Folder C:\SmitfraudFix not found.
File/Folder C:\rapport.txt not found.
File/Folder C:\SysInsite not found.
File/Folder C:\VundoFix.exe not found.
File/Folder C:\VundoFix Backups not found.
File/Folder C:\vundofix.txt not found.
File/Folder C:\win32delfkil.exe not found.
File/Folder C:\_backupD not found.
File/Folder C:\windelf.txt not found.
File/Folder C:\winpfind.exe not found.
File/Folder C:\WinPfind not found.
File/Folder C:\winpfind3u.exe not found.
File/Folder C:\WinPFind3u not found.
C:\cleanup.txt moved successfully.
File move failed. C:\Documents and Settings\Wilmer\Desktop\OTMoveIt.exe scheduled to be moved on reboot.
C:\Program Files\Tqhspmfc\vyzixswh.dll moved successfully.
File/Folder C:\WINDOWS\system32\tkh.dll not found.
File/Folder C:\WINDOWS\system32\ttdgssxa.dll not found.
C:\Program Files\mfyludqj\qtonulqf.dll moved successfully.
File/Folder C:\Documents and Settings\All Users\Application Data\opanetol.dll not found.
File/Folder C:\Documents and Settings\All Users\Application Data\kfghgpqt.dll not found.
C:\WINDOWS\system32\drvdof.dll moved successfully.
C:\Program Files\hunivolw moved successfully.
File/Folder C:\WINDOWS\system32\mgrs.exe not found.
File/Folder C:\Windows\xpupdate.exe not found.
File move failed. C:\WINDOWS\SYSTEM32\gebcdba.dll scheduled to be moved on reboot.
Created on 10/26/2007 17:32:52
File/Folder C:\avenger.zip not found.
File/Folder C:\Avenger not found.
File/Folder C:\avenger.txt not found.
File/Folder C:\bfu.zip not found.
File/Folder C:\BFU not found.
File/Folder C:\combofix.exe not found.
File/Folder C:\QooBox not found.
C:\ComboFix*.txt moved successfully.
C:\ComboFix*.txt moved successfully.
C:\Documents and Settings\Wilmer\Desktop\ComboFix*.txt moved successfully.
C:\WINDOWS\ComboFix*.txt moved successfully.
C:\WINDOWS\system32\ComboFix*.txt moved successfully.
C:\WINDOWS\system32\drivers\ComboFix*.txt moved successfully.
File/Folder C:\catchme.exe not found.
File/Folder C:\nircmd.exe not found.
File/Folder C:\swreg.exe not found.
File/Folder C:\Swxcacls.exe not found.
File/Folder C:\Swsc.exe not found.
File/Folder C:\dss.exe not found.
File/Folder C:\Deckard not found.
File/Folder C:\FindAWF.exe not found.
File/Folder C:\AWF.txt not found.
File/Folder C:\fixwareout.exe not found.
File/Folder C:\fixwareout not found.
File/Folder C:\fsbl.exe not found.
C:\fsbl*.log moved successfully.
C:\fsbl*.log moved successfully.
C:\Documents and Settings\Wilmer\Desktop\fsbl*.log moved successfully.
C:\WINDOWS\fsbl*.log moved successfully.
C:\WINDOWS\system32\fsbl*.log moved successfully.
C:\WINDOWS\system32\drivers\fsbl*.log moved successfully.
File/Folder C:\gmer.exe not found.
File/Folder C:\gmer.dll not found.
File/Folder C:\gmer.ini not found.
File/Folder C:\gmer.log not found.
File/Folder C:\gmer_uninstall.cmd not found.
File/Folder C:\gmer.sys not found.
Unable to delete service gmer.
File/Folder C:\haxfix.exe not found.
File/Folder C:\haxfix.txt not found.
File/Folder C:\killbox.exe not found.
File/Folder C:\!Killbox not found.
File/Folder C:\NoLop.exe not found.
File/Folder C:\NoLop.txt not found.
File/Folder C:\NoLopOLD.txt not found.
File/Folder C:\delete.bat not found.
File move failed. C:\Documents and Settings\Wilmer\Desktop\OTMoveIt.exe scheduled to be moved on reboot.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32 moved successfully.
C:\_OTMoveIt\MovedFiles\WINDOWS moved successfully.
C:\_OTMoveIt\MovedFiles\Program Files\Tqhspmfc moved successfully.
C:\_OTMoveIt\MovedFiles\Program Files\mfyludqj moved successfully.
C:\_OTMoveIt\MovedFiles\Program Files\hunivolw moved successfully.
C:\_OTMoveIt\MovedFiles\Program Files moved successfully.
C:\_OTMoveIt\MovedFiles moved successfully.
C:\_OTMoveIt moved successfully.
File/Folder C:\rustbfix.exe not found.
File/Folder C:\Rustbfix not found.
File/Folder C:\sdfix.exe not found.
File/Folder C:\SDFix not found.
File/Folder C:\SmitfraudFix.exe not found.
File/Folder C:\SmitfraudFix not found.
File/Folder C:\rapport.txt not found.
File/Folder C:\SysInsite not found.
File/Folder C:\VundoFix.exe not found.
File/Folder C:\VundoFix Backups not found.
File/Folder C:\vundofix.txt not found.
File/Folder C:\win32delfkil.exe not found.
File/Folder C:\_backupD not found.
File/Folder C:\windelf.txt not found.
File/Folder C:\winpfind.exe not found.
File/Folder C:\WinPfind not found.
File/Folder C:\winpfind3u.exe not found.
File/Folder C:\WinPFind3u not found.
C:\cleanup.txt moved successfully.
File move failed. C:\Documents and Settings\Wilmer\Desktop\OTMoveIt.exe scheduled to be moved on reboot.
Ok, can I see a new log from hijackthis en combofix?
my combofix and hijack this logs are above my very last post 
I want to see fresh logs of them. 
ook here are the fresh combofix and hjt logs
Logfile of HijackThis v1.99.1
Scan saved at 12:44:11 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HJT\HijackThis.exe
O2 - BHO: (no name) - {0158DA9D-EC95-4D36-B804-2A146A0453B8} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Tqhspmfc\vyzixswh.dll (file missing)
O2 - BHO: (no name) - {3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935} - C:\WINDOWS\system32\xxyxvwx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04} - C:\WINDOWS\system32\gebcdba.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\iipffjwp.dll
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: (no name) - {D84CFCD7-EDE6-46F8-81AF-7713CCE70059} - C:\WINDOWS\system32\yayxv.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iipffjwp.dll
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [d8bc325d] rundll32.exe "C:\WINDOWS\system32\qjjamakw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Aoum] "C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" -vt yazb
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxurrq - cbxurrq.dll (file missing)
O20 - Winlogon Notify: gebcdba - C:\WINDOWS\SYSTEM32\gebcdba.dll
O20 - Winlogon Notify: iipffjwp - C:\WINDOWS\SYSTEM32\iipffjwp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winbjf32 - winbjf32.dll (file missing)
O20 - Winlogon Notify: xxyxvwx - xxyxvwx.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
ComboFix 07-10-26.4 - Wilmer 2007-10-27 12:18:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.219 [GMT -4:00]
Running from: C:\Documents and Settings\Wilmer\My Documents\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Wilmer\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\hjjjl.bak1
C:\WINDOWS\system32\hjjjl.bak2
C:\WINDOWS\system32\hjjjl.ini
C:\WINDOWS\system32\iipffjwp.dllbox
C:\WINDOWS\system32\jaeapoir.exe
C:\WINDOWS\system32\ljjjh.dll
C:\WINDOWS\system32\xsvwmbnd.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.
2007-10-27 12:17 83,520 --a------ C:\WINDOWS\system32\qjjamakw.dll
2007-10-27 12:14 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-27 12:06 340,032 --a------ C:\WINDOWS\system32\iipffjwp.dll
2007-10-27 12:06 340,032 --a------ C:\WINDOWS\system32\epjstoel.dll
2007-10-26 16:27 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-10-26 16:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-26 16:26 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-10-25 20:54 34,816 --a------ C:\WINDOWS\system32\gebcdba.dll
2007-10-24 23:35 <DIR> d-------- C:\Program Files\Tqhspmfc
2007-10-24 14:46 <DIR> d-------- C:\Program Files\E404 Helper
2007-10-24 14:44 <DIR> d-------- C:\Program Files\mfyludqj
2007-10-24 14:44 <DIR> d-------- C:\Program Files\Htqfbbdv
2007-10-19 20:12 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-19 20:12 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-19 20:10 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-10-19 20:10 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-10-19 20:10 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-10-19 20:10 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-10-19 20:10 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-10-19 20:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-17 20:48 <DIR> d-------- C:\Program Files\RFA Explorer
2007-10-06 19:09 <DIR> d-------- C:\Documents and Settings\yourusername\.limewire
2007-10-03 19:43 <DIR> d-------- C:\Program Files\VSTplugins
2007-10-03 18:21 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-10-03 18:06 <DIR> d-------- C:\Program Files\Sony
2007-09-28 15:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-28 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2030-10-10 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2030-09-28 22:49 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ventrilo
2030-09-25 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-10-27 02:08 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-26 01:48 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\AVG7
2007-10-25 23:23 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\ZoomBrowser EX
2007-10-25 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-21 19:47 --------- d-----w C:\Program Files\EA GAMES
2007-10-20 00:22 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ahead
2007-10-20 00:10 --------- d-----w C:\Program Files\Ahead
2007-10-18 00:31 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-18 00:20 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\teamspeak2
2007-10-14 23:43 --------- d-----w C:\Program Files\Pacific Heroes
2007-10-09 20:45 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-10-06 23:04 --------- d-----w C:\Program Files\LimeWire
2007-10-03 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-10-03 22:12 --------- d-----w C:\Program Files\Sony Setup
2007-09-28 19:12 --------- d-----w C:\Program Files\QuickTime
2007-09-28 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-23 00:45 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\dvdcss
2007-09-19 00:11 --------- d-----w C:\Program Files\GoldWave
2007-09-18 23:47 138,752 ----a-w C:\WINDOWS\system32\sndvol32.exe
2007-09-18 23:43 138,752 ----a-w C:\WINDOWS\system32\syszp32.exe
2007-09-17 00:30 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Xfire
2007-09-15 21:28 --------- d-s---w C:\Program Files\Xfire
2007-09-12 23:17 --------- d-----w C:\Program Files\PC Wizard 2007
2007-09-03 22:44 --------- d-----w C:\Program Files\MagicDVDRipper
2007-09-03 19:44 --------- d-----w C:\Program Files\Java
2007-09-01 00:56 --------- d-----w C:\Program Files\Coding Workshop Ringtone Converter
2007-09-01 00:38 --------- d-----w C:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo
2007-09-01 00:33 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\GetRightToGo
2007-08-31 17:02 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\IGN_DLM
2007-08-30 00:24 --------- d-----w C:\Program Files\Real
2007-08-30 00:22 --------- d-----w C:\Program Files\MSN Messenger
2007-08-29 03:37 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-27 17:05 --------- d-----w C:\Program Files\ReflexiveArcade
2007-08-27 16:56 --------- d-----w C:\Program Files\Common Files\DirectX
2007-08-27 16:55 --------- d-----w C:\Program Files\WarlockStudio
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-05-08 23:32 1,618 ----a-w C:\Program Files\hijackthis.log
2005-02-16 15:06 218,112 ----a-w C:\Program Files\HijackThis.exe
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0158DA9D-EC95-4D36-B804-2A146A0453B8}]
C:\WINDOWS\system32\jkhhe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
C:\Program Files\Tqhspmfc\vyzixswh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}]
C:\WINDOWS\system32\xxyxvwx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}]
2007-10-25 20:54 34816 --a------ C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-27 12:06 340032 --a------ C:\WINDOWS\system32\iipffjwp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D84CFCD7-EDE6-46F8-81AF-7713CCE70059}]
C:\WINDOWS\system32\yayxv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
2007-10-24 14:46 15872 --a------ C:\Program Files\E404 Helper\e404.v1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\iipffjwp.dll [2007-10-27 12:06 340032]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\iipffjwp.dll [2007-10-27 12:06 340032]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kkw_run.exe"="kkw_run.exe" [2005-12-15 16:00 C:\WINDOWS\system32\kkw_run.exe]
"kmw_run.exe"="kmw_run.exe" [2005-09-01 10:43 C:\WINDOWS\system32\kmw_run.exe]
"MSWheel"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
"d8bc325d"="C:\WINDOWS\system32\qjjamakw.dll" [2007-10-27 12:17]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
"Aoum"="C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}"= C:\WINDOWS\system32\xxyxvwx.dll [ ]
"{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}"= C:\WINDOWS\system32\gebcdba.dll [2007-10-25 20:54 34816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxurrq]
cbxurrq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcdba]
gebcdba.dll 2007-10-25 20:54 34816 C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iipffjwp]
iipffjwp.dll 2007-10-27 12:06 340032 C:\WINDOWS\system32\iipffjwp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjf32]
winbjf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxvwx]
xxyxvwx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ljjjh.dll
R1 SiSEsc;SISLIB_ESC;C:\WINDOWS\system32\sisesc.sys
R3 KKW_HID;Kensington HIDClass Filter Driver;C:\WINDOWS\system32\DRIVERS\KKW_HID.sys
R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
R3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys
S3 HwIOctl;HwIOctl;\??\C:\Documents and Settings\Ena\Desktop\HwIOctl.sys
S3 Memctl;Memctl;\??\C:\Documents and Settings\Ena\Desktop\Memctl.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 23:34:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 12:37:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-27 12:42:46 - machine was rebooted
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 12:44:11 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HJT\HijackThis.exe
O2 - BHO: (no name) - {0158DA9D-EC95-4D36-B804-2A146A0453B8} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Tqhspmfc\vyzixswh.dll (file missing)
O2 - BHO: (no name) - {3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935} - C:\WINDOWS\system32\xxyxvwx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04} - C:\WINDOWS\system32\gebcdba.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\iipffjwp.dll
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: (no name) - {D84CFCD7-EDE6-46F8-81AF-7713CCE70059} - C:\WINDOWS\system32\yayxv.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iipffjwp.dll
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [d8bc325d] rundll32.exe "C:\WINDOWS\system32\qjjamakw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Aoum] "C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" -vt yazb
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxurrq - cbxurrq.dll (file missing)
O20 - Winlogon Notify: gebcdba - C:\WINDOWS\SYSTEM32\gebcdba.dll
O20 - Winlogon Notify: iipffjwp - C:\WINDOWS\SYSTEM32\iipffjwp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winbjf32 - winbjf32.dll (file missing)
O20 - Winlogon Notify: xxyxvwx - xxyxvwx.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
ComboFix 07-10-26.4 - Wilmer 2007-10-27 12:18:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.219 [GMT -4:00]
Running from: C:\Documents and Settings\Wilmer\My Documents\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Wilmer\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\hjjjl.bak1
C:\WINDOWS\system32\hjjjl.bak2
C:\WINDOWS\system32\hjjjl.ini
C:\WINDOWS\system32\iipffjwp.dllbox
C:\WINDOWS\system32\jaeapoir.exe
C:\WINDOWS\system32\ljjjh.dll
C:\WINDOWS\system32\xsvwmbnd.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.
