 |  |  |  |  |  |  |  |
POS.tmp file and red X problem
Thread Solved |
I've read through some of the posts concerning this problem on this site and various others, i have the same problem and have done everything up to the HijackThis to heres my log for it. Help would be greatly appreciated 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:24 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joe\Desktop\VundoFix.exe
C:\Documents and Settings\Joe\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...lash/index.cfm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddccc.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {85594F16-82D4-D770-D545-FA1DF64740E6} - C:\WINDOWS\system32\cdbwufmd.dll (file missing)
O2 - BHO: (no name) - {95AEAB16-6382-300E-D826-3BE671F50894} - C:\WINDOWS\system32\ndsioc.dll (file missing)
O2 - BHO: {2a73dddb-2507-51aa-adf4-d8d35a365f5c} - {c5f563a5-3d8d-4fda-aa15-7052bddd37a2} - C:\WINDOWS\system32\uefhmbhl.dll
O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\vtutqol.dll (file missing)
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\pmnmkkl.dll (file missing)
O2 - BHO: (no name) - {EF09D2D8-F92D-4B4D-BA44-0B4061C84DEB} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: (no name) - {F53C2057-5043-4E19-97E8-11B918C1958A} - C:\WINDOWS\system32\mlljj.dll (file missing)
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\Run: [sysmtd32] C:\WINDOWS\system32\sysmtd32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [300e90f6] rundll32.exe "C:\WINDOWS\system32\juehpgae.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\RunServices: [ICQ Messenger] ICQLite.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Ajcfo] "C:\Documents and Settings\Joe\Application Data\?icrosoft.NET\s?chost.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.123.151.50:8081/VatDec.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: ddayv - C:\WINDOWS\system32\ddayv.dll (file missing)
O20 - Winlogon Notify: pmnmkkl - pmnmkkl.dll (file missing)
O20 - Winlogon Notify: vtutqol - vtutqol.dll (file missing)
O20 - Winlogon Notify: zavhuwbp - zavhuwbp.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\xgrxgpgi.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.thefirst4.com/images/algonquin_cup.jpg
--
End of file - 9435 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:24 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joe\Desktop\VundoFix.exe
C:\Documents and Settings\Joe\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...lash/index.cfm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddccc.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {85594F16-82D4-D770-D545-FA1DF64740E6} - C:\WINDOWS\system32\cdbwufmd.dll (file missing)
O2 - BHO: (no name) - {95AEAB16-6382-300E-D826-3BE671F50894} - C:\WINDOWS\system32\ndsioc.dll (file missing)
O2 - BHO: {2a73dddb-2507-51aa-adf4-d8d35a365f5c} - {c5f563a5-3d8d-4fda-aa15-7052bddd37a2} - C:\WINDOWS\system32\uefhmbhl.dll
O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\vtutqol.dll (file missing)
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\pmnmkkl.dll (file missing)
O2 - BHO: (no name) - {EF09D2D8-F92D-4B4D-BA44-0B4061C84DEB} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: (no name) - {F53C2057-5043-4E19-97E8-11B918C1958A} - C:\WINDOWS\system32\mlljj.dll (file missing)
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\Run: [sysmtd32] C:\WINDOWS\system32\sysmtd32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [300e90f6] rundll32.exe "C:\WINDOWS\system32\juehpgae.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\RunServices: [ICQ Messenger] ICQLite.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Ajcfo] "C:\Documents and Settings\Joe\Application Data\?icrosoft.NET\s?chost.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.123.151.50:8081/VatDec.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: ddayv - C:\WINDOWS\system32\ddayv.dll (file missing)
O20 - Winlogon Notify: pmnmkkl - pmnmkkl.dll (file missing)
O20 - Winlogon Notify: vtutqol - vtutqol.dll (file missing)
O20 - Winlogon Notify: zavhuwbp - zavhuwbp.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\xgrxgpgi.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.thefirst4.com/images/algonquin_cup.jpg
--
End of file - 9435 bytes
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation: 
Solved Threads: 754
Hi and welcome to the Daniweb forums .
Please download ComboFix by sUBs from HERE or HERE
Do not mouse-click combofix's window while it is running. That may cause it to stall.
* Re-enable all the programs that were disabled prior to the running of ComboFix.
* Post the following logs/Reports:
.Please download ComboFix by sUBs from HERE or HERE
- Save it to your Desktop
- Physically disconnect from the internet.
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
- Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.
••••"%userprofile%\desktop\ComboFix.exe" /KillAll
- Click OK and this will start ComboFix.
- When finished, it will produce a log. Please save that log to a Notepad File and include it in your next reply along with a fresh HJT log.
Do not mouse-click combofix's window while it is running. That may cause it to stall.
* Re-enable all the programs that were disabled prior to the running of ComboFix.
* Post the following logs/Reports:
- ComboFix.txt
- Fresh HijackThis log run after all the other tools have performed their cleanup.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Ok here are both logs, Combofix first and Hijackthis second.
ComboFix 08-02-17.2 - Joe 2008-02-17 10:46:48.2 - NTFSx86
Running from: C:\Documents and Settings\Joe\desktop\ComboFix.exe
Command switches used :: /KillAll
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.
2008-02-16 22:47 . 2008-02-16 22:47 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\ErrorKiller
2008-02-16 22:46 . 2008-02-16 22:51 <DIR> d-------- C:\Program Files\ErrorKiller
2008-02-16 14:11 . 2008-02-16 14:56 <DIR> d----c--- C:\VundoFix Backups
2008-02-11 19:17 . 2008-02-11 19:17 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\acccore
2008-02-11 19:12 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-11 19:11 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\AIM6
2008-02-11 19:11 . 2008-02-11 19:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-11 18:30 . 2004-08-04 03:56 116,224 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-02-11 18:30 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-02-11 18:30 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-02-11 18:30 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-02-11 18:30 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-02-11 18:30 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-02-11 18:30 . 2004-08-04 03:56 8,192 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-02-11 18:30 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-02-11 18:28 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2008-02-11 18:27 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-02-11 18:26 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-02-11 18:25 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
2008-02-11 18:24 . 2002-08-29 05:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-02-11 18:23 . 2002-08-29 05:00 1,158,818 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
2008-02-11 18:22 . 2002-08-29 05:00 471,102 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imskdic.dll
2008-02-11 18:21 . 2002-08-29 05:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-02-11 18:20 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-02-11 18:19 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\el656ct5.sys
2008-02-11 18:18 . 2001-08-17 12:20 334,208 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ds1wdm.sys
2008-02-11 18:18 . 2004-08-04 01:58 207,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4.sys
2008-02-11 18:18 . 2001-08-17 12:11 29,696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dm9pci5.sys
2008-02-11 18:18 . 2001-08-17 12:12 28,062 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dp83820.sys
2008-02-11 18:18 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4usb.sys
2008-02-11 18:18 . 2004-08-04 03:56 20,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dshowext.ax
2008-02-11 18:18 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4prt.sys
2008-02-11 18:18 . 2001-08-17 13:47 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4scan.sys
2008-02-11 18:16 . 2002-08-29 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-02-11 18:15 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-02-11 18:14 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
2008-02-10 21:41 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-02-10 21:12 . 2008-02-17 10:45 7,790 --a--c--- C:\logfile
2008-02-10 21:02 . 2008-02-10 21:02 <DIR> d-------- C:\Program Files\Disney
2008-02-09 22:38 . 2008-02-09 22:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-07 06:55 . 2008-02-07 06:55 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-03 23:37 . 2008-02-03 23:37 <DIR> d-------- C:\Program Files\WinSCP
2008-01-20 10:56 . 2008-01-20 10:56 <DIR> d-------- C:\Program Files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 15:53 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-12 00:06 --------- d-----w C:\Program Files\VideoLAN
2008-02-11 23:27 --------- d-----w C:\Program Files\AIM
2008-02-11 23:26 --------- d-----w C:\Documents and Settings\Joe\Application Data\Aim
2008-02-09 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 01:56 --------- d-----w C:\Documents and Settings\Joe\Application Data\AdobeUM
2008-01-27 05:31 --------- d-----w C:\Program Files\DivX
2008-01-20 15:55 --------- d-----w C:\Program Files\Real
2008-01-20 15:55 --------- d-----w C:\Program Files\Common Files\Real
2008-01-15 23:19 --------- d-----w C:\Documents and Settings\Joe\Application Data\vlc
2008-01-11 01:26 --------- d-----w C:\Program Files\QuickTime
2008-01-11 01:24 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-11 01:24 --------- d-----w C:\Program Files\iTunes
2008-01-11 01:24 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-01-11 01:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-08 03:37 --------- d-----w C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-01-08 03:26 --------- d-----w C:\Program Files\Google
2008-01-08 03:21 --------- d-----w C:\Program Files\iPod
2008-01-08 01:58 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-08 01:55 --------- d-----w C:\Program Files\AIM+
2008-01-08 01:42 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 01:17 --------- d-----w C:\Program Files\Analog Devices
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2004-08-04 07:56 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2006-03-06 12:56 567,958 --sha-w C:\WINDOWS\SYSTEM32\qtutv.bak1
2006-03-07 12:57 569,769 --sha-w C:\WINDOWS\SYSTEM32\qtutv.bak2
2006-03-07 20:25 572,447 --sha-w C:\WINDOWS\SYSTEM32\qtutv.ini2
2006-07-31 07:02 1,270,079 --sha-w C:\WINDOWS\SYSTEM32\vyadd.bak1
2006-07-31 20:18 1,097,190 --sha-w C:\WINDOWS\SYSTEM32\vyadd.bak2
2006-08-01 18:06 1,104,698 --sha-w C:\WINDOWS\SYSTEM32\vyadd.ini2
2005-07-29 21:24 472 --sha-r C:\WINDOWS\V2FsdGVyIEJyYWluZXJk\pZIPx3pVKHLVsq5RtrL4.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85594F16-82D4-D770-D545-FA1DF64740E6}]
C:\WINDOWS\system32\cdbwufmd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95AEAB16-6382-300E-D826-3BE671F50894}]
C:\WINDOWS\system32\ndsioc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5f563a5-3d8d-4fda-aa15-7052bddd37a2}]
C:\WINDOWS\system32\uefhmbhl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF09D2D8-F92D-4B4D-BA44-0B4061C84DEB}]
C:\WINDOWS\system32\ddccc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F53C2057-5043-4E19-97E8-11B918C1958A}]
C:\WINDOWS\system32\mlljj.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"Ajcfo"="C:\Documents and Settings\Joe\Application Data\?icrosoft.NET\s?chost.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-11 22:25 221184]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2008-01-11 22:25 28672]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2008-01-11 22:25 204800]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-11 22:25 110592]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [ ]
"BuildBU"="c:\dell\bldbubg.exe" [2008-01-11 22:25 61440]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2008-01-11 22:25 270336]
"AOL Messenger"="aolmsngr.exe" []
"sysmtd32"="C:\WINDOWS\system32\sysmtd32.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2008-01-11 22:25 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-11 22:25 67184]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2008-01-11 22:25 120640]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2008-01-11 22:25 124520]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2008-01-11 22:25 217088]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-11 22:25 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-11 22:25 114688]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-01-10 20:26 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-11 22:25 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-20 10:55 185896]
"300e90f6"="C:\WINDOWS\system32\juehpgae.dll" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"AOL Messenger"="aolmsngr.exe" []
"ICQ Messenger"="ICQLite.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayv]
C:\WINDOWS\system32\ddayv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmkkl]
pmnmkkl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutqol]
vtutqol.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zavhuwbp]
zavhuwbp.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdTools Service]
C:\Program Files\AdTools Service\AdTools.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
C:\Program Files\rdso\eetu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-03-15 01:04 122933 C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g396di86]
C:\WINDOWS\system32\g396di86.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-01-11 22:25 114688 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I/O Controllers]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Messenger]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-01-11 22:25 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pqx]
C:\WINDOWS\pqx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preview AdService]
C:\Program Files\Preview AdService\PrevAdServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\q76g3EW]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tkgtp]
--a------ 2004-08-04 02:56 24576 C:\WINDOWS\system32\??erinit.exe
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S2 DP1112;DP1112;C:\WINDOWS\system32\Drivers\DP.sys []
S2 DVC150;DVC 150B;C:\WINDOWS\system32\Drivers\dvc150b.sys [2003-11-04 15:56]
S3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-19 04:44]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 04:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 18:16:18 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-17 08:30:00 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.ex
- C:\Program Files\ErrorKiller
"2008-02-17 15:56:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 10:54:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
AOL Messenger = aolmsngr.exe?
ICQ Messenger = ICQLite.exe?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-17 11:05:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 16:05:49
ComboFix2.txt 2008-02-17 04:15:26
.
2008-02-14 21:16:39 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06, on 2008-02-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Joe\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...lash/index.cfm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {85594F16-82D4-D770-D545-FA1DF64740E6} - C:\WINDOWS\system32\cdbwufmd.dll (file missing)
O2 - BHO: (no name) - {95AEAB16-6382-300E-D826-3BE671F50894} - C:\WINDOWS\system32\ndsioc.dll (file missing)
O2 - BHO: {2a73dddb-2507-51aa-adf4-d8d35a365f5c} - {c5f563a5-3d8d-4fda-aa15-7052bddd37a2} - C:\WINDOWS\system32\uefhmbhl.dll (file missing)
O2 - BHO: (no name) - {EF09D2D8-F92D-4B4D-BA44-0B4061C84DEB} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: (no name) - {F53C2057-5043-4E19-97E8-11B918C1958A} - C:\WINDOWS\system32\mlljj.dll (file missing)
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\Run: [sysmtd32] C:\WINDOWS\system32\sysmtd32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [300e90f6] rundll32.exe "C:\WINDOWS\system32\juehpgae.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\RunServices: [ICQ Messenger] ICQLite.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Ajcfo] "C:\Documents and Settings\Joe\Application Data\?icrosoft.NET\s?chost.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.123.151.50:8081/VatDec.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: ddayv - C:\WINDOWS\system32\ddayv.dll (file missing)
O20 - Winlogon Notify: pmnmkkl - pmnmkkl.dll (file missing)
O20 - Winlogon Notify: vtutqol - vtutqol.dll (file missing)
O20 - Winlogon Notify: zavhuwbp - zavhuwbp.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.thefirst4.com/images/algonquin_cup.jpg
--
End of file - 8739 bytes
ComboFix 08-02-17.2 - Joe 2008-02-17 10:46:48.2 - NTFSx86
Running from: C:\Documents and Settings\Joe\desktop\ComboFix.exe
Command switches used :: /KillAll
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.
2008-02-16 22:47 . 2008-02-16 22:47 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\ErrorKiller
2008-02-16 22:46 . 2008-02-16 22:51 <DIR> d-------- C:\Program Files\ErrorKiller
2008-02-16 14:11 . 2008-02-16 14:56 <DIR> d----c--- C:\VundoFix Backups
2008-02-11 19:17 . 2008-02-11 19:17 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\acccore
2008-02-11 19:12 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-11 19:11 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\AIM6
2008-02-11 19:11 . 2008-02-11 19:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-11 18:30 . 2004-08-04 03:56 116,224 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-02-11 18:30 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-02-11 18:30 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-02-11 18:30 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-02-11 18:30 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-02-11 18:30 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-02-11 18:30 . 2004-08-04 03:56 8,192 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-02-11 18:30 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-02-11 18:28 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2008-02-11 18:27 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-02-11 18:26 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-02-11 18:25 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
2008-02-11 18:24 . 2002-08-29 05:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-02-11 18:23 . 2002-08-29 05:00 1,158,818 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
2008-02-11 18:22 . 2002-08-29 05:00 471,102 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imskdic.dll
2008-02-11 18:21 . 2002-08-29 05:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-02-11 18:20 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-02-11 18:19 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\el656ct5.sys
2008-02-11 18:18 . 2001-08-17 12:20 334,208 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ds1wdm.sys
2008-02-11 18:18 . 2004-08-04 01:58 207,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4.sys
2008-02-11 18:18 . 2001-08-17 12:11 29,696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dm9pci5.sys
2008-02-11 18:18 . 2001-08-17 12:12 28,062 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dp83820.sys
2008-02-11 18:18 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4usb.sys
2008-02-11 18:18 . 2004-08-04 03:56 20,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dshowext.ax
2008-02-11 18:18 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4prt.sys
2008-02-11 18:18 . 2001-08-17 13:47 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4scan.sys
2008-02-11 18:16 . 2002-08-29 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-02-11 18:15 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-02-11 18:14 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
2008-02-10 21:41 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-02-10 21:12 . 2008-02-17 10:45 7,790 --a--c--- C:\logfile
2008-02-10 21:02 . 2008-02-10 21:02 <DIR> d-------- C:\Program Files\Disney
2008-02-09 22:38 . 2008-02-09 22:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-07 06:55 . 2008-02-07 06:55 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-03 23:37 . 2008-02-03 23:37 <DIR> d-------- C:\Program Files\WinSCP
2008-01-20 10:56 . 2008-01-20 10:56 <DIR> d-------- C:\Program Files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 15:53 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-12 00:06 --------- d-----w C:\Program Files\VideoLAN
2008-02-11 23:27 --------- d-----w C:\Program Files\AIM
2008-02-11 23:26 --------- d-----w C:\Documents and Settings\Joe\Application Data\Aim
2008-02-09 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 01:56 --------- d-----w C:\Documents and Settings\Joe\Application Data\AdobeUM
2008-01-27 05:31 --------- d-----w C:\Program Files\DivX
2008-01-20 15:55 --------- d-----w C:\Program Files\Real
2008-01-20 15:55 --------- d-----w C:\Program Files\Common Files\Real
2008-01-15 23:19 --------- d-----w C:\Documents and Settings\Joe\Application Data\vlc
2008-01-11 01:26 --------- d-----w C:\Program Files\QuickTime
2008-01-11 01:24 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-11 01:24 --------- d-----w C:\Program Files\iTunes
2008-01-11 01:24 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-01-11 01:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-08 03:37 --------- d-----w C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-01-08 03:26 --------- d-----w C:\Program Files\Google
2008-01-08 03:21 --------- d-----w C:\Program Files\iPod
2008-01-08 01:58 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-08 01:55 --------- d-----w C:\Program Files\AIM+
2008-01-08 01:42 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 01:17 --------- d-----w C:\Program Files\Analog Devices
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2004-08-04 07:56 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2006-03-06 12:56 567,958 --sha-w C:\WINDOWS\SYSTEM32\qtutv.bak1
2006-03-07 12:57 569,769 --sha-w C:\WINDOWS\SYSTEM32\qtutv.bak2
2006-03-07 20:25 572,447 --sha-w C:\WINDOWS\SYSTEM32\qtutv.ini2
2006-07-31 07:02 1,270,079 --sha-w C:\WINDOWS\SYSTEM32\vyadd.bak1
2006-07-31 20:18 1,097,190 --sha-w C:\WINDOWS\SYSTEM32\vyadd.bak2
2006-08-01 18:06 1,104,698 --sha-w C:\WINDOWS\SYSTEM32\vyadd.ini2
2005-07-29 21:24 472 --sha-r C:\WINDOWS\V2FsdGVyIEJyYWluZXJk\pZIPx3pVKHLVsq5RtrL4.vbs
.