2007-10-27 12:17 83,520 --a------ C:\WINDOWS\system32\qjjamakw.dll
2007-10-27 12:14 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-27 12:06 340,032 --a------ C:\WINDOWS\system32\iipffjwp.dll
2007-10-27 12:06 340,032 --a------ C:\WINDOWS\system32\epjstoel.dll
2007-10-26 16:27 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-10-26 16:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-26 16:26 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-10-25 20:54 34,816 --a------ C:\WINDOWS\system32\gebcdba.dll
2007-10-24 23:35 <DIR> d-------- C:\Program Files\Tqhspmfc
2007-10-24 14:46 <DIR> d-------- C:\Program Files\E404 Helper
2007-10-24 14:44 <DIR> d-------- C:\Program Files\mfyludqj
2007-10-24 14:44 <DIR> d-------- C:\Program Files\Htqfbbdv
2007-10-19 20:12 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-19 20:12 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-19 20:10 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-10-19 20:10 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-10-19 20:10 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-10-19 20:10 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-10-19 20:10 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-10-19 20:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-17 20:48 <DIR> d-------- C:\Program Files\RFA Explorer
2007-10-06 19:09 <DIR> d-------- C:\Documents and Settings\yourusername\.limewire
2007-10-03 19:43 <DIR> d-------- C:\Program Files\VSTplugins
2007-10-03 18:21 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-10-03 18:06 <DIR> d-------- C:\Program Files\Sony
2007-09-28 15:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-28 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2030-10-10 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2030-09-28 22:49 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ventrilo
2030-09-25 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-10-27 02:08 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-26 01:48 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\AVG7
2007-10-25 23:23 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\ZoomBrowser EX
2007-10-25 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-21 19:47 --------- d-----w C:\Program Files\EA GAMES
2007-10-20 00:22 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ahead
2007-10-20 00:10 --------- d-----w C:\Program Files\Ahead
2007-10-18 00:31 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-18 00:20 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\teamspeak2
2007-10-14 23:43 --------- d-----w C:\Program Files\Pacific Heroes
2007-10-09 20:45 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-10-06 23:04 --------- d-----w C:\Program Files\LimeWire
2007-10-03 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-10-03 22:12 --------- d-----w C:\Program Files\Sony Setup
2007-09-28 19:12 --------- d-----w C:\Program Files\QuickTime
2007-09-28 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-23 00:45 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\dvdcss
2007-09-19 00:11 --------- d-----w C:\Program Files\GoldWave
2007-09-18 23:47 138,752 ----a-w C:\WINDOWS\system32\sndvol32.exe
2007-09-18 23:43 138,752 ----a-w C:\WINDOWS\system32\syszp32.exe
2007-09-17 00:30 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Xfire
2007-09-15 21:28 --------- d-s---w C:\Program Files\Xfire
2007-09-12 23:17 --------- d-----w C:\Program Files\PC Wizard 2007
2007-09-03 22:44 --------- d-----w C:\Program Files\MagicDVDRipper
2007-09-03 19:44 --------- d-----w C:\Program Files\Java
2007-09-01 00:56 --------- d-----w C:\Program Files\Coding Workshop Ringtone Converter
2007-09-01 00:38 --------- d-----w C:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo
2007-09-01 00:33 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\GetRightToGo
2007-08-31 17:02 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\IGN_DLM
2007-08-30 00:24 --------- d-----w C:\Program Files\Real
2007-08-30 00:22 --------- d-----w C:\Program Files\MSN Messenger
2007-08-29 03:37 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-27 17:05 --------- d-----w C:\Program Files\ReflexiveArcade
2007-08-27 16:56 --------- d-----w C:\Program Files\Common Files\DirectX
2007-08-27 16:55 --------- d-----w C:\Program Files\WarlockStudio
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-05-08 23:32 1,618 ----a-w C:\Program Files\hijackthis.log
2005-02-16 15:06 218,112 ----a-w C:\Program Files\HijackThis.exe
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0158DA9D-EC95-4D36-B804-2A146A0453B8}]
C:\WINDOWS\system32\jkhhe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
C:\Program Files\Tqhspmfc\vyzixswh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}]
C:\WINDOWS\system32\xxyxvwx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}]
2007-10-25 20:54 34816 --a------ C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-27 12:06 340032 --a------ C:\WINDOWS\system32\iipffjwp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D84CFCD7-EDE6-46F8-81AF-7713CCE70059}]
C:\WINDOWS\system32\yayxv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
2007-10-24 14:46 15872 --a------ C:\Program Files\E404 Helper\e404.v1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\iipffjwp.dll [2007-10-27 12:06 340032]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\iipffjwp.dll [2007-10-27 12:06 340032]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kkw_run.exe"="kkw_run.exe" [2005-12-15 16:00 C:\WINDOWS\system32\kkw_run.exe]
"kmw_run.exe"="kmw_run.exe" [2005-09-01 10:43 C:\WINDOWS\system32\kmw_run.exe]
"MSWheel"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
"d8bc325d"="C:\WINDOWS\system32\qjjamakw.dll" [2007-10-27 12:17]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
"Aoum"="C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}"= C:\WINDOWS\system32\xxyxvwx.dll [ ]
"{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}"= C:\WINDOWS\system32\gebcdba.dll [2007-10-25 20:54 34816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxurrq]
cbxurrq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcdba]
gebcdba.dll 2007-10-25 20:54 34816 C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iipffjwp]
iipffjwp.dll 2007-10-27 12:06 340032 C:\WINDOWS\system32\iipffjwp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjf32]
winbjf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxvwx]
xxyxvwx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ljjjh.dll
R1 SiSEsc;SISLIB_ESC;C:\WINDOWS\system32\sisesc.sys
R3 KKW_HID;Kensington HIDClass Filter Driver;C:\WINDOWS\system32\DRIVERS\KKW_HID.sys
R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
R3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys
S3 HwIOctl;HwIOctl;\??\C:\Documents and Settings\Ena\Desktop\HwIOctl.sys
S3 Memctl;Memctl;\??\C:\Documents and Settings\Ena\Desktop\Memctl.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 23:34:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 12:37:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-27 12:42:46 - machine was rebooted
.
--- E O F ---
Ok, now delete the following files with OTMoveIt:
C:\WINDOWS\system32\qjjamakw.dll
C:\WINDOWS\system32\iipffjwp.dll
C:\WINDOWS\system32\epjstoel.dll
C:\WINDOWS\system32\gebcdba.dll
C:\Program Files\Tqhspmfc
C:\Program Files\E404 Helper
C:\Program Files\mfyludqj
C:\Program Files\Htqfbbdv
C:\WINDOWS\system32\syszp32.exe
After that, post the log from OTMoveIt here with new logs from combofix and hijackthis.
C:\WINDOWS\system32\qjjamakw.dll
C:\WINDOWS\system32\iipffjwp.dll
C:\WINDOWS\system32\epjstoel.dll
C:\WINDOWS\system32\gebcdba.dll
C:\Program Files\Tqhspmfc
C:\Program Files\E404 Helper
C:\Program Files\mfyludqj
C:\Program Files\Htqfbbdv
C:\WINDOWS\system32\syszp32.exe
After that, post the log from OTMoveIt here with new logs from combofix and hijackthis.
ok here are the FRESH LOGS FROM ALL IN THIS ORDER
1.Hijack This
2.OTmoveit
3.Combofix
im getting this annyoing window coming up telling me i have a certain virus
but its not from any of my antivirus programs
Logfile of HijackThis v1.99.1
Scan saved at 1:14:05 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\msiexec.exe
C:\HJT\HijackThis.exe
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iipffjwp.dll
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [d8bc325d] rundll32.exe "C:\WINDOWS\system32\qjjamakw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Aoum] "C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" -vt yazb
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
ComboFix 07-10-26.4 - Wilmer 2007-10-27 13:19:19.3 - NTFSx86
Running from: C:\Documents and Settings\Wilmer\My Documents\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Wilmer\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Favorites\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\cbxvu.dll
C:\WINDOWS\system32\iipffjwp.dllbox
C:\WINDOWS\system32\uvxbc.bak1
C:\WINDOWS\system32\uvxbc.ini
.
((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.