<pre> -c--a-w 61,440 2008-01-11 01:25:38 C:\DELL\bldbubg .exe ----a-w 57,344 2008-01-11 01:25:40 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe ----a-w 67,160 2008-01-12 02:49:12 C:\Program Files\AIM\aim .exe ----a-w 50,760 2008-01-11 01:25:38 C:\Program Files\Common Files\AOL\1124400053\ee\AOLSoftware .exe ----a-w 124,520 2008-01-11 01:25:50 C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe ----a-w 110,592 2008-01-11 01:25:38 C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe ----a-w 67,184 2008-01-11 01:25:50 C:\Program Files\Common Files\Symantec Shared\ccApp .exe ----a-w 204,800 2008-01-11 01:25:28 C:\Program Files\Dell\Media Experience\PCMService .exe ----a-w 270,336 2008-01-11 01:25:38 C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe ----a-w 221,184 2008-01-11 01:25:27 C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe ----a-w 267,048 2008-01-11 01:26:13 C:\Program Files\iTunes\iTunesHelper .exe ----a-w 217,088 2008-01-11 01:26:01 C:\Program Files\Microsoft IntelliPoint\point32 .exe ----a-w 286,720 2008-01-11 01:26:03 C:\Program Files\QuickTime\QTTask .exe ----a-w 286,720 2008-01-12 05:27:28 C:\Program Files\QuickTime\QTTask .exe ----a-w 286,720 2008-01-12 05:27:29 C:\Program Files\QuickTime\QTTask .exe ----a-w 286,720 2008-01-12 05:27:31 C:\Program Files\QuickTime\QTTask .exe ----a-w 286,720 2008-01-12 05:27:32 C:\Program Files\QuickTime\QTTask .exe ----a-w 120,640 2008-01-11 01:25:51 C:\Program Files\Symantec AntiVirus\VPTray .exe ----a-w 28,672 2008-01-11 01:25:27 C:\WINDOWS\SYSTEM32\DSentry .exe ----a-w 114,688 2008-01-11 01:26:03 C:\WINDOWS\SYSTEM32\hkcmd .exe ----a-w 155,648 2008-01-11 01:26:07 C:\WINDOWS\SYSTEM32\igfxtray .exe </pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85594F16-82D4-D770-D545-FA1DF64740E6}]
C:\WINDOWS\system32\cdbwufmd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95AEAB16-6382-300E-D826-3BE671F50894}]
C:\WINDOWS\system32\ndsioc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5f563a5-3d8d-4fda-aa15-7052bddd37a2}]
C:\WINDOWS\system32\uefhmbhl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF09D2D8-F92D-4B4D-BA44-0B4061C84DEB}]
C:\WINDOWS\system32\ddccc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F53C2057-5043-4E19-97E8-11B918C1958A}]
C:\WINDOWS\system32\mlljj.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"Ajcfo"="C:\Documents and Settings\Joe\Application Data\?icrosoft.NET\s?chost.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-11 22:25 221184]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2008-01-11 22:25 28672]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2008-01-11 22:25 204800]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-11 22:25 110592]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [ ]
"BuildBU"="c:\dell\bldbubg.exe" [2008-01-11 22:25 61440]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2008-01-11 22:25 270336]
"AOL Messenger"="aolmsngr.exe" []
"sysmtd32"="C:\WINDOWS\system32\sysmtd32.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2008-01-11 22:25 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-11 22:25 67184]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2008-01-11 22:25 120640]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2008-01-11 22:25 124520]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2008-01-11 22:25 217088]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-11 22:25 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-11 22:25 114688]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-01-10 20:26 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-11 22:25 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-20 10:55 185896]
"300e90f6"="C:\WINDOWS\system32\juehpgae.dll" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"AOL Messenger"="aolmsngr.exe" []
"ICQ Messenger"="ICQLite.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayv]
C:\WINDOWS\system32\ddayv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmkkl]
pmnmkkl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutqol]
vtutqol.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zavhuwbp]
zavhuwbp.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdTools Service]
C:\Program Files\AdTools Service\AdTools.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
C:\Program Files\rdso\eetu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-03-15 01:04 122933 C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g396di86]
C:\WINDOWS\system32\g396di86.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-01-11 22:25 114688 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I/O Controllers]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Messenger]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-01-11 22:25 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pqx]
C:\WINDOWS\pqx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preview AdService]
C:\Program Files\Preview AdService\PrevAdServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\q76g3EW]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tkgtp]
--a------ 2004-08-04 02:56 24576 C:\WINDOWS\system32\??erinit.exe
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S2 DP1112;DP1112;C:\WINDOWS\system32\Drivers\DP.sys []
S2 DVC150;DVC 150B;C:\WINDOWS\system32\Drivers\dvc150b.sys [2003-11-04 15:56]
S3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-19 04:44]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 04:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 18:16:18 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-17 08:30:00 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.ex
- C:\Program Files\ErrorKiller
"2008-02-17 15:56:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 10:54:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
AOL Messenger = aolmsngr.exe?
ICQ Messenger = ICQLite.exe?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-17 11:05:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 16:05:49
ComboFix2.txt 2008-02-17 04:15:26
.
2008-02-14 21:16:39 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06, on 2008-02-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Joe\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...lash/index.cfm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {85594F16-82D4-D770-D545-FA1DF64740E6} - C:\WINDOWS\system32\cdbwufmd.dll (file missing)
O2 - BHO: (no name) - {95AEAB16-6382-300E-D826-3BE671F50894} - C:\WINDOWS\system32\ndsioc.dll (file missing)
O2 - BHO: {2a73dddb-2507-51aa-adf4-d8d35a365f5c} - {c5f563a5-3d8d-4fda-aa15-7052bddd37a2} - C:\WINDOWS\system32\uefhmbhl.dll (file missing)
O2 - BHO: (no name) - {EF09D2D8-F92D-4B4D-BA44-0B4061C84DEB} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: (no name) - {F53C2057-5043-4E19-97E8-11B918C1958A} - C:\WINDOWS\system32\mlljj.dll (file missing)
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\Run: [sysmtd32] C:\WINDOWS\system32\sysmtd32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [300e90f6] rundll32.exe "C:\WINDOWS\system32\juehpgae.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\RunServices: [ICQ Messenger] ICQLite.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Ajcfo] "C:\Documents and Settings\Joe\Application Data\?icrosoft.NET\s?chost.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.123.151.50:8081/VatDec.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: ddayv - C:\WINDOWS\system32\ddayv.dll (file missing)
O20 - Winlogon Notify: pmnmkkl - pmnmkkl.dll (file missing)
O20 - Winlogon Notify: vtutqol - vtutqol.dll (file missing)
O20 - Winlogon Notify: zavhuwbp - zavhuwbp.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.thefirst4.com/images/algonquin_cup.jpg
--
End of file - 8739 bytes
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation:
Solved Threads: 754
You bump after 2 hours ?? Thanks, you just got me out of bed.
Did you really have to run combofix twice? I wish I had a dollar for every person who failed to follow instructions. It makes it harder for the helper
.
1. Please open Notepad
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Save the above as CFScript.txt
4. Physically disconnect from the internet.
5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
http://i5.photobucket.com/albums/y15...1/CFScript.gif
7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
====================
Go into msconfig and enable all startups, apply the settings and ok out. Do not reboot. Do the hijackthis scan after doing that.
Go back into msconfig and change back to how it was and apply the settings and ok out.
====================
Don't bother bumping 'cos I am off to work and will not be home for another 12 hours.
Did you really have to run combofix twice? I wish I had a dollar for every person who failed to follow instructions. It makes it harder for the helper
.1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
•
•
•
•
KillAll::
RENV::
-c--a-w 61,440 2008-01-11 01:25:38 C:\DELL\bldbubg .exe
----a-w 57,344 2008-01-11 01:25:40 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
----a-w 67,160 2008-01-12 02:49:12 C:\Program Files\AIM\aim .exe
----a-w 50,760 2008-01-11 01:25:38 C:\Program Files\Common Files\AOL\1124400053\ee\AOLSoftware .exe
----a-w 124,520 2008-01-11 01:25:50 C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
----a-w 110,592 2008-01-11 01:25:38 C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w 67,184 2008-01-11 01:25:50 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 204,800 2008-01-11 01:25:28 C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w 270,336 2008-01-11 01:25:38 C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe
----a-w 221,184 2008-01-11 01:25:27 C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
----a-w 267,048 2008-01-11 01:26:13 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 217,088 2008-01-11 01:26:01 C:\Program Files\Microsoft IntelliPoint\point32 .exe
----a-w 286,720 2008-01-11 01:26:03 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-12 05:27:28 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-12 05:27:29 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-12 05:27:31 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-12 05:27:32 C:\Program Files\QuickTime\QTTask .exe
----a-w 120,640 2008-01-11 01:25:51 C:\Program Files\Symantec AntiVirus\VPTray .exe
----a-w 28,672 2008-01-11 01:25:27 C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w 114,688 2008-01-11 01:26:03 C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w 155,648 2008-01-11 01:26:07 C:\WINDOWS\SYSTEM32\igfxtray .exe
3. Save the above as CFScript.txt
4. Physically disconnect from the internet.
5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
http://i5.photobucket.com/albums/y15...1/CFScript.gif
7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
- Combofix.txt
- A new HijackThis log.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
====================
Go into msconfig and enable all startups, apply the settings and ok out. Do not reboot. Do the hijackthis scan after doing that.
Go back into msconfig and change back to how it was and apply the settings and ok out.
====================
Don't bother bumping 'cos I am off to work and will not be home for another 12 hours.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Hey sorry for bumping and waking you up 
this problem has just been annoying me for quite awhile and im anxious to get it fixed. but thank you so much for all the help you have provided so far. Here's the 2 logs you asked for.
ComboFix 08-02-17.2 - Joe 2008-02-17 15:12:30.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.297 [GMT -5:00]
Running from: C:\Documents and Settings\Joe\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joe\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.
2008-02-16 22:47 . 2008-02-16 22:47 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\ErrorKiller
2008-02-16 22:46 . 2008-02-16 22:51 <DIR> d-------- C:\Program Files\ErrorKiller
2008-02-16 14:11 . 2008-02-16 14:56 <DIR> d----c--- C:\VundoFix Backups
2008-02-11 19:17 . 2008-02-11 19:17 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\acccore
2008-02-11 19:12 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-11 19:11 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\AIM6
2008-02-11 19:11 . 2008-02-11 19:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-11 18:30 . 2004-08-04 03:56 116,224 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-02-11 18:30 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-02-11 18:30 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-02-11 18:30 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-02-11 18:30 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-02-11 18:30 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-02-11 18:30 . 2004-08-04 03:56 8,192 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-02-11 18:30 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-02-11 18:28 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2008-02-11 18:27 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-02-11 18:26 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-02-11 18:25 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
2008-02-11 18:24 . 2002-08-29 05:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-02-11 18:23 . 2002-08-29 05:00 1,158,818 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
2008-02-11 18:22 . 2002-08-29 05:00 471,102 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imskdic.dll
2008-02-11 18:21 . 2002-08-29 05:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-02-11 18:20 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-02-11 18:19 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\el656ct5.sys
2008-02-11 18:18 . 2001-08-17 12:20 334,208 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ds1wdm.sys
2008-02-11 18:18 . 2004-08-04 01:58 207,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4.sys
2008-02-11 18:18 . 2001-08-17 12:11 29,696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dm9pci5.sys
2008-02-11 18:18 . 2001-08-17 12:12 28,062 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dp83820.sys
2008-02-11 18:18 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4usb.sys
2008-02-11 18:18 . 2004-08-04 03:56 20,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dshowext.ax
2008-02-11 18:18 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4prt.sys
2008-02-11 18:18 . 2001-08-17 13:47 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4scan.sys
2008-02-11 18:16 . 2002-08-29 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-02-11 18:15 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-02-11 18:14 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
2008-02-10 21:41 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-02-10 21:12 . 2008-02-17 14:59 9,506 --a--c--- C:\logfile
2008-02-10 21:02 . 2008-02-10 21:02 <DIR> d-------- C:\Program Files\Disney
2008-02-09 22:38 . 2008-02-09 22:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-07 06:55 . 2008-02-07 06:55 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-03 23:37 . 2008-02-03 23:37 <DIR> d-------- C:\Program Files\WinSCP
2008-01-20 10:56 . 2008-01-20 10:56 <DIR> d-------- C:\Program Files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 20:19 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-12 00:06 --------- d-----w C:\Program Files\VideoLAN
2008-02-11 23:27 --------- d-----w C:\Program Files\AIM
2008-02-11 23:26 --------- d-----w C:\Documents and Settings\Joe\Application Data\Aim
2008-02-09 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 01:56 --------- d-----w C:\Documents and Settings\Joe\Application Data\AdobeUM
2008-01-27 05:31 --------- d-----w C:\Program Files\DivX
2008-01-20 15:55 --------- d-----w C:\Program Files\Real
2008-01-20 15:55 --------- d-----w C:\Program Files\Common Files\Real
2008-01-15 23:19 --------- d-----w C:\Documents and Settings\Joe\Application Data\vlc
2008-01-11 01:26 --------- d-----w C:\Program Files\QuickTime
2008-01-11 01:24 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-11 01:24 --------- d-----w C:\Program Files\iTunes
2008-01-11 01:24 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-01-11 01:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-08 03:37 --------- d-----w C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-01-08 03:26 --------- d-----w C:\Program Files\Google
2008-01-08 03:21 --------- d-----w C:\Program Files\iPod
2008-01-08 01:58 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-08 01:55 --------- d-----w C:\Program Files\AIM+
2008-01-08 01:42 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 01:17 --------- d-----w C:\Program Files\Analog Devices
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2004-08-04 07:56 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2006-03-06 12:56 567,958 --sha-w C:\WINDOWS\SYSTEM32\qtutv.bak1
2006-03-07 12:57 569,769 --sha-w C:\WINDOWS\SYSTEM32\qtutv.bak2
2006-03-07 20:25 572,447 --sha-w C:\WINDOWS\SYSTEM32\qtutv.ini2
2006-07-31 07:02 1,270,079 --sha-w C:\WINDOWS\SYSTEM32\vyadd.bak1
2006-07-31 20:18 1,097,190 --sha-w C:\WINDOWS\SYSTEM32\vyadd.bak2
2006-08-01 18:06 1,104,698 --sha-w C:\WINDOWS\SYSTEM32\vyadd.ini2
2005-07-29 21:24 472 --sha-r C:\WINDOWS\V2FsdGVyIEJyYWluZXJk\pZIPx3pVKHLVsq5RtrL4.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85594F16-82D4-D770-D545-FA1DF64740E6}]
C:\WINDOWS\system32\cdbwufmd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95AEAB16-6382-300E-D826-3BE671F50894}]
C:\WINDOWS\system32\ndsioc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5f563a5-3d8d-4fda-aa15-7052bddd37a2}]
C:\WINDOWS\system32\uefhmbhl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF09D2D8-F92D-4B4D-BA44-0B4061C84DEB}]
C:\WINDOWS\system32\ddccc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F53C2057-5043-4E19-97E8-11B918C1958A}]
C:\WINDOWS\system32\mlljj.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"Ajcfo"="C:\Documents and Settings\Joe\Application Data\?icrosoft.NET\s?chost.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-11 22:25 221184]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2008-01-11 22:25 28672]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2008-01-11 22:25 204800]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-11 22:25 110592]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [ ]
"BuildBU"="c:\dell\bldbubg.exe" [2008-01-10 20:25 61440]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2008-01-11 22:25 270336]
"AOL Messenger"="aolmsngr.exe" []
"sysmtd32"="C:\WINDOWS\system32\sysmtd32.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2008-01-11 22:25 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-11 22:25 67184]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2008-01-11 22:25 120640]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2008-01-11 22:25 124520]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2008-01-11 22:25 217088]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-11 22:25 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-11 22:25 114688]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-01-10 20:26 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-11 22:25 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-20 10:55 185896]
"300e90f6"="C:\WINDOWS\system32\juehpgae.dll" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"AOL Messenger"="aolmsngr.exe" []
"ICQ Messenger"="ICQLite.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayv]
C:\WINDOWS\system32\ddayv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmkkl]
pmnmkkl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutqol]
vtutqol.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zavhuwbp]
zavhuwbp.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdTools Service]
C:\Program Files\AdTools Service\AdTools.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
C:\Program Files\rdso\eetu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-03-15 01:04 122933 C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g396di86]
C:\WINDOWS\system32\g396di86.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-01-11 22:25 114688 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I/O Controllers]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Messenger]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-01-11 22:25 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pqx]
C:\WINDOWS\pqx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preview AdService]
C:\Program Files\Preview AdService\PrevAdServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\q76g3EW]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tkgtp]
--a------ 2004-08-04 02:56 24576 C:\WINDOWS\system32\??erinit.exe
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S2 DP1112;DP1112;C:\WINDOWS\system32\Drivers\DP.sys []
S2 DVC150;DVC 150B;C:\WINDOWS\system32\Drivers\dvc150b.sys [2003-11-04 15:56]
S3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-19 04:44]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 04:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 18:16:18 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-17 08:30:00 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.ex
- C:\Program Files\ErrorKiller
"2008-02-17 20:21:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 15:19:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
AOL Messenger = aolmsngr.exe?
ICQ Messenger = ICQLite.exe?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-17 15:30:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 20:30:19
ComboFix2.txt 2008-02-17 16:05:54
ComboFix3.txt 2008-02-17 04:15:26
.