2007-10-27 13:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-27 12:17 83,520 --a------ C:\WINDOWS\system32\qjjamakw.dll
2007-10-27 12:06 340,032 --a------ C:\WINDOWS\system32\iipffjwp.dll
2007-10-27 12:06 340,032 --a------ C:\WINDOWS\system32\epjstoel.dll
2007-10-26 16:27 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-10-26 16:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-26 16:26 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-10-25 20:54 34,816 --a------ C:\WINDOWS\system32\gebcdba.dll
2007-10-24 23:35 <DIR> d-------- C:\Program Files\Tqhspmfc
2007-10-24 14:46 <DIR> d-------- C:\Program Files\E404 Helper
2007-10-24 14:44 <DIR> d-------- C:\Program Files\mfyludqj
2007-10-24 14:44 <DIR> d-------- C:\Program Files\Htqfbbdv
2007-10-19 20:12 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-19 20:12 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-19 20:10 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-10-19 20:10 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-10-19 20:10 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-10-19 20:10 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-10-19 20:10 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-10-19 20:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-17 20:48 <DIR> d-------- C:\Program Files\RFA Explorer
2007-10-06 19:09 <DIR> d-------- C:\Documents and Settings\yourusername\.limewire
2007-10-03 19:43 <DIR> d-------- C:\Program Files\VSTplugins
2007-10-03 18:21 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-10-03 18:06 <DIR> d-------- C:\Program Files\Sony
2007-09-28 15:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-28 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2030-10-10 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2030-09-28 22:49 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ventrilo
2030-09-25 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-10-27 17:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-27 02:08 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-26 01:48 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\AVG7
2007-10-25 23:23 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\ZoomBrowser EX
2007-10-25 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-21 19:47 --------- d-----w C:\Program Files\EA GAMES
2007-10-20 00:22 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ahead
2007-10-20 00:10 --------- d-----w C:\Program Files\Ahead
2007-10-18 00:31 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-18 00:20 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\teamspeak2
2007-10-14 23:43 --------- d-----w C:\Program Files\Pacific Heroes
2007-10-09 20:45 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-10-06 23:04 --------- d-----w C:\Program Files\LimeWire
2007-10-03 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-10-03 22:12 --------- d-----w C:\Program Files\Sony Setup
2007-09-28 19:12 --------- d-----w C:\Program Files\QuickTime
2007-09-28 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-23 00:45 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\dvdcss
2007-09-19 00:11 --------- d-----w C:\Program Files\GoldWave
2007-09-18 23:47 138,752 ----a-w C:\WINDOWS\system32\sndvol32.exe
2007-09-18 23:43 138,752 ----a-w C:\WINDOWS\system32\syszp32.exe
2007-09-17 00:30 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Xfire
2007-09-15 21:28 --------- d-s---w C:\Program Files\Xfire
2007-09-12 23:17 --------- d-----w C:\Program Files\PC Wizard 2007
2007-09-03 22:44 --------- d-----w C:\Program Files\MagicDVDRipper
2007-09-03 19:44 --------- d-----w C:\Program Files\Java
2007-09-01 00:56 --------- d-----w C:\Program Files\Coding Workshop Ringtone Converter
2007-09-01 00:38 --------- d-----w C:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo
2007-09-01 00:33 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\GetRightToGo
2007-08-31 17:02 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\IGN_DLM
2007-08-30 00:24 --------- d-----w C:\Program Files\Real
2007-08-30 00:22 --------- d-----w C:\Program Files\MSN Messenger
2007-08-29 03:37 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-27 17:05 --------- d-----w C:\Program Files\ReflexiveArcade
2007-08-27 16:56 --------- d-----w C:\Program Files\Common Files\DirectX
2007-08-27 16:55 --------- d-----w C:\Program Files\WarlockStudio
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-05-08 23:32 1,618 ----a-w C:\Program Files\hijackthis.log
2005-02-16 15:06 218,112 ----a-w C:\Program Files\HijackThis.exe
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0158DA9D-EC95-4D36-B804-2A146A0453B8}]
C:\WINDOWS\system32\jkhhe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
C:\Program Files\Tqhspmfc\vyzixswh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}]
C:\WINDOWS\system32\xxyxvwx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}]
2007-10-25 20:54 34816 --a------ C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-27 12:06 340032 --a------ C:\WINDOWS\system32\iipffjwp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D84CFCD7-EDE6-46F8-81AF-7713CCE70059}]
C:\WINDOWS\system32\yayxv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
2007-10-24 14:46 15872 --a------ C:\Program Files\E404 Helper\e404.v1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\iipffjwp.dll [2007-10-27 12:06 340032]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\iipffjwp.dll [2007-10-27 12:06 340032]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kkw_run.exe"="kkw_run.exe" [2005-12-15 16:00 C:\WINDOWS\system32\kkw_run.exe]
"kmw_run.exe"="kmw_run.exe" [2005-09-01 10:43 C:\WINDOWS\system32\kmw_run.exe]
"MSWheel"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
"d8bc325d"="C:\WINDOWS\system32\qjjamakw.dll" [2007-10-27 12:17]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
"Aoum"="C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}"= C:\WINDOWS\system32\xxyxvwx.dll [ ]
"{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}"= C:\WINDOWS\system32\gebcdba.dll [2007-10-25 20:54 34816]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxurrq]
cbxurrq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcdba]
gebcdba.dll 2007-10-25 20:54 34816 C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iipffjwp]
iipffjwp.dll 2007-10-27 12:06 340032 C:\WINDOWS\system32\iipffjwp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjf32]
winbjf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxvwx]
xxyxvwx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\cbxvu
R3 KKW_HID;Kensington HIDClass Filter Driver;C:\WINDOWS\system32\DRIVERS\KKW_HID.sys
R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
R3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
S3 HwIOctl;HwIOctl;\??\C:\Documents and Settings\Ena\Desktop\HwIOctl.sys
S3 Memctl;Memctl;\??\C:\Documents and Settings\Ena\Desktop\Memctl.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 23:34:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 13:33:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-27 13:38:59 - machine was rebooted
.
--- E O F ---
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
OTmoveit log
File/Folder C:\avenger.zip not found.
File/Folder C:\Avenger not found.
File/Folder C:\avenger.txt not found.
File/Folder C:\bfu.zip not found.
File/Folder C:\BFU not found.
File/Folder C:\combofix.exe not found.
C:\QooBox\Quarantine\Registry_backups moved successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32 moved successfully.
C:\QooBox\Quarantine\C\WINDOWS moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings\Wilmer\Favorites moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings\Wilmer\Desktop moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings\Wilmer moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Start Menu moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings moved successfully.
C:\QooBox\Quarantine\C moved successfully.
C:\QooBox\Quarantine moved successfully.
C:\QooBox\BackEnv moved successfully.
C:\QooBox moved successfully.
C:\ComboFix*.txt moved successfully.
C:\WINDOWS\catchme.exe moved successfully.
C:\WINDOWS\nircmd.exe moved successfully.
C:\WINDOWS\system32\swreg.exe moved successfully.
C:\WINDOWS\system32\Swxcacls.exe moved successfully.
C:\WINDOWS\system32\Swsc.exe moved successfully.
File/Folder C:\dss.exe not found.
File/Folder C:\Deckard not found.
File/Folder C:\FindAWF.exe not found.
File/Folder C:\AWF.txt not found.
File/Folder C:\fixwareout.exe not found.
File/Folder C:\fixwareout not found.
File/Folder C:\fsbl.exe not found.
C:\fsbl*.log moved successfully.
C:\fsbl*.log moved successfully.
C:\Documents and Settings\Wilmer\Desktop\fsbl*.log moved successfully.
C:\WINDOWS\fsbl*.log moved successfully.
C:\WINDOWS\system32\fsbl*.log moved successfully.
C:\WINDOWS\system32\drivers\fsbl*.log moved successfully.
File/Folder C:\gmer.exe not found.
File/Folder C:\gmer.dll not found.
File/Folder C:\gmer.ini not found.
File/Folder C:\gmer.log not found.
File/Folder C:\gmer_uninstall.cmd not found.
File/Folder C:\gmer.sys not found.
Unable to delete service gmer.
File/Folder C:\haxfix.exe not found.
File/Folder C:\haxfix.txt not found.
File/Folder C:\killbox.exe not found.
File/Folder C:\!Killbox not found.
File/Folder C:\NoLop.exe not found.
File/Folder C:\NoLop.txt not found.
File/Folder C:\NoLopOLD.txt not found.
File/Folder C:\delete.bat not found.
File/Folder C:\OTMoveIt.exe not found.
File/Folder C:\_OTMoveIt not found.
File/Folder C:\rustbfix.exe not found.
File/Folder C:\Rustbfix not found.
File/Folder C:\sdfix.exe not found.
File/Folder C:\SDFix not found.
File/Folder C:\SmitfraudFix.exe not found.
File/Folder C:\SmitfraudFix not found.
File/Folder C:\rapport.txt not found.
File/Folder C:\SysInsite not found.
File/Folder C:\VundoFix.exe not found.
File/Folder C:\VundoFix Backups not found.
File/Folder C:\vundofix.txt not found.
File/Folder C:\win32delfkil.exe not found.
File/Folder C:\_backupD not found.
File/Folder C:\windelf.txt not found.
File/Folder C:\winpfind.exe not found.
File/Folder C:\WinPfind not found.
File/Folder C:\winpfind3u.exe not found.
File/Folder C:\WinPFind3u not found.
C:\cleanup.txt moved successfully.
File move failed. C:\Documents and Settings\Wilmer\My Documents\OTMoveIt.exe scheduled to be moved on reboot.
1.Hijack This
2.OTmoveit
3.Combofix
im getting this annyoing window coming up telling me i have a certain virus
but its not from any of my antivirus programs
Logfile of HijackThis v1.99.1
Scan saved at 1:14:05 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\msiexec.exe
C:\HJT\HijackThis.exe
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iipffjwp.dll
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [d8bc325d] rundll32.exe "C:\WINDOWS\system32\qjjamakw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Aoum] "C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" -vt yazb
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
ComboFix 07-10-26.4 - Wilmer 2007-10-27 13:19:19.3 - NTFSx86
Running from: C:\Documents and Settings\Wilmer\My Documents\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Wilmer\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Favorites\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\cbxvu.dll
C:\WINDOWS\system32\iipffjwp.dllbox
C:\WINDOWS\system32\uvxbc.bak1
C:\WINDOWS\system32\uvxbc.ini
.
((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.
2007-10-27 13:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-27 12:17 83,520 --a------ C:\WINDOWS\system32\qjjamakw.dll
2007-10-27 12:06 340,032 --a------ C:\WINDOWS\system32\iipffjwp.dll
2007-10-27 12:06 340,032 --a------ C:\WINDOWS\system32\epjstoel.dll
2007-10-26 16:27 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-10-26 16:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-26 16:26 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-10-25 20:54 34,816 --a------ C:\WINDOWS\system32\gebcdba.dll
2007-10-24 23:35 <DIR> d-------- C:\Program Files\Tqhspmfc
2007-10-24 14:46 <DIR> d-------- C:\Program Files\E404 Helper
2007-10-24 14:44 <DIR> d-------- C:\Program Files\mfyludqj
2007-10-24 14:44 <DIR> d-------- C:\Program Files\Htqfbbdv
2007-10-19 20:12 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-19 20:12 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-19 20:10 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-10-19 20:10 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-10-19 20:10 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-10-19 20:10 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-10-19 20:10 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-10-19 20:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-17 20:48 <DIR> d-------- C:\Program Files\RFA Explorer
2007-10-06 19:09 <DIR> d-------- C:\Documents and Settings\yourusername\.limewire
2007-10-03 19:43 <DIR> d-------- C:\Program Files\VSTplugins
2007-10-03 18:21 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-10-03 18:06 <DIR> d-------- C:\Program Files\Sony
2007-09-28 15:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-28 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2030-10-10 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2030-09-28 22:49 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ventrilo
2030-09-25 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-10-27 17:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-27 02:08 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-26 01:48 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\AVG7
2007-10-25 23:23 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\ZoomBrowser EX
2007-10-25 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-21 19:47 --------- d-----w C:\Program Files\EA GAMES
2007-10-20 00:22 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ahead
2007-10-20 00:10 --------- d-----w C:\Program Files\Ahead
2007-10-18 00:31 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-18 00:20 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\teamspeak2
2007-10-14 23:43 --------- d-----w C:\Program Files\Pacific Heroes
2007-10-09 20:45 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-10-06 23:04 --------- d-----w C:\Program Files\LimeWire
2007-10-03 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-10-03 22:12 --------- d-----w C:\Program Files\Sony Setup
2007-09-28 19:12 --------- d-----w C:\Program Files\QuickTime
2007-09-28 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-23 00:45 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\dvdcss
2007-09-19 00:11 --------- d-----w C:\Program Files\GoldWave
2007-09-18 23:47 138,752 ----a-w C:\WINDOWS\system32\sndvol32.exe
2007-09-18 23:43 138,752 ----a-w C:\WINDOWS\system32\syszp32.exe
2007-09-17 00:30 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Xfire
2007-09-15 21:28 --------- d-s---w C:\Program Files\Xfire
2007-09-12 23:17 --------- d-----w C:\Program Files\PC Wizard 2007
2007-09-03 22:44 --------- d-----w C:\Program Files\MagicDVDRipper
2007-09-03 19:44 --------- d-----w C:\Program Files\Java
2007-09-01 00:56 --------- d-----w C:\Program Files\Coding Workshop Ringtone Converter
2007-09-01 00:38 --------- d-----w C:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo
2007-09-01 00:33 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\GetRightToGo
2007-08-31 17:02 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\IGN_DLM
2007-08-30 00:24 --------- d-----w C:\Program Files\Real
2007-08-30 00:22 --------- d-----w C:\Program Files\MSN Messenger
2007-08-29 03:37 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-27 17:05 --------- d-----w C:\Program Files\ReflexiveArcade
2007-08-27 16:56 --------- d-----w C:\Program Files\Common Files\DirectX
2007-08-27 16:55 --------- d-----w C:\Program Files\WarlockStudio
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-05-08 23:32 1,618 ----a-w C:\Program Files\hijackthis.log
2005-02-16 15:06 218,112 ----a-w C:\Program Files\HijackThis.exe
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0158DA9D-EC95-4D36-B804-2A146A0453B8}]
C:\WINDOWS\system32\jkhhe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
C:\Program Files\Tqhspmfc\vyzixswh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}]
C:\WINDOWS\system32\xxyxvwx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}]
2007-10-25 20:54 34816 --a------ C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-27 12:06 340032 --a------ C:\WINDOWS\system32\iipffjwp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D84CFCD7-EDE6-46F8-81AF-7713CCE70059}]
C:\WINDOWS\system32\yayxv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
2007-10-24 14:46 15872 --a------ C:\Program Files\E404 Helper\e404.v1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\iipffjwp.dll [2007-10-27 12:06 340032]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\iipffjwp.dll [2007-10-27 12:06 340032]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kkw_run.exe"="kkw_run.exe" [2005-12-15 16:00 C:\WINDOWS\system32\kkw_run.exe]
"kmw_run.exe"="kmw_run.exe" [2005-09-01 10:43 C:\WINDOWS\system32\kmw_run.exe]
"MSWheel"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
"d8bc325d"="C:\WINDOWS\system32\qjjamakw.dll" [2007-10-27 12:17]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
"Aoum"="C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}"= C:\WINDOWS\system32\xxyxvwx.dll [ ]
"{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}"= C:\WINDOWS\system32\gebcdba.dll [2007-10-25 20:54 34816]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxurrq]
cbxurrq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcdba]
gebcdba.dll 2007-10-25 20:54 34816 C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iipffjwp]
iipffjwp.dll 2007-10-27 12:06 340032 C:\WINDOWS\system32\iipffjwp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjf32]
winbjf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxvwx]
xxyxvwx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\cbxvu
R3 KKW_HID;Kensington HIDClass Filter Driver;C:\WINDOWS\system32\DRIVERS\KKW_HID.sys
R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
R3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
S3 HwIOctl;HwIOctl;\??\C:\Documents and Settings\Ena\Desktop\HwIOctl.sys
S3 Memctl;Memctl;\??\C:\Documents and Settings\Ena\Desktop\Memctl.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 23:34:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 13:33:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-27 13:38:59 - machine was rebooted
.