2008-02-14 21:16:39 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20, on 2008-02-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Joe\Desktop\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...lash/index.cfm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {85594F16-82D4-D770-D545-FA1DF64740E6} - C:\WINDOWS\system32\cdbwufmd.dll (file missing)
O2 - BHO: (no name) - {95AEAB16-6382-300E-D826-3BE671F50894} - C:\WINDOWS\system32\ndsioc.dll (file missing)
O2 - BHO: {2a73dddb-2507-51aa-adf4-d8d35a365f5c} - {c5f563a5-3d8d-4fda-aa15-7052bddd37a2} - C:\WINDOWS\system32\uefhmbhl.dll (file missing)
O2 - BHO: (no name) - {EF09D2D8-F92D-4B4D-BA44-0B4061C84DEB} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: (no name) - {F53C2057-5043-4E19-97E8-11B918C1958A} - C:\WINDOWS\system32\mlljj.dll (file missing)
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\Run: [sysmtd32] C:\WINDOWS\system32\sysmtd32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [300e90f6] rundll32.exe "C:\WINDOWS\system32\juehpgae.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\RunServices: [ICQ Messenger] ICQLite.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Ajcfo] "C:\Documents and Settings\Joe\Application Data\?icrosoft.NET\s?chost.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.123.151.50:8081/VatDec.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: ddayv - C:\WINDOWS\system32\ddayv.dll (file missing)
O20 - Winlogon Notify: pmnmkkl - pmnmkkl.dll (file missing)
O20 - Winlogon Notify: vtutqol - vtutqol.dll (file missing)
O20 - Winlogon Notify: zavhuwbp - zavhuwbp.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.thefirst4.com/images/algonquin_cup.jpg
--
End of file - 8768 bytes
this problem has just been annoying me for quite awhile and im anxious to get it fixed. but thank you so much for all the help you have provided so far. Here's the 2 logs you asked for.ComboFix 08-02-17.2 - Joe 2008-02-17 15:12:30.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.297 [GMT -5:00]
Running from: C:\Documents and Settings\Joe\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joe\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.
2008-02-16 22:47 . 2008-02-16 22:47 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\ErrorKiller
2008-02-16 22:46 . 2008-02-16 22:51 <DIR> d-------- C:\Program Files\ErrorKiller
2008-02-16 14:11 . 2008-02-16 14:56 <DIR> d----c--- C:\VundoFix Backups
2008-02-11 19:17 . 2008-02-11 19:17 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\acccore
2008-02-11 19:12 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-11 19:11 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\AIM6
2008-02-11 19:11 . 2008-02-11 19:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-11 18:30 . 2004-08-04 03:56 116,224 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-02-11 18:30 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-02-11 18:30 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-02-11 18:30 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-02-11 18:30 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-02-11 18:30 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-02-11 18:30 . 2004-08-04 03:56 8,192 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-02-11 18:30 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-02-11 18:28 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2008-02-11 18:27 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-02-11 18:26 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-02-11 18:25 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
2008-02-11 18:24 . 2002-08-29 05:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-02-11 18:23 . 2002-08-29 05:00 1,158,818 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
2008-02-11 18:22 . 2002-08-29 05:00 471,102 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imskdic.dll
2008-02-11 18:21 . 2002-08-29 05:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-02-11 18:20 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-02-11 18:19 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\el656ct5.sys
2008-02-11 18:18 . 2001-08-17 12:20 334,208 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ds1wdm.sys
2008-02-11 18:18 . 2004-08-04 01:58 207,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4.sys
2008-02-11 18:18 . 2001-08-17 12:11 29,696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dm9pci5.sys
2008-02-11 18:18 . 2001-08-17 12:12 28,062 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dp83820.sys
2008-02-11 18:18 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4usb.sys
2008-02-11 18:18 . 2004-08-04 03:56 20,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dshowext.ax
2008-02-11 18:18 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4prt.sys
2008-02-11 18:18 . 2001-08-17 13:47 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4scan.sys
2008-02-11 18:16 . 2002-08-29 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-02-11 18:15 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-02-11 18:14 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
2008-02-10 21:41 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-02-10 21:12 . 2008-02-17 14:59 9,506 --a--c--- C:\logfile
2008-02-10 21:02 . 2008-02-10 21:02 <DIR> d-------- C:\Program Files\Disney
2008-02-09 22:38 . 2008-02-09 22:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-07 06:55 . 2008-02-07 06:55 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-03 23:37 . 2008-02-03 23:37 <DIR> d-------- C:\Program Files\WinSCP
2008-01-20 10:56 . 2008-01-20 10:56 <DIR> d-------- C:\Program Files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 20:19 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-12 00:06 --------- d-----w C:\Program Files\VideoLAN
2008-02-11 23:27 --------- d-----w C:\Program Files\AIM
2008-02-11 23:26 --------- d-----w C:\Documents and Settings\Joe\Application Data\Aim
2008-02-09 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 01:56 --------- d-----w C:\Documents and Settings\Joe\Application Data\AdobeUM
2008-01-27 05:31 --------- d-----w C:\Program Files\DivX
2008-01-20 15:55 --------- d-----w C:\Program Files\Real
2008-01-20 15:55 --------- d-----w C:\Program Files\Common Files\Real
2008-01-15 23:19 --------- d-----w C:\Documents and Settings\Joe\Application Data\vlc
2008-01-11 01:26 --------- d-----w C:\Program Files\QuickTime
2008-01-11 01:24 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-11 01:24 --------- d-----w C:\Program Files\iTunes
2008-01-11 01:24 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-01-11 01:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-08 03:37 --------- d-----w C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-01-08 03:26 --------- d-----w C:\Program Files\Google
2008-01-08 03:21 --------- d-----w C:\Program Files\iPod
2008-01-08 01:58 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-08 01:55 --------- d-----w C:\Program Files\AIM+
2008-01-08 01:42 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 01:17 --------- d-----w C:\Program Files\Analog Devices
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2004-08-04 07:56 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2006-03-06 12:56 567,958 --sha-w C:\WINDOWS\SYSTEM32\qtutv.bak1
2006-03-07 12:57 569,769 --sha-w C:\WINDOWS\SYSTEM32\qtutv.bak2
2006-03-07 20:25 572,447 --sha-w C:\WINDOWS\SYSTEM32\qtutv.ini2
2006-07-31 07:02 1,270,079 --sha-w C:\WINDOWS\SYSTEM32\vyadd.bak1
2006-07-31 20:18 1,097,190 --sha-w C:\WINDOWS\SYSTEM32\vyadd.bak2
2006-08-01 18:06 1,104,698 --sha-w C:\WINDOWS\SYSTEM32\vyadd.ini2
2005-07-29 21:24 472 --sha-r C:\WINDOWS\V2FsdGVyIEJyYWluZXJk\pZIPx3pVKHLVsq5RtrL4.vbs
.
<pre> ----a-w 57,344 2008-01-11 01:25:40 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe ----a-w 67,160 2008-01-12 02:49:12 C:\Program Files\AIM\aim .exe ----a-w 50,760 2008-01-11 01:25:38 C:\Program Files\Common Files\AOL\1124400053\ee\AOLSoftware .exe ----a-w 124,520 2008-01-11 01:25:50 C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe ----a-w 110,592 2008-01-11 01:25:38 C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe ----a-w 67,184 2008-01-11 01:25:50 C:\Program Files\Common Files\Symantec Shared\ccApp .exe ----a-w 204,800 2008-01-11 01:25:28 C:\Program Files\Dell\Media Experience\PCMService .exe ----a-w 270,336 2008-01-11 01:25:38 C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe ----a-w 221,184 2008-01-11 01:25:27 C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe ----a-w 267,048 2008-01-11 01:26:13 C:\Program Files\iTunes\iTunesHelper .exe ----a-w 217,088 2008-01-11 01:26:01 C:\Program Files\Microsoft IntelliPoint\point32 .exe ----a-w 286,720 2008-01-11 01:26:03 C:\Program Files\QuickTime\QTTask .exe ----a-w 286,720 2008-01-12 05:27:28 C:\Program Files\QuickTime\QTTask .exe ----a-w 286,720 2008-01-12 05:27:29 C:\Program Files\QuickTime\QTTask .exe ----a-w 286,720 2008-01-12 05:27:31 C:\Program Files\QuickTime\QTTask .exe ----a-w 286,720 2008-01-12 05:27:32 C:\Program Files\QuickTime\QTTask .exe ----a-w 120,640 2008-01-11 01:25:51 C:\Program Files\Symantec AntiVirus\VPTray .exe ----a-w 28,672 2008-01-11 01:25:27 C:\WINDOWS\SYSTEM32\DSentry .exe ----a-w 114,688 2008-01-11 01:26:03 C:\WINDOWS\SYSTEM32\hkcmd .exe ----a-w 155,648 2008-01-11 01:26:07 C:\WINDOWS\SYSTEM32\igfxtray .exe </pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85594F16-82D4-D770-D545-FA1DF64740E6}]
C:\WINDOWS\system32\cdbwufmd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95AEAB16-6382-300E-D826-3BE671F50894}]
C:\WINDOWS\system32\ndsioc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5f563a5-3d8d-4fda-aa15-7052bddd37a2}]
C:\WINDOWS\system32\uefhmbhl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF09D2D8-F92D-4B4D-BA44-0B4061C84DEB}]
C:\WINDOWS\system32\ddccc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F53C2057-5043-4E19-97E8-11B918C1958A}]
C:\WINDOWS\system32\mlljj.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"Ajcfo"="C:\Documents and Settings\Joe\Application Data\?icrosoft.NET\s?chost.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-11 22:25 221184]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2008-01-11 22:25 28672]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2008-01-11 22:25 204800]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-11 22:25 110592]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [ ]
"BuildBU"="c:\dell\bldbubg.exe" [2008-01-10 20:25 61440]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2008-01-11 22:25 270336]
"AOL Messenger"="aolmsngr.exe" []
"sysmtd32"="C:\WINDOWS\system32\sysmtd32.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2008-01-11 22:25 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-11 22:25 67184]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2008-01-11 22:25 120640]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2008-01-11 22:25 124520]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2008-01-11 22:25 217088]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-11 22:25 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-11 22:25 114688]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-01-10 20:26 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-11 22:25 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-20 10:55 185896]
"300e90f6"="C:\WINDOWS\system32\juehpgae.dll" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"AOL Messenger"="aolmsngr.exe" []
"ICQ Messenger"="ICQLite.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayv]
C:\WINDOWS\system32\ddayv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmkkl]
pmnmkkl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutqol]
vtutqol.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zavhuwbp]
zavhuwbp.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdTools Service]
C:\Program Files\AdTools Service\AdTools.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
C:\Program Files\rdso\eetu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-03-15 01:04 122933 C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g396di86]
C:\WINDOWS\system32\g396di86.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-01-11 22:25 114688 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I/O Controllers]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Messenger]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-01-11 22:25 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pqx]
C:\WINDOWS\pqx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preview AdService]
C:\Program Files\Preview AdService\PrevAdServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\q76g3EW]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tkgtp]
--a------ 2004-08-04 02:56 24576 C:\WINDOWS\system32\??erinit.exe
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S2 DP1112;DP1112;C:\WINDOWS\system32\Drivers\DP.sys []
S2 DVC150;DVC 150B;C:\WINDOWS\system32\Drivers\dvc150b.sys [2003-11-04 15:56]
S3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-19 04:44]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 04:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 18:16:18 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-17 08:30:00 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.ex
- C:\Program Files\ErrorKiller
"2008-02-17 20:21:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 15:19:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
AOL Messenger = aolmsngr.exe?
ICQ Messenger = ICQLite.exe?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-17 15:30:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 20:30:19
ComboFix2.txt 2008-02-17 16:05:54
ComboFix3.txt 2008-02-17 04:15:26
.
2008-02-14 21:16:39 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20, on 2008-02-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Joe\Desktop\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...lash/index.cfm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {85594F16-82D4-D770-D545-FA1DF64740E6} - C:\WINDOWS\system32\cdbwufmd.dll (file missing)
O2 - BHO: (no name) - {95AEAB16-6382-300E-D826-3BE671F50894} - C:\WINDOWS\system32\ndsioc.dll (file missing)
O2 - BHO: {2a73dddb-2507-51aa-adf4-d8d35a365f5c} - {c5f563a5-3d8d-4fda-aa15-7052bddd37a2} - C:\WINDOWS\system32\uefhmbhl.dll (file missing)
O2 - BHO: (no name) - {EF09D2D8-F92D-4B4D-BA44-0B4061C84DEB} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: (no name) - {F53C2057-5043-4E19-97E8-11B918C1958A} - C:\WINDOWS\system32\mlljj.dll (file missing)
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\Run: [sysmtd32] C:\WINDOWS\system32\sysmtd32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [300e90f6] rundll32.exe "C:\WINDOWS\system32\juehpgae.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\RunServices: [ICQ Messenger] ICQLite.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Ajcfo] "C:\Documents and Settings\Joe\Application Data\?icrosoft.NET\s?chost.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.123.151.50:8081/VatDec.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: ddayv - C:\WINDOWS\system32\ddayv.dll (file missing)
O20 - Winlogon Notify: pmnmkkl - pmnmkkl.dll (file missing)
O20 - Winlogon Notify: vtutqol - vtutqol.dll (file missing)
O20 - Winlogon Notify: zavhuwbp - zavhuwbp.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.thefirst4.com/images/algonquin_cup.jpg
--
End of file - 8768 bytes
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation:
Solved Threads: 754
A. Please RUN HijackThis
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Save the above as CFScript.txt
4. Physically disconnect from the internet.
5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
http://i5.photobucket.com/albums/y15...1/CFScript.gif
7. After reboot, (in case it asks to reboot), please re-enable all the programs that were disabled during the running of ComboFix then post the following reports/logs into your next reply:
- Click the SCAN button to produce a log.
- Place a check mark beside each one of the following items:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {85594F16-82D4-D770-D545-FA1DF64740E6} - C:\WINDOWS\system32\cdbwufmd.dll (file missing)
O2 - BHO: (no name) - {95AEAB16-6382-300E-D826-3BE671F50894} - C:\WINDOWS\system32\ndsioc.dll (file missing)
O2 - BHO: {2a73dddb-2507-51aa-adf4-d8d35a365f5c} - {c5f563a5-3d8d-4fda-aa15-7052bddd37a2} - C:\WINDOWS\system32\uefhmbhl.dll (file missing)
O2 - BHO: (no name) - {EF09D2D8-F92D-4B4D-BA44-0B4061C84DEB} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: (no name) - {F53C2057-5043-4E19-97E8-11B918C1958A} - C:\WINDOWS\system32\mlljj.dll (file missing)
O4 - HKLM\..\Run: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\Run: [sysmtd32] C:\WINDOWS\system32\sysmtd32.exe
O4 - HKLM\..\Run: [300e90f6] rundll32.exe "C:\WINDOWS\system32\juehpgae.dll",b
O4 - HKLM\..\RunServices: [AOL Messenger] aolmsngr.exe
O4 - HKCU\..\Run: [Ajcfo] "C:\Documents and Settings\Joe\Application Data\?icrosoft.NET\s?chost.exe"
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O20 - Winlogon Notify: ddayv - C:\WINDOWS\system32\ddayv.dll (file missing)
O20 - Winlogon Notify: pmnmkkl - pmnmkkl.dll (file missing)
O20 - Winlogon Notify: vtutqol - vtutqol.dll (file missing)
O20 - Winlogon Notify: zavhuwbp - zavhuwbp.dll (file missing)
- Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.
- Click Start , then Run
- Type notepad .exe in the Run Box.
•
•
•
•
KillAll::
File::
C:\WINDOWS\SYSTEM32\qtutv.bak1
C:\WINDOWS\SYSTEM32\qtutv.bak2
C:\WINDOWS\SYSTEM32\qtutv.ini2
C:\WINDOWS\SYSTEM32\vyadd.bak1
C:\WINDOWS\SYSTEM32\vyadd.bak2
C:\WINDOWS\SYSTEM32\vyadd.ini2
C:\WINDOWS\system32\juehpgae.dll
C:\WINDOWS\system32\sysmtd32.exe
Folder::
C:\WINDOWS\V2FsdGVyIEJyYWluZXJk
RENV::
----a-w 57,344 2008-01-11 01:25:40 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
----a-w 67,160 2008-01-12 02:49:12 C:\Program Files\AIM\aim .exe
----a-w 50,760 2008-01-11 01:25:38 C:\Program Files\Common Files\AOL\1124400053\ee\AOLSoftware .exe
----a-w 124,520 2008-01-11 01:25:50 C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
----a-w 110,592 2008-01-11 01:25:38 C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w 67,184 2008-01-11 01:25:50 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 204,800 2008-01-11 01:25:28 C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w 270,336 2008-01-11 01:25:38 C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe
----a-w 221,184 2008-01-11 01:25:27 C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
----a-w 267,048 2008-01-11 01:26:13 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 217,088 2008-01-11 01:26:01 C:\Program Files\Microsoft IntelliPoint\point32 .exe
----a-w 286,720 2008-01-11 01:26:03 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-12 05:27:28 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-12 05:27:29 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-12 05:27:31 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-12 05:27:32 C:\Program Files\QuickTime\QTTask .exe
----a-w 120,640 2008-01-11 01:25:51 C:\Program Files\Symantec AntiVirus\VPTray .exe
----a-w 28,672 2008-01-11 01:25:27 C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w 114,688 2008-01-11 01:26:03 C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w 155,648 2008-01-11 01:26:07 C:\WINDOWS\SYSTEM32\igfxtray .exe
3. Save the above as CFScript.txt
4. Physically disconnect from the internet.
5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
http://i5.photobucket.com/albums/y15...1/CFScript.gif
7. After reboot, (in case it asks to reboot), please re-enable all the programs that were disabled during the running of ComboFix then post the following reports/logs into your next reply:
- Combofix.txt
- A new HijackThis log.