--- E O F ---
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
OTmoveit log
File/Folder C:\avenger.zip not found.
File/Folder C:\Avenger not found.
File/Folder C:\avenger.txt not found.
File/Folder C:\bfu.zip not found.
File/Folder C:\BFU not found.
File/Folder C:\combofix.exe not found.
C:\QooBox\Quarantine\Registry_backups moved successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32 moved successfully.
C:\QooBox\Quarantine\C\WINDOWS moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings\Wilmer\Favorites moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings\Wilmer\Desktop moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings\Wilmer moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Start Menu moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings moved successfully.
C:\QooBox\Quarantine\C moved successfully.
C:\QooBox\Quarantine moved successfully.
C:\QooBox\BackEnv moved successfully.
C:\QooBox moved successfully.
C:\ComboFix*.txt moved successfully.
C:\WINDOWS\catchme.exe moved successfully.
C:\WINDOWS\nircmd.exe moved successfully.
C:\WINDOWS\system32\swreg.exe moved successfully.
C:\WINDOWS\system32\Swxcacls.exe moved successfully.
C:\WINDOWS\system32\Swsc.exe moved successfully.
File/Folder C:\dss.exe not found.
File/Folder C:\Deckard not found.
File/Folder C:\FindAWF.exe not found.
File/Folder C:\AWF.txt not found.
File/Folder C:\fixwareout.exe not found.
File/Folder C:\fixwareout not found.
File/Folder C:\fsbl.exe not found.
C:\fsbl*.log moved successfully.
C:\fsbl*.log moved successfully.
C:\Documents and Settings\Wilmer\Desktop\fsbl*.log moved successfully.
C:\WINDOWS\fsbl*.log moved successfully.
C:\WINDOWS\system32\fsbl*.log moved successfully.
C:\WINDOWS\system32\drivers\fsbl*.log moved successfully.
File/Folder C:\gmer.exe not found.
File/Folder C:\gmer.dll not found.
File/Folder C:\gmer.ini not found.
File/Folder C:\gmer.log not found.
File/Folder C:\gmer_uninstall.cmd not found.
File/Folder C:\gmer.sys not found.
Unable to delete service gmer.
File/Folder C:\haxfix.exe not found.
File/Folder C:\haxfix.txt not found.
File/Folder C:\killbox.exe not found.
File/Folder C:\!Killbox not found.
File/Folder C:\NoLop.exe not found.
File/Folder C:\NoLop.txt not found.
File/Folder C:\NoLopOLD.txt not found.
File/Folder C:\delete.bat not found.
File/Folder C:\OTMoveIt.exe not found.
File/Folder C:\_OTMoveIt not found.
File/Folder C:\rustbfix.exe not found.
File/Folder C:\Rustbfix not found.
File/Folder C:\sdfix.exe not found.
File/Folder C:\SDFix not found.
File/Folder C:\SmitfraudFix.exe not found.
File/Folder C:\SmitfraudFix not found.
File/Folder C:\rapport.txt not found.
File/Folder C:\SysInsite not found.
File/Folder C:\VundoFix.exe not found.
File/Folder C:\VundoFix Backups not found.
File/Folder C:\vundofix.txt not found.
File/Folder C:\win32delfkil.exe not found.
File/Folder C:\_backupD not found.
File/Folder C:\windelf.txt not found.
File/Folder C:\winpfind.exe not found.
File/Folder C:\WinPfind not found.
File/Folder C:\winpfind3u.exe not found.
File/Folder C:\WinPFind3u not found.
C:\cleanup.txt moved successfully.
File move failed. C:\Documents and Settings\Wilmer\My Documents\OTMoveIt.exe scheduled to be moved on reboot.
That's not the log from OTMoveIt...Are you sure you did everything correct as instructed? 
ok when u tell me to delete something with OTmove it
what do i click CLEAN UP or MOVE IT?
what do i click CLEAN UP or MOVE IT?
QUOTE(jurgenv @ Oct 25 2007, 10:49 PM) 
* Download OTMoveIt.exe from here and place it on your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
* Open OTMoveIt.exe.
In the left pane where it says: "Paste List of Files/Folders to be Moved", copy and paste next part:
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\kfghgpqt.dll
C:\WINDOWS\system32\ehhkj.bak1
C:\Program Files\3269.exe
C:\Program Files\msc.exe
C:\WINDOWS\system32\amsgrcrq.exe
C:\WINDOWS\system32\vxyay.bak2
C:\WINDOWS\system32\vxyay.bak1
C:\WINDOWS\system32\winbjf32.dll
C:\WINDOWS\system32\drvkalr.dll
Then click the MoveIt button below.
In case you get a "Bad Image" error, just click OK at the promt. It will move the file anyway.
When done, it will create a log (********_******.log -- * stands for date and time) in next folder: C:\_OTMoveIt\MovedFiles.
Copy and paste this log in your next reply with a new hijackthis log.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
* Open OTMoveIt.exe.
In the left pane where it says: "Paste List of Files/Folders to be Moved", copy and paste next part:
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\kfghgpqt.dll
C:\WINDOWS\system32\ehhkj.bak1
C:\Program Files\3269.exe
C:\Program Files\msc.exe
C:\WINDOWS\system32\amsgrcrq.exe
C:\WINDOWS\system32\vxyay.bak2
C:\WINDOWS\system32\vxyay.bak1
C:\WINDOWS\system32\winbjf32.dll
C:\WINDOWS\system32\drvkalr.dll
Then click the MoveIt button below.
In case you get a "Bad Image" error, just click OK at the promt. It will move the file anyway.
When done, it will create a log (********_******.log -- * stands for date and time) in next folder: C:\_OTMoveIt\MovedFiles.
Copy and paste this log in your next reply with a new hijackthis log.
Here's the example instrcution.
ok im sorry for that
1.hijak this
2.otmoveit
3.combofix
Logfile of HijackThis v1.99.1
Scan saved at 1:59:02 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\HJT\HijackThis.exe
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iipffjwp.dll
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [d8bc325d] rundll32.exe "C:\WINDOWS\system32\qjjamakw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Aoum] "C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" -vt yazb
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qjjamakw.dll
C:\WINDOWS\system32\qjjamakw.dll NOT unregistered.
C:\WINDOWS\system32\qjjamakw.dll moved successfully.
C:\WINDOWS\system32\iipffjwp.dll unregistered successfully.
File move failed. C:\WINDOWS\system32\iipffjwp.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\epjstoel.dll unregistered successfully.
C:\WINDOWS\system32\epjstoel.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gebcdba.dll
C:\WINDOWS\system32\gebcdba.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\gebcdba.dll scheduled to be moved on reboot.
C:\Program Files\Tqhspmfc moved successfully.
C:\Program Files\E404 Helper moved successfully.
C:\Program Files\mfyludqj moved successfully.
C:\Program Files\Htqfbbdv moved successfully.
C:\WINDOWS\system32\syszp32.exe moved successfully.
Created on 10/27/2007 13:58:19
ComboFix 07-10-26.4 - Wilmer 2007-10-27 14:13:29.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.198 [GMT -4:00]
Running from: C:\Documents and Settings\Wilmer\My Documents\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Wilmer\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\iipffjwp.dllbox
C:\WINDOWS\system32\opqss.bak1
C:\WINDOWS\system32\opqss.ini
C:\WINDOWS\system32\ssqpo.dll
.
((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.
2007-10-27 13:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-27 12:06 340,032 --a------ C:\WINDOWS\system32\iipffjwp.dll
2007-10-26 16:27 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-10-26 16:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-26 16:26 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-10-25 20:54 34,816 --a------ C:\WINDOWS\system32\gebcdba.dll
2007-10-19 20:12 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-19 20:12 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-19 20:10 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-10-19 20:10 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-10-19 20:10 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-10-19 20:10 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-10-19 20:10 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-10-19 20:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-17 20:48 <DIR> d-------- C:\Program Files\RFA Explorer
2007-10-06 19:09 <DIR> d-------- C:\Documents and Settings\yourusername\.limewire
2007-10-03 19:43 <DIR> d-------- C:\Program Files\VSTplugins
2007-10-03 18:21 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-10-03 18:06 <DIR> d-------- C:\Program Files\Sony
2007-09-28 15:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-28 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2030-10-10 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2030-09-28 22:49 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ventrilo
2030-09-25 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-10-27 17:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-27 02:08 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-26 01:48 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\AVG7
2007-10-25 23:23 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\ZoomBrowser EX
2007-10-25 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-21 19:47 --------- d-----w C:\Program Files\EA GAMES
2007-10-20 00:22 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ahead
2007-10-20 00:10 --------- d-----w C:\Program Files\Ahead
2007-10-18 00:31 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-18 00:20 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\teamspeak2
2007-10-14 23:43 --------- d-----w C:\Program Files\Pacific Heroes
2007-10-09 20:45 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-10-06 23:04 --------- d-----w C:\Program Files\LimeWire
2007-10-03 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-10-03 22:12 --------- d-----w C:\Program Files\Sony Setup
2007-09-28 19:12 --------- d-----w C:\Program Files\QuickTime
2007-09-28 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-23 00:45 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\dvdcss
2007-09-19 00:11 --------- d-----w C:\Program Files\GoldWave
2007-09-18 23:47 138,752 ----a-w C:\WINDOWS\system32\sndvol32.exe
2007-09-17 00:30 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Xfire
2007-09-15 21:28 --------- d-s---w C:\Program Files\Xfire
2007-09-12 23:17 --------- d-----w C:\Program Files\PC Wizard 2007
2007-09-03 22:44 --------- d-----w C:\Program Files\MagicDVDRipper
2007-09-03 19:44 --------- d-----w C:\Program Files\Java
2007-09-01 00:56 --------- d-----w C:\Program Files\Coding Workshop Ringtone Converter
2007-09-01 00:38 --------- d-----w C:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo
2007-09-01 00:33 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\GetRightToGo
2007-08-31 17:02 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\IGN_DLM
2007-08-30 00:24 --------- d-----w C:\Program Files\Real
2007-08-30 00:22 --------- d-----w C:\Program Files\MSN Messenger
2007-08-29 03:37 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-27 17:05 --------- d-----w C:\Program Files\ReflexiveArcade
2007-08-27 16:56 --------- d-----w C:\Program Files\Common Files\DirectX
2007-08-27 16:55 --------- d-----w C:\Program Files\WarlockStudio
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-05-08 23:32 1,618 ----a-w C:\Program Files\hijackthis.log
2005-02-16 15:06 218,112 ----a-w C:\Program Files\HijackThis.exe
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0158DA9D-EC95-4D36-B804-2A146A0453B8}]
C:\WINDOWS\system32\jkhhe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
C:\Program Files\Tqhspmfc\vyzixswh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}]
C:\WINDOWS\system32\xxyxvwx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}]
2007-10-25 20:54 34816 --a------ C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-27 12:06 340032 --a------ C:\WINDOWS\system32\iipffjwp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D84CFCD7-EDE6-46F8-81AF-7713CCE70059}]
C:\WINDOWS\system32\yayxv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
C:\Program Files\E404 Helper\e404.v1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\iipffjwp.dll [2007-10-27 12:06 340032]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\iipffjwp.dll [2007-10-27 12:06 340032]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kkw_run.exe"="kkw_run.exe" [2005-12-15 16:00 C:\WINDOWS\system32\kkw_run.exe]
"kmw_run.exe"="kmw_run.exe" [2005-09-01 10:43 C:\WINDOWS\system32\kmw_run.exe]
"MSWheel"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
"d8bc325d"="C:\WINDOWS\system32\qjjamakw.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
"Aoum"="C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}"= C:\WINDOWS\system32\xxyxvwx.dll [ ]
"{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}"= C:\WINDOWS\system32\gebcdba.dll [2007-10-25 20:54 34816]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxurrq]
cbxurrq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcdba]
gebcdba.dll 2007-10-25 20:54 34816 C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iipffjwp]
iipffjwp.dll 2007-10-27 12:06 340032 C:\WINDOWS\system32\iipffjwp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjf32]
winbjf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxvwx]
xxyxvwx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\ssqpo
R1 SiSEsc;SISLIB_ESC;C:\WINDOWS\system32\sisesc.sys
R3 KKW_HID;Kensington HIDClass Filter Driver;C:\WINDOWS\system32\DRIVERS\KKW_HID.sys
R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
R3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys
S3 HwIOctl;HwIOctl;\??\C:\Documents and Settings\Ena\Desktop\HwIOctl.sys
S3 Memctl;Memctl;\??\C:\Documents and Settings\Ena\Desktop\Memctl.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 23:34:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 14:25:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-27 14:30:29 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-27 13:39
.
--- E O F ---
1.hijak this
2.otmoveit
3.combofix
Logfile of HijackThis v1.99.1
Scan saved at 1:59:02 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\HJT\HijackThis.exe
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iipffjwp.dll
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [d8bc325d] rundll32.exe "C:\WINDOWS\system32\qjjamakw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Aoum] "C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" -vt yazb
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qjjamakw.dll
C:\WINDOWS\system32\qjjamakw.dll NOT unregistered.
C:\WINDOWS\system32\qjjamakw.dll moved successfully.
C:\WINDOWS\system32\iipffjwp.dll unregistered successfully.
File move failed. C:\WINDOWS\system32\iipffjwp.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\epjstoel.dll unregistered successfully.
C:\WINDOWS\system32\epjstoel.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gebcdba.dll
C:\WINDOWS\system32\gebcdba.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\gebcdba.dll scheduled to be moved on reboot.
C:\Program Files\Tqhspmfc moved successfully.
C:\Program Files\E404 Helper moved successfully.
C:\Program Files\mfyludqj moved successfully.
C:\Program Files\Htqfbbdv moved successfully.
C:\WINDOWS\system32\syszp32.exe moved successfully.
Created on 10/27/2007 13:58:19
ComboFix 07-10-26.4 - Wilmer 2007-10-27 14:13:29.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.198 [GMT -4:00]
Running from: C:\Documents and Settings\Wilmer\My Documents\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Wilmer\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\iipffjwp.dllbox
C:\WINDOWS\system32\opqss.bak1
C:\WINDOWS\system32\opqss.ini
C:\WINDOWS\system32\ssqpo.dll
.
((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.
2007-10-27 13:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-27 12:06 340,032 --a------ C:\WINDOWS\system32\iipffjwp.dll
2007-10-26 16:27 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-10-26 16:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-26 16:26 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-10-25 20:54 34,816 --a------ C:\WINDOWS\system32\gebcdba.dll
2007-10-19 20:12 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-19 20:12 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-19 20:10 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-10-19 20:10 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-10-19 20:10 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-10-19 20:10 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-10-19 20:10 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-10-19 20:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-17 20:48 <DIR> d-------- C:\Program Files\RFA Explorer
2007-10-06 19:09 <DIR> d-------- C:\Documents and Settings\yourusername\.limewire
2007-10-03 19:43 <DIR> d-------- C:\Program Files\VSTplugins
2007-10-03 18:21 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-10-03 18:06 <DIR> d-------- C:\Program Files\Sony
2007-09-28 15:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-28 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2030-10-10 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2030-09-28 22:49 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ventrilo
2030-09-25 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-10-27 17:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-27 02:08 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-26 01:48 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\AVG7
2007-10-25 23:23 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\ZoomBrowser EX
2007-10-25 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-21 19:47 --------- d-----w C:\Program Files\EA GAMES
2007-10-20 00:22 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ahead
2007-10-20 00:10 --------- d-----w C:\Program Files\Ahead
2007-10-18 00:31 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-18 00:20 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\teamspeak2
2007-10-14 23:43 --------- d-----w C:\Program Files\Pacific Heroes
2007-10-09 20:45 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-10-06 23:04 --------- d-----w C:\Program Files\LimeWire
2007-10-03 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-10-03 22:12 --------- d-----w C:\Program Files\Sony Setup
2007-09-28 19:12 --------- d-----w C:\Program Files\QuickTime
2007-09-28 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-23 00:45 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\dvdcss
2007-09-19 00:11 --------- d-----w C:\Program Files\GoldWave
2007-09-18 23:47 138,752 ----a-w C:\WINDOWS\system32\sndvol32.exe
2007-09-17 00:30 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Xfire
2007-09-15 21:28 --------- d-s---w C:\Program Files\Xfire
2007-09-12 23:17 --------- d-----w C:\Program Files\PC Wizard 2007
2007-09-03 22:44 --------- d-----w C:\Program Files\MagicDVDRipper
2007-09-03 19:44 --------- d-----w C:\Program Files\Java
2007-09-01 00:56 --------- d-----w C:\Program Files\Coding Workshop Ringtone Converter
2007-09-01 00:38 --------- d-----w C:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo
2007-09-01 00:33 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\GetRightToGo
2007-08-31 17:02 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\IGN_DLM
2007-08-30 00:24 --------- d-----w C:\Program Files\Real
2007-08-30 00:22 --------- d-----w C:\Program Files\MSN Messenger
2007-08-29 03:37 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-27 17:05 --------- d-----w C:\Program Files\ReflexiveArcade
2007-08-27 16:56 --------- d-----w C:\Program Files\Common Files\DirectX
2007-08-27 16:55 --------- d-----w C:\Program Files\WarlockStudio
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-05-08 23:32 1,618 ----a-w C:\Program Files\hijackthis.log
2005-02-16 15:06 218,112 ----a-w C:\Program Files\HijackThis.exe
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0158DA9D-EC95-4D36-B804-2A146A0453B8}]
C:\WINDOWS\system32\jkhhe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
C:\Program Files\Tqhspmfc\vyzixswh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}]
C:\WINDOWS\system32\xxyxvwx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}]
2007-10-25 20:54 34816 --a------ C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-27 12:06 340032 --a------ C:\WINDOWS\system32\iipffjwp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D84CFCD7-EDE6-46F8-81AF-7713CCE70059}]
C:\WINDOWS\system32\yayxv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
C:\Program Files\E404 Helper\e404.v1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\iipffjwp.dll [2007-10-27 12:06 340032]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\iipffjwp.dll [2007-10-27 12:06 340032]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kkw_run.exe"="kkw_run.exe" [2005-12-15 16:00 C:\WINDOWS\system32\kkw_run.exe]
"kmw_run.exe"="kmw_run.exe" [2005-09-01 10:43 C:\WINDOWS\system32\kmw_run.exe]
"MSWheel"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
"d8bc325d"="C:\WINDOWS\system32\qjjamakw.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
"Aoum"="C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}"= C:\WINDOWS\system32\xxyxvwx.dll [ ]
"{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}"= C:\WINDOWS\system32\gebcdba.dll [2007-10-25 20:54 34816]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxurrq]
cbxurrq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcdba]
gebcdba.dll 2007-10-25 20:54 34816 C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iipffjwp]
iipffjwp.dll 2007-10-27 12:06 340032 C:\WINDOWS\system32\iipffjwp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjf32]
winbjf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxvwx]
xxyxvwx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\ssqpo
R1 SiSEsc;SISLIB_ESC;C:\WINDOWS\system32\sisesc.sys
R3 KKW_HID;Kensington HIDClass Filter Driver;C:\WINDOWS\system32\DRIVERS\KKW_HID.sys
R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
R3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys
S3 HwIOctl;HwIOctl;\??\C:\Documents and Settings\Ena\Desktop\HwIOctl.sys
S3 Memctl;Memctl;\??\C:\Documents and Settings\Ena\Desktop\Memctl.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 23:34:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 14:25:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-27 14:30:29 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-27 13:39
.
--- E O F ---
Ok, now delete the following files wit OTMoveIt
C:\WINDOWS\system32\iipffjwp.dll
C:\WINDOWS\system32\gebcdba.dll
C:\WINDOWS\system32\qjjamakw.dll
Post the report of it here with a new hijackthis log.
C:\WINDOWS\system32\iipffjwp.dll
C:\WINDOWS\system32\gebcdba.dll
C:\WINDOWS\system32\qjjamakw.dll
Post the report of it here with a new hijackthis log.
ok here they are
C:\WINDOWS\system32\iipffjwp.dll unregistered successfully.
File move failed. C:\WINDOWS\system32\iipffjwp.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gebcdba.dll
C:\WINDOWS\system32\gebcdba.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\gebcdba.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\qjjamakw.dll not found.
Created on 10/27/2007 15:06:47
Logfile of HijackThis v1.99.1
Scan saved at 3:14:33 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
O2 - BHO: (no name) - {0158DA9D-EC95-4D36-B804-2A146A0453B8} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Tqhspmfc\vyzixswh.dll (file missing)
O2 - BHO: (no name) - {3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935} - C:\WINDOWS\system32\xxyxvwx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04} - C:\WINDOWS\system32\gebcdba.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\iipffjwp.dll
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: (no name) - {D84CFCD7-EDE6-46F8-81AF-7713CCE70059} - C:\WINDOWS\system32\yayxv.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iipffjwp.dll
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [d8bc325d] rundll32.exe "C:\WINDOWS\system32\qjjamakw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Aoum] "C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" -vt yazb
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O20 - Winlogon Notify: cbxurrq - cbxurrq.dll (file missing)
O20 - Winlogon Notify: gebcdba - C:\WINDOWS\SYSTEM32\gebcdba.dll
O20 - Winlogon Notify: iipffjwp - C:\WINDOWS\SYSTEM32\iipffjwp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winbjf32 - winbjf32.dll (file missing)
O20 - Winlogon Notify: xxyxvwx - xxyxvwx.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
C:\WINDOWS\system32\iipffjwp.dll unregistered successfully.
File move failed. C:\WINDOWS\system32\iipffjwp.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gebcdba.dll
C:\WINDOWS\system32\gebcdba.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\gebcdba.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\qjjamakw.dll not found.
Created on 10/27/2007 15:06:47
Logfile of HijackThis v1.99.1
Scan saved at 3:14:33 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
O2 - BHO: (no name) - {0158DA9D-EC95-4D36-B804-2A146A0453B8} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Tqhspmfc\vyzixswh.dll (file missing)
O2 - BHO: (no name) - {3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935} - C:\WINDOWS\system32\xxyxvwx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04} - C:\WINDOWS\system32\gebcdba.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\iipffjwp.dll
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: (no name) - {D84CFCD7-EDE6-46F8-81AF-7713CCE70059} - C:\WINDOWS\system32\yayxv.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iipffjwp.dll
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [d8bc325d] rundll32.exe "C:\WINDOWS\system32\qjjamakw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Aoum] "C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" -vt yazb
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O20 - Winlogon Notify: cbxurrq - cbxurrq.dll (file missing)
O20 - Winlogon Notify: gebcdba - C:\WINDOWS\SYSTEM32\gebcdba.dll
O20 - Winlogon Notify: iipffjwp - C:\WINDOWS\SYSTEM32\iipffjwp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winbjf32 - winbjf32.dll (file missing)
O20 - Winlogon Notify: xxyxvwx - xxyxvwx.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
* Please open hijackthis and put a check next to the following:
O2 - BHO: (no name) - {0158DA9D-EC95-4D36-B804-2A146A0453B8} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Tqhspmfc\vyzixswh.dll (file missing)
O2 - BHO: (no name) - {3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935} - C:\WINDOWS\system32\xxyxvwx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04} - C:\WINDOWS\system32\gebcdba.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\iipffjwp.dll
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: (no name) - {D84CFCD7-EDE6-46F8-81AF-7713CCE70059} - C:\WINDOWS\system32\yayxv.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iipffjwp.dll
O4 - HKLM\..\Run: [d8bc325d] rundll32.exe "C:\WINDOWS\system32\qjjamakw.dll",b
O4 - HKCU\..\Run: [Aoum] "C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" -vt yazb
O20 - Winlogon Notify: cbxurrq - cbxurrq.dll (file missing)
O20 - Winlogon Notify: gebcdba - C:\WINDOWS\SYSTEM32\gebcdba.dll
O20 - Winlogon Notify: iipffjwp - C:\WINDOWS\SYSTEM32\iipffjwp.dll
O20 - Winlogon Notify: winbjf32 - winbjf32.dll (file missing)
O20 - Winlogon Notify: xxyxvwx - xxyxvwx.dll (file missing)
* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.
* Now delete the following files with OTMoveIt:
C:\WINDOWS\SYSTEM32\gebcdba.dll
C:\WINDOWS\SYSTEM32\iipffjwp.dll
* After that, reboot and post a new hijackthislog here with the log from OTMoveIt.