Last edited by crunchie; Feb 18th, 2008 at 4:50 am.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
ComboFix 08-02-17.2 - Joe 2008-02-18 0:18:13.4 - NTFSx86
Running from: C:\Documents and Settings\Joe\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joe\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\juehpgae.dll
C:\WINDOWS\SYSTEM32\qtutv.bak1
C:\WINDOWS\SYSTEM32\qtutv.bak2
C:\WINDOWS\SYSTEM32\qtutv.ini2
C:\WINDOWS\system32\sysmtd32.exe
C:\WINDOWS\SYSTEM32\vyadd.bak1
C:\WINDOWS\SYSTEM32\vyadd.bak2
C:\WINDOWS\SYSTEM32\vyadd.ini2
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\SYSTEM32\qtutv.bak1
C:\WINDOWS\SYSTEM32\qtutv.bak2
C:\WINDOWS\SYSTEM32\qtutv.ini2
C:\WINDOWS\SYSTEM32\vyadd.bak1
C:\WINDOWS\SYSTEM32\vyadd.bak2
C:\WINDOWS\SYSTEM32\vyadd.ini2
C:\WINDOWS\V2FsdGVyIEJyYWluZXJk
C:\WINDOWS\V2FsdGVyIEJyYWluZXJk\pZIPx3pVKHLVsq5RtrL4.vbs
.
((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.
2008-02-16 22:47 . 2008-02-16 22:47 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\ErrorKiller
2008-02-16 22:46 . 2008-02-16 22:51 <DIR> d-------- C:\Program Files\ErrorKiller
2008-02-16 14:11 . 2008-02-16 14:56 <DIR> d----c--- C:\VundoFix Backups
2008-02-11 19:17 . 2008-02-11 19:17 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\acccore
2008-02-11 19:12 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-11 19:11 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\AIM6
2008-02-11 19:11 . 2008-02-11 19:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-11 18:30 . 2004-08-04 03:56 116,224 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-02-11 18:30 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-02-11 18:30 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-02-11 18:30 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-02-11 18:30 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-02-11 18:30 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-02-11 18:30 . 2004-08-04 03:56 8,192 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-02-11 18:30 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-02-11 18:28 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2008-02-11 18:27 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-02-11 18:26 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-02-11 18:25 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
2008-02-11 18:24 . 2002-08-29 05:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-02-11 18:23 . 2002-08-29 05:00 1,158,818 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
2008-02-11 18:22 . 2002-08-29 05:00 471,102 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imskdic.dll
2008-02-11 18:21 . 2002-08-29 05:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-02-11 18:20 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-02-11 18:19 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\el656ct5.sys
2008-02-11 18:18 . 2001-08-17 12:20 334,208 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ds1wdm.sys
2008-02-11 18:18 . 2004-08-04 01:58 207,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4.sys
2008-02-11 18:18 . 2001-08-17 12:11 29,696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dm9pci5.sys
2008-02-11 18:18 . 2001-08-17 12:12 28,062 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dp83820.sys
2008-02-11 18:18 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4usb.sys
2008-02-11 18:18 . 2004-08-04 03:56 20,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dshowext.ax
2008-02-11 18:18 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4prt.sys
2008-02-11 18:18 . 2001-08-17 13:47 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4scan.sys
2008-02-11 18:16 . 2002-08-29 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-02-11 18:15 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-02-11 18:14 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
2008-02-10 21:41 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-02-10 21:12 . 2008-02-18 00:01 12,293 --a--c--- C:\logfile
2008-02-10 21:02 . 2008-02-10 21:02 <DIR> d-------- C:\Program Files\Disney
2008-02-09 22:38 . 2008-02-09 22:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-07 06:55 . 2008-02-07 06:55 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-03 23:37 . 2008-02-03 23:37 <DIR> d-------- C:\Program Files\WinSCP
2008-01-20 10:56 . 2008-01-20 10:56 <DIR> d-------- C:\Program Files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 05:25 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-12 00:06 --------- d-----w C:\Program Files\VideoLAN
2008-02-11 23:27 --------- d-----w C:\Program Files\AIM
2008-02-11 23:26 --------- d-----w C:\Documents and Settings\Joe\Application Data\Aim
2008-02-09 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 01:56 --------- d-----w C:\Documents and Settings\Joe\Application Data\AdobeUM
2008-01-27 05:31 --------- d-----w C:\Program Files\DivX
2008-01-20 15:55 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
2008-01-20 15:55 --------- d-----w C:\Program Files\Real
2008-01-20 15:55 --------- d-----w C:\Program Files\Common Files\Real
2008-01-15 23:19 --------- d-----w C:\Documents and Settings\Joe\Application Data\vlc
2008-01-12 03:25 28,672 ----a-w C:\WINDOWS\SYSTEM32\DSentry.exe
2008-01-12 03:25 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-01-12 03:25 114,688 ----a-w C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-01-11 01:26 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray .exe
2008-01-11 01:26 114,688 ----a-w C:\WINDOWS\SYSTEM32\hkcmd .exe
2008-01-11 01:26 --------- d-----w C:\Program Files\QuickTime
2008-01-11 01:25 28,672 ----a-w C:\WINDOWS\SYSTEM32\DSentry .exe
2008-01-11 01:24 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-11 01:24 --------- d-----w C:\Program Files\iTunes
2008-01-11 01:24 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-01-11 01:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-08 03:37 --------- d-----w C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-01-08 03:26 --------- d-----w C:\Program Files\Google
2008-01-08 03:21 --------- d-----w C:\Program Files\iPod
2008-01-08 01:58 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-08 01:55 --------- d-----w C:\Program Files\AIM+
2008-01-08 01:42 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 01:17 --------- d-----w C:\Program Files\Analog Devices
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
2007-12-07 14:37 3,059,200 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-12-06 13:07 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\oleaut32.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2004-08-04 07:56 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tkgtp"="C:\WINDOWS\system32\??erinit.exe" [2004-08-04 02:56 24576]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"I/O Controllers"="svcnet.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2008-01-11 22:25 120640]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [ ]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-11 22:25 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-20 10:55 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-01-10 20:26 286720]
"q76g3EW"="p2pxpph(3).exe" []
"Preview AdService"="C:\Program Files\Preview AdService\PrevAdServ.exe" [ ]
"pqx"="C:\WINDOWS\pqx.exe" [ ]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2008-01-11 22:25 204800]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-11 22:25 267048]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2008-01-11 22:25 124520]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-11 22:25 221184]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2008-01-11 22:25 217088]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-11 22:25 155648]
"ICQ Messenger"="ICQLite.exe" []
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-11 22:25 114688]
"g396di86"="C:\WINDOWS\system32\g396di86.exe" [ ]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2008-01-11 22:25 28672]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2008-01-11 22:25 270336]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-11 22:25 67184]
"BuildBU"="c:\dell\bldbubg.exe" [2008-01-10 20:25 61440]
"AdTools Service"="C:\Program Files\AdTools Service\AdTools.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2008-01-10 20:25 57344]
"AceGain LiveUpdate"="C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"ICQ Messenger"="ICQLite.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-06-30 03:33:04 36953]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-19 04:44]
S2 DP1112;DP1112;C:\WINDOWS\system32\Drivers\DP.sys []
S2 DVC150;DVC 150B;C:\WINDOWS\system32\Drivers\dvc150b.sys [2003-11-04 15:56]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 04:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 18:16:18 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-17 08:30:00 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.ex
- C:\Program Files\ErrorKiller
"2008-02-18 05:28:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 00:26:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
ICQ Messenger = ICQLite.exe?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-18 0:37:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-18 05:37:09
ComboFix2.txt 2008-02-17 20:30:24
ComboFix3.txt 2008-02-17 16:05:54
ComboFix4.txt 2008-02-17 04:15:26
.
2008-02-14 21:16:39 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:56, on 2008-02-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joe\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...lash/index.cfm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [q76g3EW] p2pxpph(3).exe
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [pqx] C:\WINDOWS\pqx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ICQ Messenger] ICQLite.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [g396di86] C:\WINDOWS\system32\g396di86.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\RunServices: [ICQ Messenger] ICQLite.exe
O4 - HKCU\..\Run: [Tkgtp] C:\WINDOWS\system32\??erinit.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.123.151.50:8081/VatDec.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.thefirst4.com/images/algonquin_cup.jpg
--
End of file - 7784 bytes
Running from: C:\Documents and Settings\Joe\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joe\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\juehpgae.dll
C:\WINDOWS\SYSTEM32\qtutv.bak1
C:\WINDOWS\SYSTEM32\qtutv.bak2
C:\WINDOWS\SYSTEM32\qtutv.ini2
C:\WINDOWS\system32\sysmtd32.exe
C:\WINDOWS\SYSTEM32\vyadd.bak1
C:\WINDOWS\SYSTEM32\vyadd.bak2
C:\WINDOWS\SYSTEM32\vyadd.ini2
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\SYSTEM32\qtutv.bak1
C:\WINDOWS\SYSTEM32\qtutv.bak2
C:\WINDOWS\SYSTEM32\qtutv.ini2
C:\WINDOWS\SYSTEM32\vyadd.bak1
C:\WINDOWS\SYSTEM32\vyadd.bak2
C:\WINDOWS\SYSTEM32\vyadd.ini2
C:\WINDOWS\V2FsdGVyIEJyYWluZXJk
C:\WINDOWS\V2FsdGVyIEJyYWluZXJk\pZIPx3pVKHLVsq5RtrL4.vbs
.
((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.