O2 - BHO: (no name) - {0158DA9D-EC95-4D36-B804-2A146A0453B8} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Tqhspmfc\vyzixswh.dll (file missing)
O2 - BHO: (no name) - {3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935} - C:\WINDOWS\system32\xxyxvwx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04} - C:\WINDOWS\system32\gebcdba.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\iipffjwp.dll
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: (no name) - {D84CFCD7-EDE6-46F8-81AF-7713CCE70059} - C:\WINDOWS\system32\yayxv.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iipffjwp.dll
O4 - HKLM\..\Run: [d8bc325d] rundll32.exe "C:\WINDOWS\system32\qjjamakw.dll",b
O4 - HKCU\..\Run: [Aoum] "C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" -vt yazb
O20 - Winlogon Notify: cbxurrq - cbxurrq.dll (file missing)
O20 - Winlogon Notify: gebcdba - C:\WINDOWS\SYSTEM32\gebcdba.dll
O20 - Winlogon Notify: iipffjwp - C:\WINDOWS\SYSTEM32\iipffjwp.dll
O20 - Winlogon Notify: winbjf32 - winbjf32.dll (file missing)
O20 - Winlogon Notify: xxyxvwx - xxyxvwx.dll (file missing)
* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.
* Now delete the following files with OTMoveIt:
C:\WINDOWS\SYSTEM32\gebcdba.dll
C:\WINDOWS\SYSTEM32\iipffjwp.dll
* After that, reboot and post a new hijackthislog here with the log from OTMoveIt.
ok man here are the logs
i still have 2 foreing icons on my desktop
Logfile of HijackThis v1.99.1
Scan saved at 3:31:23 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iipffjwp.dll
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [d8bc325d] rundll32.exe "C:\WINDOWS\system32\qjjamakw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Aoum] "C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" -vt yazb
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\gebcdba.dll
C:\WINDOWS\SYSTEM32\gebcdba.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\gebcdba.dll scheduled to be moved on reboot.
C:\WINDOWS\SYSTEM32\iipffjwp.dll unregistered successfully.
File move failed. C:\WINDOWS\SYSTEM32\iipffjwp.dll scheduled to be moved on reboot.
Created on 10/27/2007 15:35:59
i still have 2 foreing icons on my desktop
Logfile of HijackThis v1.99.1
Scan saved at 3:31:23 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iipffjwp.dll
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [d8bc325d] rundll32.exe "C:\WINDOWS\system32\qjjamakw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Aoum] "C:\DOCUME~1\Wilmer\MYDOCU~1\YSTEM~1\svchost.exe" -vt yazb
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\gebcdba.dll
C:\WINDOWS\SYSTEM32\gebcdba.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\gebcdba.dll scheduled to be moved on reboot.
C:\WINDOWS\SYSTEM32\iipffjwp.dll unregistered successfully.
File move failed. C:\WINDOWS\SYSTEM32\iipffjwp.dll scheduled to be moved on reboot.
Created on 10/27/2007 15:35:59
Hmm can I see a new hijackthis log with the newer version of hijackthis?
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:03:24 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\HJT\HiJackThis_v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {0158DA9D-EC95-4D36-B804-2A146A0453B8} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Tqhspmfc\vyzixswh.dll (file missing)
O2 - BHO: (no name) - {300A3773-DB19-4AF8-8E6D-F9573B2DA54B} - C:\WINDOWS\system32\cbayy.dll
O2 - BHO: (no name) - {3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935} - C:\WINDOWS\system32\xxyxvwx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04} - C:\WINDOWS\system32\gebcdba.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\iipffjwp.dll (file missing)
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: (no name) - {D84CFCD7-EDE6-46F8-81AF-7713CCE70059} - C:\WINDOWS\system32\yayxv.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iipffjwp.dll (file missing)
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O20 - Winlogon Notify: cbxurrq - cbxurrq.dll (file missing)
O20 - Winlogon Notify: gebcdba - C:\WINDOWS\SYSTEM32\gebcdba.dll
O20 - Winlogon Notify: iipffjwp - iipffjwp.dll (file missing)
O20 - Winlogon Notify: winbjf32 - winbjf32.dll (file missing)
O20 - Winlogon Notify: xxyxvwx - xxyxvwx.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
--
End of file - 5421 bytes
Scan saved at 4:03:24 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\HJT\HiJackThis_v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {0158DA9D-EC95-4D36-B804-2A146A0453B8} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Tqhspmfc\vyzixswh.dll (file missing)
O2 - BHO: (no name) - {300A3773-DB19-4AF8-8E6D-F9573B2DA54B} - C:\WINDOWS\system32\cbayy.dll
O2 - BHO: (no name) - {3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935} - C:\WINDOWS\system32\xxyxvwx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04} - C:\WINDOWS\system32\gebcdba.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\iipffjwp.dll (file missing)
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: (no name) - {D84CFCD7-EDE6-46F8-81AF-7713CCE70059} - C:\WINDOWS\system32\yayxv.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iipffjwp.dll (file missing)
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O20 - Winlogon Notify: cbxurrq - cbxurrq.dll (file missing)
O20 - Winlogon Notify: gebcdba - C:\WINDOWS\SYSTEM32\gebcdba.dll
O20 - Winlogon Notify: iipffjwp - iipffjwp.dll (file missing)
O20 - Winlogon Notify: winbjf32 - winbjf32.dll (file missing)
O20 - Winlogon Notify: xxyxvwx - xxyxvwx.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
--
End of file - 5421 bytes
ok..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:04 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\HJT\HiJackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iipffjwp.dll (file missing)
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
--
End of file - 3820 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:04 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\HJT\HiJackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iipffjwp.dll (file missing)
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
--
End of file - 3820 bytes
* Please open hijackthis and put a check next to the following:
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iipffjwp.dll (file missing)
* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.
* After that, post a new log from hijackthis and combofix here.
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iipffjwp.dll (file missing)
* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.
* After that, post a new log from hijackthis and combofix here.
ok here they are
ComboFix 07-10-26.4 - Wilmer 2007-10-27 16:49:33.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.234 [GMT -4:00]
Running from: C:\Documents and Settings\Wilmer\My Documents\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Wilmer\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\cbayy.dll
C:\WINDOWS\system32\iipffjwp.dllbox
C:\WINDOWS\system32\yyabc.bak1
C:\WINDOWS\system32\yyabc.ini
.
((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.
2007-10-27 13:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-26 16:27 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-10-26 16:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-26 16:26 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-10-25 20:54 34,816 --a------ C:\WINDOWS\system32\gebcdba.dll
2007-10-19 20:12 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-19 20:12 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-19 20:10 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-10-19 20:10 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-10-19 20:10 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-10-19 20:10 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-10-19 20:10 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-10-19 20:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-17 20:48 <DIR> d-------- C:\Program Files\RFA Explorer
2007-10-06 19:09 <DIR> d-------- C:\Documents and Settings\yourusername\.limewire
2007-10-03 19:43 <DIR> d-------- C:\Program Files\VSTplugins
2007-10-03 18:21 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-10-03 18:06 <DIR> d-------- C:\Program Files\Sony
2007-09-28 15:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-28 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2030-10-10 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2030-09-28 22:49 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ventrilo
2030-09-25 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-10-27 17:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-27 02:08 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-26 01:48 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\AVG7
2007-10-25 23:23 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\ZoomBrowser EX
2007-10-25 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-21 19:47 --------- d-----w C:\Program Files\EA GAMES
2007-10-20 00:22 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ahead
2007-10-20 00:10 --------- d-----w C:\Program Files\Ahead
2007-10-18 00:31 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-18 00:20 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\teamspeak2
2007-10-14 23:43 --------- d-----w C:\Program Files\Pacific Heroes
2007-10-09 20:45 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-10-06 23:04 --------- d-----w C:\Program Files\LimeWire
2007-10-03 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-10-03 22:12 --------- d-----w C:\Program Files\Sony Setup
2007-09-28 19:12 --------- d-----w C:\Program Files\QuickTime
2007-09-28 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-23 00:45 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\dvdcss
2007-09-18 23:47 138,752 ----a-w C:\WINDOWS\system32\sndvol32.exe
2007-09-17 00:30 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Xfire
2007-09-15 21:28 --------- d-s---w C:\Program Files\Xfire
2007-09-12 23:17 --------- d-----w C:\Program Files\PC Wizard 2007
2007-09-03 22:44 --------- d-----w C:\Program Files\MagicDVDRipper
2007-09-03 19:44 --------- d-----w C:\Program Files\Java
2007-09-01 00:56 --------- d-----w C:\Program Files\Coding Workshop Ringtone Converter
2007-09-01 00:38 --------- d-----w C:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo
2007-09-01 00:33 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\GetRightToGo
2007-08-31 17:02 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\IGN_DLM
2007-08-30 00:24 --------- d-----w C:\Program Files\Real
2007-08-30 00:22 --------- d-----w C:\Program Files\MSN Messenger
2007-08-29 03:37 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-27 17:05 --------- d-----w C:\Program Files\ReflexiveArcade
2007-08-27 16:56 --------- d-----w C:\Program Files\Common Files\DirectX
2007-08-27 16:55 --------- d-----w C:\Program Files\WarlockStudio
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-05-08 23:32 1,618 ----a-w C:\Program Files\hijackthis.log
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0158DA9D-EC95-4D36-B804-2A146A0453B8}]
C:\WINDOWS\system32\jkhhe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
C:\Program Files\Tqhspmfc\vyzixswh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}]
C:\WINDOWS\system32\xxyxvwx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}]
2007-10-25 20:54 34816 --a------ C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D84CFCD7-EDE6-46F8-81AF-7713CCE70059}]
C:\WINDOWS\system32\yayxv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
C:\Program Files\E404 Helper\e404.v1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kkw_run.exe"="kkw_run.exe" [2005-12-15 16:00 C:\WINDOWS\system32\kkw_run.exe]
"kmw_run.exe"="kmw_run.exe" [2005-09-01 10:43 C:\WINDOWS\system32\kmw_run.exe]
"MSWheel"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}"= C:\WINDOWS\system32\xxyxvwx.dll [ ]
"{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}"= C:\WINDOWS\system32\gebcdba.dll [2007-10-25 20:54 34816]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxurrq]
cbxurrq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcdba]
gebcdba.dll 2007-10-25 20:54 34816 C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iipffjwp]
iipffjwp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjf32]
winbjf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxvwx]
xxyxvwx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\cbayy.dll
R1 SiSEsc;SISLIB_ESC;C:\WINDOWS\system32\sisesc.sys
R3 KKW_HID;Kensington HIDClass Filter Driver;C:\WINDOWS\system32\DRIVERS\KKW_HID.sys
R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
R3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys
S3 HwIOctl;HwIOctl;\??\C:\Documents and Settings\Ena\Desktop\HwIOctl.sys
S3 Memctl;Memctl;\??\C:\Documents and Settings\Ena\Desktop\Memctl.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 23:34:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 17:02:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-27 17:06:38 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-27 14:30
C:\ComboFix3.txt ... 2007-10-27 13:39
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:11:46 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\HJT\HiJackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
--
End of file - 3731 bytes
ComboFix 07-10-26.4 - Wilmer 2007-10-27 16:49:33.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.234 [GMT -4:00]
Running from: C:\Documents and Settings\Wilmer\My Documents\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Wilmer\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\cbayy.dll
C:\WINDOWS\system32\iipffjwp.dllbox
C:\WINDOWS\system32\yyabc.bak1
C:\WINDOWS\system32\yyabc.ini
.
((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.
2007-10-27 13:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-26 16:27 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-10-26 16:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-26 16:26 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-10-25 20:54 34,816 --a------ C:\WINDOWS\system32\gebcdba.dll
2007-10-19 20:12 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-19 20:12 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-19 20:10 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-10-19 20:10 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-10-19 20:10 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-10-19 20:10 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-10-19 20:10 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-10-19 20:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-17 20:48 <DIR> d-------- C:\Program Files\RFA Explorer
2007-10-06 19:09 <DIR> d-------- C:\Documents and Settings\yourusername\.limewire
2007-10-03 19:43 <DIR> d-------- C:\Program Files\VSTplugins
2007-10-03 18:21 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-10-03 18:06 <DIR> d-------- C:\Program Files\Sony
2007-09-28 15:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-28 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2030-10-10 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2030-09-28 22:49 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ventrilo
2030-09-25 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-10-27 17:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-27 02:08 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-26 01:48 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\AVG7
2007-10-25 23:23 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\ZoomBrowser EX
2007-10-25 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-21 19:47 --------- d-----w C:\Program Files\EA GAMES
2007-10-20 00:22 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ahead
2007-10-20 00:10 --------- d-----w C:\Program Files\Ahead
2007-10-18 00:31 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-18 00:20 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\teamspeak2
2007-10-14 23:43 --------- d-----w C:\Program Files\Pacific Heroes
2007-10-09 20:45 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-10-06 23:04 --------- d-----w C:\Program Files\LimeWire
2007-10-03 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-10-03 22:12 --------- d-----w C:\Program Files\Sony Setup
2007-09-28 19:12 --------- d-----w C:\Program Files\QuickTime
2007-09-28 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-23 00:45 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\dvdcss
2007-09-18 23:47 138,752 ----a-w C:\WINDOWS\system32\sndvol32.exe
2007-09-17 00:30 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Xfire
2007-09-15 21:28 --------- d-s---w C:\Program Files\Xfire
2007-09-12 23:17 --------- d-----w C:\Program Files\PC Wizard 2007
2007-09-03 22:44 --------- d-----w C:\Program Files\MagicDVDRipper
2007-09-03 19:44 --------- d-----w C:\Program Files\Java
2007-09-01 00:56 --------- d-----w C:\Program Files\Coding Workshop Ringtone Converter
2007-09-01 00:38 --------- d-----w C:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo
2007-09-01 00:33 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\GetRightToGo
2007-08-31 17:02 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\IGN_DLM
2007-08-30 00:24 --------- d-----w C:\Program Files\Real
2007-08-30 00:22 --------- d-----w C:\Program Files\MSN Messenger
2007-08-29 03:37 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-27 17:05 --------- d-----w C:\Program Files\ReflexiveArcade
2007-08-27 16:56 --------- d-----w C:\Program Files\Common Files\DirectX
2007-08-27 16:55 --------- d-----w C:\Program Files\WarlockStudio
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-05-08 23:32 1,618 ----a-w C:\Program Files\hijackthis.log
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0158DA9D-EC95-4D36-B804-2A146A0453B8}]
C:\WINDOWS\system32\jkhhe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
C:\Program Files\Tqhspmfc\vyzixswh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}]
C:\WINDOWS\system32\xxyxvwx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}]
2007-10-25 20:54 34816 --a------ C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D84CFCD7-EDE6-46F8-81AF-7713CCE70059}]
C:\WINDOWS\system32\yayxv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
C:\Program Files\E404 Helper\e404.v1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kkw_run.exe"="kkw_run.exe" [2005-12-15 16:00 C:\WINDOWS\system32\kkw_run.exe]
"kmw_run.exe"="kmw_run.exe" [2005-09-01 10:43 C:\WINDOWS\system32\kmw_run.exe]
"MSWheel"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}"= C:\WINDOWS\system32\xxyxvwx.dll [ ]
"{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}"= C:\WINDOWS\system32\gebcdba.dll [2007-10-25 20:54 34816]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxurrq]
cbxurrq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcdba]
gebcdba.dll 2007-10-25 20:54 34816 C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iipffjwp]
iipffjwp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjf32]
winbjf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxvwx]
xxyxvwx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\cbayy.dll
R1 SiSEsc;SISLIB_ESC;C:\WINDOWS\system32\sisesc.sys
R3 KKW_HID;Kensington HIDClass Filter Driver;C:\WINDOWS\system32\DRIVERS\KKW_HID.sys
R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
R3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys
S3 HwIOctl;HwIOctl;\??\C:\Documents and Settings\Ena\Desktop\HwIOctl.sys
S3 Memctl;Memctl;\??\C:\Documents and Settings\Ena\Desktop\Memctl.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 23:34:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 17:02:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-27 17:06:38 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-27 14:30
C:\ComboFix3.txt ... 2007-10-27 13:39
.
--- E O F ---
ComboFix 07-10-26.4 - Wilmer 2007-10-27 16:49:33.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.234 [GMT -4:00]
Running from: C:\Documents and Settings\Wilmer\My Documents\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Wilmer\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\cbayy.dll
C:\WINDOWS\system32\iipffjwp.dllbox
C:\WINDOWS\system32\yyabc.bak1
C:\WINDOWS\system32\yyabc.ini
.
((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.
2007-10-27 13:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-26 16:27 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-10-26 16:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-26 16:26 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-10-25 20:54 34,816 --a------ C:\WINDOWS\system32\gebcdba.dll
2007-10-19 20:12 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-19 20:12 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-19 20:10 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-10-19 20:10 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-10-19 20:10 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-10-19 20:10 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-10-19 20:10 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-10-19 20:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-17 20:48 <DIR> d-------- C:\Program Files\RFA Explorer
2007-10-06 19:09 <DIR> d-------- C:\Documents and Settings\yourusername\.limewire
2007-10-03 19:43 <DIR> d-------- C:\Program Files\VSTplugins
2007-10-03 18:21 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-10-03 18:06 <DIR> d-------- C:\Program Files\Sony
2007-09-28 15:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-28 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2030-10-10 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2030-09-28 22:49 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ventrilo
2030-09-25 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-10-27 17:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-27 02:08 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-26 01:48 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\AVG7
2007-10-25 23:23 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\ZoomBrowser EX
2007-10-25 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-21 19:47 --------- d-----w C:\Program Files\EA GAMES
2007-10-20 00:22 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ahead
2007-10-20 00:10 --------- d-----w C:\Program Files\Ahead
2007-10-18 00:31 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-18 00:20 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\teamspeak2
2007-10-14 23:43 --------- d-----w C:\Program Files\Pacific Heroes
2007-10-09 20:45 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-10-06 23:04 --------- d-----w C:\Program Files\LimeWire
2007-10-03 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-10-03 22:12 --------- d-----w C:\Program Files\Sony Setup
2007-09-28 19:12 --------- d-----w C:\Program Files\QuickTime
2007-09-28 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-23 00:45 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\dvdcss
2007-09-18 23:47 138,752 ----a-w C:\WINDOWS\system32\sndvol32.exe
2007-09-17 00:30 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Xfire
2007-09-15 21:28 --------- d-s---w C:\Program Files\Xfire
2007-09-12 23:17 --------- d-----w C:\Program Files\PC Wizard 2007
2007-09-03 22:44 --------- d-----w C:\Program Files\MagicDVDRipper
2007-09-03 19:44 --------- d-----w C:\Program Files\Java
2007-09-01 00:56 --------- d-----w C:\Program Files\Coding Workshop Ringtone Converter
2007-09-01 00:38 --------- d-----w C:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo
2007-09-01 00:33 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\GetRightToGo
2007-08-31 17:02 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\IGN_DLM
2007-08-30 00:24 --------- d-----w C:\Program Files\Real
2007-08-30 00:22 --------- d-----w C:\Program Files\MSN Messenger
2007-08-29 03:37 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-27 17:05 --------- d-----w C:\Program Files\ReflexiveArcade
2007-08-27 16:56 --------- d-----w C:\Program Files\Common Files\DirectX
2007-08-27 16:55 --------- d-----w C:\Program Files\WarlockStudio
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-05-08 23:32 1,618 ----a-w C:\Program Files\hijackthis.log
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0158DA9D-EC95-4D36-B804-2A146A0453B8}]
C:\WINDOWS\system32\jkhhe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
C:\Program Files\Tqhspmfc\vyzixswh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}]
C:\WINDOWS\system32\xxyxvwx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}]
2007-10-25 20:54 34816 --a------ C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D84CFCD7-EDE6-46F8-81AF-7713CCE70059}]
C:\WINDOWS\system32\yayxv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
C:\Program Files\E404 Helper\e404.v1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kkw_run.exe"="kkw_run.exe" [2005-12-15 16:00 C:\WINDOWS\system32\kkw_run.exe]
"kmw_run.exe"="kmw_run.exe" [2005-09-01 10:43 C:\WINDOWS\system32\kmw_run.exe]
"MSWheel"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}"= C:\WINDOWS\system32\xxyxvwx.dll [ ]
"{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}"= C:\WINDOWS\system32\gebcdba.dll [2007-10-25 20:54 34816]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxurrq]
cbxurrq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcdba]
gebcdba.dll 2007-10-25 20:54 34816 C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iipffjwp]
iipffjwp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjf32]
winbjf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxvwx]
xxyxvwx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\cbayy.dll
R1 SiSEsc;SISLIB_ESC;C:\WINDOWS\system32\sisesc.sys
R3 KKW_HID;Kensington HIDClass Filter Driver;C:\WINDOWS\system32\DRIVERS\KKW_HID.sys
R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
R3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys
S3 HwIOctl;HwIOctl;\??\C:\Documents and Settings\Ena\Desktop\HwIOctl.sys
S3 Memctl;Memctl;\??\C:\Documents and Settings\Ena\Desktop\Memctl.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 23:34:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 17:02:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-27 17:06:38 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-27 14:30
C:\ComboFix3.txt ... 2007-10-27 13:39
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:11:46 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\HJT\HiJackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
--
End of file - 3731 bytes
ComboFix 07-10-26.4 - Wilmer 2007-10-27 16:49:33.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.234 [GMT -4:00]
Running from: C:\Documents and Settings\Wilmer\My Documents\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Wilmer\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Wilmer\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\cbayy.dll
C:\WINDOWS\system32\iipffjwp.dllbox
C:\WINDOWS\system32\yyabc.bak1
C:\WINDOWS\system32\yyabc.ini
.
((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.
2007-10-27 13:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-26 16:27 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-10-26 16:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-26 16:26 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-10-25 20:54 34,816 --a------ C:\WINDOWS\system32\gebcdba.dll
2007-10-19 20:12 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-19 20:12 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-19 20:10 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-10-19 20:10 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-10-19 20:10 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-10-19 20:10 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-10-19 20:10 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-10-19 20:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-17 20:48 <DIR> d-------- C:\Program Files\RFA Explorer
2007-10-06 19:09 <DIR> d-------- C:\Documents and Settings\yourusername\.limewire
2007-10-03 19:43 <DIR> d-------- C:\Program Files\VSTplugins
2007-10-03 18:21 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-10-03 18:06 <DIR> d-------- C:\Program Files\Sony
2007-09-28 15:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-28 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2030-10-10 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2030-09-28 22:49 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ventrilo
2030-09-25 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-10-27 17:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-27 02:08 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-26 01:48 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\AVG7
2007-10-25 23:23 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\ZoomBrowser EX
2007-10-25 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-21 19:47 --------- d-----w C:\Program Files\EA GAMES
2007-10-20 00:22 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ahead
2007-10-20 00:10 --------- d-----w C:\Program Files\Ahead
2007-10-18 00:31 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-18 00:20 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\teamspeak2
2007-10-14 23:43 --------- d-----w C:\Program Files\Pacific Heroes
2007-10-09 20:45 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-10-06 23:04 --------- d-----w C:\Program Files\LimeWire
2007-10-03 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-10-03 22:12 --------- d-----w C:\Program Files\Sony Setup
2007-09-28 19:12 --------- d-----w C:\Program Files\QuickTime
2007-09-28 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-23 00:45 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\dvdcss
2007-09-18 23:47 138,752 ----a-w C:\WINDOWS\system32\sndvol32.exe
2007-09-17 00:30 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Xfire
2007-09-15 21:28 --------- d-s---w C:\Program Files\Xfire
2007-09-12 23:17 --------- d-----w C:\Program Files\PC Wizard 2007
2007-09-03 22:44 --------- d-----w C:\Program Files\MagicDVDRipper
2007-09-03 19:44 --------- d-----w C:\Program Files\Java
2007-09-01 00:56 --------- d-----w C:\Program Files\Coding Workshop Ringtone Converter
2007-09-01 00:38 --------- d-----w C:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo
2007-09-01 00:33 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\GetRightToGo
2007-08-31 17:02 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\IGN_DLM
2007-08-30 00:24 --------- d-----w C:\Program Files\Real
2007-08-30 00:22 --------- d-----w C:\Program Files\MSN Messenger
2007-08-29 03:37 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-27 17:05 --------- d-----w C:\Program Files\ReflexiveArcade
2007-08-27 16:56 --------- d-----w C:\Program Files\Common Files\DirectX
2007-08-27 16:55 --------- d-----w C:\Program Files\WarlockStudio
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-05-08 23:32 1,618 ----a-w C:\Program Files\hijackthis.log
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0158DA9D-EC95-4D36-B804-2A146A0453B8}]
C:\WINDOWS\system32\jkhhe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
C:\Program Files\Tqhspmfc\vyzixswh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}]
C:\WINDOWS\system32\xxyxvwx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}]
2007-10-25 20:54 34816 --a------ C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D84CFCD7-EDE6-46F8-81AF-7713CCE70059}]
C:\WINDOWS\system32\yayxv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
C:\Program Files\E404 Helper\e404.v1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kkw_run.exe"="kkw_run.exe" [2005-12-15 16:00 C:\WINDOWS\system32\kkw_run.exe]
"kmw_run.exe"="kmw_run.exe" [2005-09-01 10:43 C:\WINDOWS\system32\kmw_run.exe]
"MSWheel"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}"= C:\WINDOWS\system32\xxyxvwx.dll [ ]
"{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}"= C:\WINDOWS\system32\gebcdba.dll [2007-10-25 20:54 34816]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxurrq]
cbxurrq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcdba]
gebcdba.dll 2007-10-25 20:54 34816 C:\WINDOWS\system32\gebcdba.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iipffjwp]
iipffjwp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjf32]
winbjf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxvwx]
xxyxvwx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\cbayy.dll
R1 SiSEsc;SISLIB_ESC;C:\WINDOWS\system32\sisesc.sys
R3 KKW_HID;Kensington HIDClass Filter Driver;C:\WINDOWS\system32\DRIVERS\KKW_HID.sys
R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
R3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys
S3 HwIOctl;HwIOctl;\??\C:\Documents and Settings\Ena\Desktop\HwIOctl.sys
S3 Memctl;Memctl;\??\C:\Documents and Settings\Ena\Desktop\Memctl.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 23:34:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 17:02:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-27 17:06:38 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-27 14:30
C:\ComboFix3.txt ... 2007-10-27 13:39
.