2008-02-16 22:47 . 2008-02-16 22:47 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\ErrorKiller
2008-02-16 22:46 . 2008-02-16 22:51 <DIR> d-------- C:\Program Files\ErrorKiller
2008-02-16 14:11 . 2008-02-16 14:56 <DIR> d----c--- C:\VundoFix Backups
2008-02-11 19:17 . 2008-02-11 19:17 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\acccore
2008-02-11 19:12 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-11 19:11 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\AIM6
2008-02-11 19:11 . 2008-02-11 19:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-11 18:30 . 2004-08-04 03:56 116,224 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-02-11 18:30 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-02-11 18:30 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-02-11 18:30 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-02-11 18:30 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-02-11 18:30 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-02-11 18:30 . 2004-08-04 03:56 8,192 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-02-11 18:30 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-02-11 18:28 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2008-02-11 18:27 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-02-11 18:26 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-02-11 18:25 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
2008-02-11 18:24 . 2002-08-29 05:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-02-11 18:23 . 2002-08-29 05:00 1,158,818 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
2008-02-11 18:22 . 2002-08-29 05:00 471,102 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imskdic.dll
2008-02-11 18:21 . 2002-08-29 05:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-02-11 18:20 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-02-11 18:19 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\el656ct5.sys
2008-02-11 18:18 . 2001-08-17 12:20 334,208 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ds1wdm.sys
2008-02-11 18:18 . 2004-08-04 01:58 207,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4.sys
2008-02-11 18:18 . 2001-08-17 12:11 29,696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dm9pci5.sys
2008-02-11 18:18 . 2001-08-17 12:12 28,062 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dp83820.sys
2008-02-11 18:18 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4usb.sys
2008-02-11 18:18 . 2004-08-04 03:56 20,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dshowext.ax
2008-02-11 18:18 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4prt.sys
2008-02-11 18:18 . 2001-08-17 13:47 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4scan.sys
2008-02-11 18:16 . 2002-08-29 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-02-11 18:15 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-02-11 18:14 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
2008-02-10 21:41 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-02-10 21:12 . 2008-02-18 00:01 12,293 --a--c--- C:\logfile
2008-02-10 21:02 . 2008-02-10 21:02 <DIR> d-------- C:\Program Files\Disney
2008-02-09 22:38 . 2008-02-09 22:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-07 06:55 . 2008-02-07 06:55 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-03 23:37 . 2008-02-03 23:37 <DIR> d-------- C:\Program Files\WinSCP
2008-01-20 10:56 . 2008-01-20 10:56 <DIR> d-------- C:\Program Files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 05:25 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-12 00:06 --------- d-----w C:\Program Files\VideoLAN
2008-02-11 23:27 --------- d-----w C:\Program Files\AIM
2008-02-11 23:26 --------- d-----w C:\Documents and Settings\Joe\Application Data\Aim
2008-02-09 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 01:56 --------- d-----w C:\Documents and Settings\Joe\Application Data\AdobeUM
2008-01-27 05:31 --------- d-----w C:\Program Files\DivX
2008-01-20 15:55 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
2008-01-20 15:55 --------- d-----w C:\Program Files\Real
2008-01-20 15:55 --------- d-----w C:\Program Files\Common Files\Real
2008-01-15 23:19 --------- d-----w C:\Documents and Settings\Joe\Application Data\vlc
2008-01-12 03:25 28,672 ----a-w C:\WINDOWS\SYSTEM32\DSentry.exe
2008-01-12 03:25 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-01-12 03:25 114,688 ----a-w C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-01-11 01:26 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray .exe
2008-01-11 01:26 114,688 ----a-w C:\WINDOWS\SYSTEM32\hkcmd .exe
2008-01-11 01:26 --------- d-----w C:\Program Files\QuickTime
2008-01-11 01:25 28,672 ----a-w C:\WINDOWS\SYSTEM32\DSentry .exe
2008-01-11 01:24 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-11 01:24 --------- d-----w C:\Program Files\iTunes
2008-01-11 01:24 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-01-11 01:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-08 03:37 --------- d-----w C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-01-08 03:26 --------- d-----w C:\Program Files\Google
2008-01-08 03:21 --------- d-----w C:\Program Files\iPod
2008-01-08 01:58 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-08 01:55 --------- d-----w C:\Program Files\AIM+
2008-01-08 01:42 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 01:17 --------- d-----w C:\Program Files\Analog Devices
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
2007-12-07 14:37 3,059,200 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-12-06 13:07 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\oleaut32.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2004-08-04 07:56 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
<pre> ----a-w 67,160 2008-01-12 02:49:12 C:\Program Files\AIM\aim .exe ----a-w 50,760 2008-01-11 01:25:38 C:\Program Files\Common Files\AOL\1124400053\ee\AOLSoftware .exe ----a-w 124,520 2008-01-11 01:25:50 C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe ----a-w 110,592 2008-01-11 01:25:38 C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe ----a-w 67,184 2008-01-11 01:25:50 C:\Program Files\Common Files\Symantec Shared\ccApp .exe ----a-w 204,800 2008-01-11 01:25:28 C:\Program Files\Dell\Media Experience\PCMService .exe ----a-w 270,336 2008-01-11 01:25:38 C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe ----a-w 221,184 2008-01-11 01:25:27 C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe ----a-w 267,048 2008-01-11 01:26:13 C:\Program Files\iTunes\iTunesHelper .exe ----a-w 217,088 2008-01-11 01:26:01 C:\Program Files\Microsoft IntelliPoint\point32 .exe ----a-w 286,720 2008-01-11 01:26:03 C:\Program Files\QuickTime\QTTask .exe ----a-w 286,720 2008-01-12 05:27:28 C:\Program Files\QuickTime\QTTask .exe ----a-w 286,720 2008-01-12 05:27:29 C:\Program Files\QuickTime\QTTask .exe ----a-w 286,720 2008-01-12 05:27:31 C:\Program Files\QuickTime\QTTask .exe ----a-w 286,720 2008-01-12 05:27:32 C:\Program Files\QuickTime\QTTask .exe ----a-w 120,640 2008-01-11 01:25:51 C:\Program Files\Symantec AntiVirus\VPTray .exe ----a-w 28,672 2008-01-11 01:25:27 C:\WINDOWS\SYSTEM32\DSentry .exe ----a-w 114,688 2008-01-11 01:26:03 C:\WINDOWS\SYSTEM32\hkcmd .exe ----a-w 155,648 2008-01-11 01:26:07 C:\WINDOWS\SYSTEM32\igfxtray .exe </pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tkgtp"="C:\WINDOWS\system32\??erinit.exe" [2004-08-04 02:56 24576]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"I/O Controllers"="svcnet.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2008-01-11 22:25 120640]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [ ]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-11 22:25 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-20 10:55 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-01-10 20:26 286720]
"q76g3EW"="p2pxpph(3).exe" []
"Preview AdService"="C:\Program Files\Preview AdService\PrevAdServ.exe" [ ]
"pqx"="C:\WINDOWS\pqx.exe" [ ]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2008-01-11 22:25 204800]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-11 22:25 267048]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2008-01-11 22:25 124520]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-11 22:25 221184]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2008-01-11 22:25 217088]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-11 22:25 155648]
"ICQ Messenger"="ICQLite.exe" []
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-11 22:25 114688]
"g396di86"="C:\WINDOWS\system32\g396di86.exe" [ ]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2008-01-11 22:25 28672]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2008-01-11 22:25 270336]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-11 22:25 67184]
"BuildBU"="c:\dell\bldbubg.exe" [2008-01-10 20:25 61440]
"AdTools Service"="C:\Program Files\AdTools Service\AdTools.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2008-01-10 20:25 57344]
"AceGain LiveUpdate"="C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"ICQ Messenger"="ICQLite.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-06-30 03:33:04 36953]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-19 04:44]
S2 DP1112;DP1112;C:\WINDOWS\system32\Drivers\DP.sys []
S2 DVC150;DVC 150B;C:\WINDOWS\system32\Drivers\dvc150b.sys [2003-11-04 15:56]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 04:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 18:16:18 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-17 08:30:00 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.ex
- C:\Program Files\ErrorKiller
"2008-02-18 05:28:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 00:26:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
ICQ Messenger = ICQLite.exe?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-18 0:37:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-18 05:37:09
ComboFix2.txt 2008-02-17 20:30:24
ComboFix3.txt 2008-02-17 16:05:54
ComboFix4.txt 2008-02-17 04:15:26
.
2008-02-14 21:16:39 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:56, on 2008-02-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joe\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...lash/index.cfm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [q76g3EW] p2pxpph(3).exe
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [pqx] C:\WINDOWS\pqx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ICQ Messenger] ICQLite.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [g396di86] C:\WINDOWS\system32\g396di86.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\RunServices: [ICQ Messenger] ICQLite.exe
O4 - HKCU\..\Run: [Tkgtp] C:\WINDOWS\system32\??erinit.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.123.151.50:8081/VatDec.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.thefirst4.com/images/algonquin_cup.jpg
--
End of file - 7784 bytes
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation:
Solved Threads: 754
My apologies. My Internet went down for a while .
==
Can you do the following;
Click Start > Run and type
C:\qoobox\ComboFix4.txt
Post the contents of ComboFix4.txt
==
Go here and do a scan and post back the results here please.
.==
Can you do the following;
Click Start > Run and type
C:\qoobox\ComboFix4.txt
Post the contents of ComboFix4.txt
==
Go here and do a scan and post back the results here please.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
 |
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Internet explorer keeps crashing
- Next Thread: Downloader.Tibs.....Vista Help?
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos domains education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting report research risk rogueantivirus samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