--- E O F ---
Please download VundoFix.exe
to your desktop.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.
to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.
yeah tht happened to me
here are the logs
1.vundo
2.hijack
VundoFix V6.5.11
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 6:02:40 PM 10/27/2007
Listing files found while scanning....
C:\windows\system32\gebcdba.dll
Beginning removal...
Attempting to delete C:\windows\system32\gebcdba.dll
C:\windows\system32\gebcdba.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\gebcdba.dll
C:\windows\system32\gebcdba.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.5.11
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 6:23:25 PM 10/27/2007
Listing files found while scanning....
C:\windows\system32\gebcdba.dll
Beginning removal...
Attempting to delete C:\windows\system32\gebcdba.dll
C:\windows\system32\gebcdba.dll Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:34:49 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\HJT\HiJackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
--
End of file - 3700 bytes
here are the logs
1.vundo
2.hijack
VundoFix V6.5.11
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 6:02:40 PM 10/27/2007
Listing files found while scanning....
C:\windows\system32\gebcdba.dll
Beginning removal...
Attempting to delete C:\windows\system32\gebcdba.dll
C:\windows\system32\gebcdba.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\gebcdba.dll
C:\windows\system32\gebcdba.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.5.11
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 6:23:25 PM 10/27/2007
Listing files found while scanning....
C:\windows\system32\gebcdba.dll
Beginning removal...
Attempting to delete C:\windows\system32\gebcdba.dll
C:\windows\system32\gebcdba.dll Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:34:49 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\HJT\HiJackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
--
End of file - 3700 bytes
Ok, can I see a new log from combofix?
ok here it is mate
ComboFix 07-10-26.4 - Wilmer 2007-10-27 19:18:09.7 - NTFSx86
Running from: C:\Documents and Settings\Wilmer\My Documents\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\gebxy.dll
C:\WINDOWS\system32\yxbeg.bak1
C:\WINDOWS\system32\yxbeg.ini
.
((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.
2007-10-27 18:02 <DIR> d-------- C:\VundoFix Backups
2007-10-27 13:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-26 16:27 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-10-26 16:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-26 16:26 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-10-19 20:12 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-19 20:12 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-19 20:10 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-10-19 20:10 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-10-19 20:10 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-10-19 20:10 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-10-19 20:10 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-10-19 20:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-17 20:48 <DIR> d-------- C:\Program Files\RFA Explorer
2007-10-06 19:09 <DIR> d-------- C:\Documents and Settings\yourusername\.limewire
2007-10-03 19:43 <DIR> d-------- C:\Program Files\VSTplugins
2007-10-03 18:21 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-10-03 18:06 <DIR> d-------- C:\Program Files\Sony
2007-09-28 15:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-28 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2030-10-10 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2030-09-28 22:49 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ventrilo
2030-09-25 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-10-27 17:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-27 02:08 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-26 01:48 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\AVG7
2007-10-25 23:23 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\ZoomBrowser EX
2007-10-25 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-21 19:47 --------- d-----w C:\Program Files\EA GAMES
2007-10-20 00:22 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ahead
2007-10-20 00:10 --------- d-----w C:\Program Files\Ahead
2007-10-18 00:31 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-18 00:20 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\teamspeak2
2007-10-14 23:43 --------- d-----w C:\Program Files\Pacific Heroes
2007-10-09 20:45 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-10-06 23:04 --------- d-----w C:\Program Files\LimeWire
2007-10-03 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-10-03 22:12 --------- d-----w C:\Program Files\Sony Setup
2007-09-28 19:12 --------- d-----w C:\Program Files\QuickTime
2007-09-28 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-23 00:45 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\dvdcss
2007-09-17 00:30 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Xfire
2007-09-15 21:28 --------- d-s---w C:\Program Files\Xfire
2007-09-12 23:17 --------- d-----w C:\Program Files\PC Wizard 2007
2007-09-03 22:44 --------- d-----w C:\Program Files\MagicDVDRipper
2007-09-03 19:44 --------- d-----w C:\Program Files\Java
2007-09-01 00:56 --------- d-----w C:\Program Files\Coding Workshop Ringtone Converter
2007-09-01 00:38 --------- d-----w C:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo
2007-09-01 00:33 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\GetRightToGo
2007-08-31 17:02 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\IGN_DLM
2007-08-30 00:24 --------- d-----w C:\Program Files\Real
2007-08-30 00:22 --------- d-----w C:\Program Files\MSN Messenger
2007-08-29 03:37 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-27 17:05 --------- d-----w C:\Program Files\ReflexiveArcade
2007-08-27 16:56 --------- d-----w C:\Program Files\Common Files\DirectX
2007-08-27 16:55 --------- d-----w C:\Program Files\WarlockStudio
2007-05-08 23:32 1,618 ----a-w C:\Program Files\hijackthis.log
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0158DA9D-EC95-4D36-B804-2A146A0453B8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D84CFCD7-EDE6-46F8-81AF-7713CCE70059}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kkw_run.exe"="kkw_run.exe" [2005-12-15 16:00 C:\WINDOWS\system32\kkw_run.exe]
"kmw_run.exe"="kmw_run.exe" [2005-09-01 10:43 C:\WINDOWS\system32\kmw_run.exe]
"MSWheel"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxurrq]
cbxurrq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iipffjwp]
iipffjwp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjf32]
winbjf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxvwx]
xxyxvwx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebxy.dll
R1 SiSEsc;SISLIB_ESC;C:\WINDOWS\system32\sisesc.sys
R3 KKW_HID;Kensington HIDClass Filter Driver;C:\WINDOWS\system32\DRIVERS\KKW_HID.sys
R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
R3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys
S3 HwIOctl;HwIOctl;\??\C:\Documents and Settings\Ena\Desktop\HwIOctl.sys
S3 Memctl;Memctl;\??\C:\Documents and Settings\Ena\Desktop\Memctl.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 23:34:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 19:29:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-27 19:31:58 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-27 17:06
C:\ComboFix3.txt ... 2007-10-27 14:30
.
--- E O F ---
ComboFix 07-10-26.4 - Wilmer 2007-10-27 19:18:09.7 - NTFSx86
Running from: C:\Documents and Settings\Wilmer\My Documents\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\gebxy.dll
C:\WINDOWS\system32\yxbeg.bak1
C:\WINDOWS\system32\yxbeg.ini
.
((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.
2007-10-27 18:02 <DIR> d-------- C:\VundoFix Backups
2007-10-27 13:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-26 16:27 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-10-26 16:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-26 16:26 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-10-19 20:12 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-19 20:12 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-19 20:10 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-10-19 20:10 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-10-19 20:10 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-10-19 20:10 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-10-19 20:10 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-10-19 20:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-17 20:48 <DIR> d-------- C:\Program Files\RFA Explorer
2007-10-06 19:09 <DIR> d-------- C:\Documents and Settings\yourusername\.limewire
2007-10-03 19:43 <DIR> d-------- C:\Program Files\VSTplugins
2007-10-03 18:21 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-10-03 18:06 <DIR> d-------- C:\Program Files\Sony
2007-09-28 15:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-28 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2030-10-10 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2030-09-28 22:49 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ventrilo
2030-09-25 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-10-27 17:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-27 02:08 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-26 01:48 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\AVG7
2007-10-25 23:23 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\ZoomBrowser EX
2007-10-25 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-21 19:47 --------- d-----w C:\Program Files\EA GAMES
2007-10-20 00:22 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Ahead
2007-10-20 00:10 --------- d-----w C:\Program Files\Ahead
2007-10-18 00:31 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-18 00:20 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\teamspeak2
2007-10-14 23:43 --------- d-----w C:\Program Files\Pacific Heroes
2007-10-09 20:45 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-10-06 23:04 --------- d-----w C:\Program Files\LimeWire
2007-10-03 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-10-03 22:12 --------- d-----w C:\Program Files\Sony Setup
2007-09-28 19:12 --------- d-----w C:\Program Files\QuickTime
2007-09-28 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-23 00:45 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\dvdcss
2007-09-17 00:30 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\Xfire
2007-09-15 21:28 --------- d-s---w C:\Program Files\Xfire
2007-09-12 23:17 --------- d-----w C:\Program Files\PC Wizard 2007
2007-09-03 22:44 --------- d-----w C:\Program Files\MagicDVDRipper
2007-09-03 19:44 --------- d-----w C:\Program Files\Java
2007-09-01 00:56 --------- d-----w C:\Program Files\Coding Workshop Ringtone Converter
2007-09-01 00:38 --------- d-----w C:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo
2007-09-01 00:33 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\GetRightToGo
2007-08-31 17:02 --------- d-----w C:\Documents and Settings\Wilmer\Application Data\IGN_DLM
2007-08-30 00:24 --------- d-----w C:\Program Files\Real
2007-08-30 00:22 --------- d-----w C:\Program Files\MSN Messenger
2007-08-29 03:37 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-27 17:05 --------- d-----w C:\Program Files\ReflexiveArcade
2007-08-27 16:56 --------- d-----w C:\Program Files\Common Files\DirectX
2007-08-27 16:55 --------- d-----w C:\Program Files\WarlockStudio
2007-05-08 23:32 1,618 ----a-w C:\Program Files\hijackthis.log
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0158DA9D-EC95-4D36-B804-2A146A0453B8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D84CFCD7-EDE6-46F8-81AF-7713CCE70059}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kkw_run.exe"="kkw_run.exe" [2005-12-15 16:00 C:\WINDOWS\system32\kkw_run.exe]
"kmw_run.exe"="kmw_run.exe" [2005-09-01 10:43 C:\WINDOWS\system32\kmw_run.exe]
"MSWheel"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxurrq]
cbxurrq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iipffjwp]
iipffjwp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjf32]
winbjf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxvwx]
xxyxvwx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebxy.dll
R1 SiSEsc;SISLIB_ESC;C:\WINDOWS\system32\sisesc.sys
R3 KKW_HID;Kensington HIDClass Filter Driver;C:\WINDOWS\system32\DRIVERS\KKW_HID.sys
R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
R3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys
S3 HwIOctl;HwIOctl;\??\C:\Documents and Settings\Ena\Desktop\HwIOctl.sys
S3 Memctl;Memctl;\??\C:\Documents and Settings\Ena\Desktop\Memctl.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 23:34:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 19:29:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-27 19:31:58 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-27 17:06
C:\ComboFix3.txt ... 2007-10-27 14:30
.
--- E O F ---
Ok, how is everything working?
SO FAR EVERYTHING IS REALLY GOOD IM NOT GETTING ANY ICONS IN MY SYSTEM TRAY
NO UNWATED ICONS ON DESKTOP
AND NO FAKE VIRUS ALERTS
THANK YOU SOOO MUCH FOR YOUR TIME
-could there be a possibility that what ever i had can come back???
NO UNWATED ICONS ON DESKTOP
AND NO FAKE VIRUS ALERTS
THANK YOU SOOO MUCH FOR YOUR TIME
-could there be a possibility that what ever i had can come back???
Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at Lavasoftsupport are to help you, for your sake we would rather not have repeat customers. 
1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.
Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.
2) In order to protect yourself against spyware, you should consider installing and running the following free programs:
Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.
Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.
SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.
SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.
Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.
3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.
5) Finally, consider maintaining a firewall. Some good free firewalls are ZoneAlarm, Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.
Please also read Tony Klein's excellent article: How I got Infected in the First Place
Hopefully this should take care of your problems! Good luck.
1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.
Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.
2) In order to protect yourself against spyware, you should consider installing and running the following free programs:
Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.
Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.
SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.
SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.
Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.
3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.
5) Finally, consider maintaining a firewall. Some good free firewalls are ZoneAlarm, Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.
Please also read Tony Klein's excellent article: How I got Infected in the First Place
Hopefully this should take care of your problems! Good luck.
ok thank you so much again
i already had firefox but now im not using IExplorer anymore
thanks a ton
i already had firefox but now im not using IExplorer anymore
thanks a ton
You're welcome.
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.
Everyone else please begin a New Topic.
Thank you !
If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.
Everyone else please begin a New Topic.
Thank you !
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.