can someone plz help rb.tmp files

Question

dolfy22 0 Newbie Poster

15 Years Ago

hi,
i am new here and i have a problem i am hoping someone ight be able to help me with. i got an adware spyware virus, and now i have rb.tmp files that wont go away and my comp is running soooo slow. i did get stopzilla and that helped someof it but i just cant get rid of those files and get my pc to run normally again.
i would be ever so grateful if someone knows something that might help me.
manymany thanks

windows-virus

3 Contributors
11 Replies
184 Views
3 Days Discussion Span
Latest Post 15 Years Ago Latest Post by gerbil

All 11 Replies

gerbil 216 Industrious Poster

15 Years Ago

Hello, dolfy, try this...
[you know, when you bump a thread it can get missed ... I tend to go first for posts with zero replies]. Not posting a hijackthis log as per the stickies above does make things a little difficult... I have almost nothing to go on...!
So I shall make a guess. You have Telus AV? Yes?... then this applies: those rb.tmp files I think may be associated with your AV/AS service, Telus. If you wish to test that go offline, disable TELUS and then delete them. If they stay gone then that is the reason, they are files used by Telus..... Don't foget to reactivate Telus before you connect again. It will regenerate them.
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.

crunchie 990 Most Valuable Poster

15 Years Ago

2 things. Only run combofix as instructed. You ran it twice.
Don't forget the hijackthis log :). oops, you already did forget :D.

gerbil 216 Industrious Poster

15 Years Ago

Some of the smaller Antivirus service providers use common software "engines", rebadging commercial software, if you like. An antispyware example is your CA [computer associates] service, which is eTrust PestPatrol.
Internet service providers like to provide an in-house AV service, mostly they are rebadged commercial versions. That is why [and being blind to what you had] I mentioned Telus, an ISP. They provide Command AV, which is the same as Authentium AV.
Your Authentium\AntiVirus\dvpapi.exe is also part of Freedom AV, amongst others. Such as Command AV. They will pop rbn.tmp files in your Recycle Bin [n is a digit]... is that where your rb.tmp files appear?
PCGuard will do it, also. Lots of ISPs offer that.
If those files pop in your RB as I surmise, then ignore them.
I think I have all that straight up.
Now I look at some of your files and running processes, and truly I cannot tell if you have one AV mongrel of many colours running, or a whole pack of AV and AS services:

Verizon Internet Security Suite
CA\PPRT\bin\ITMRTSVC.exe
Authentium\AntiVirus\dvpapi.exe
RpsSecurityAware

Believe me, you must only run ONE active AV service. Multiple AS services do not seem to matter, apart from simply bogging your machine down with over-zealous string checking.
Once you had Symantec AV :
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
-to remove that completely, cleanly you must download the correct version of their removal tool from the Symantec site.

Now to the bad stuff:
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\WINDOWS\system32\ssqOHaXP.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk572LFUS
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O20 - Winlogon Notify: ssqOHaXP - C:\WINDOWS\SYSTEM32\ssqOHaXP.dll

Good. Now for Combofix again....:
==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as CFScript.txt to where you saved Combofix -that is, to a folder or your desktop.

Killall::

File::
C:\WINDOWS\SYSTEM32\ssqOHaXP.dll
C:\WINDOWS\SYSTEM32\WinCtrl32.dll.vir
C:\WINDOWS\SYSTEM32\gwspeuom.dll.vir
C:\WINDOWS\mpfanvqg.dll.vir
C:\WINDOWS\emxa.exe.vir

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}]

[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqOHaXP]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\afA76.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bvY83.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ddp36.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fbT06.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\frK65.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gbn02.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gvE58.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hcW27.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\heE40.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hhA25.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jmR30.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nuP04.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\oyL78.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\psU47.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qnB65.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rfR62.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdQ61.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uxP10.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wcF47.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wuW03.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xdQ67.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xfA76.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xxO14.sys]

Good. Now drag CFScript.txt onto Combofix [drag the icon if on your desktop, or the filename if in a folder]. Combofix will start, let it run, if your firewall prompts then allow all; post the log.

=Now sort out your AV services, if you have multiples. Keep only one.
==Finally: Java update!!! This is for security reasons. Go control panel > java > update, & press update now. Restart after installing the update, and then go into control panel again, add/remove pgms and remove all old versions of java. Vsn 1.6.0.5 is current....

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

dolfy22 0 Newbie Poster · Answer 1 · 2008-05-24T06:30:44+00:00

hi i had a n adware spyware virus and got stopzilla wich took care of some of it but i can not get rid of the rb.tmp files and also my computer is running soooo slow, does anyone have any idea how to fix it please?
thank you sooo much

dolfy22 0 Newbie Poster · Answer 2 · 2008-05-24T08:37:22+00:00

hi there i am having problems with getting rid of rb.tmp files and vxgame i had an adware spyware problem i got stopzilla which helped little but not all. and my comuter is so slow if anyone has any solutions i would be so thankful.
many many thanks

dolfy22 0 Newbie Poster · Answer 3 · 2008-05-25T09:16:47+00:00

hi gerbil, i am pretty computer illiterate so not sure if i got this right but this is the result from combofix. i dont have tellus..?
thank you sooo much for helping me.
it seems to be running a lil bit quicker now

mboFix 08-05-21.3 - rac 2008-05-24 23:09:48.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.195 [GMT -4:00]
Running from: C:\Documents and Settings\rac\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\rac\Application Data\FunWebProducts
C:\Documents and Settings\rac\Application Data\FunWebProducts\Data\rac\avatar.dat
C:\Documents and Settings\rac\Application Data\FunWebProducts\Data\rac\wffavs.dat
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Installr\3.bin\F3EZSETP.DLL
C:\Program Files\FunWebProducts\ScreenSaver\Images\000191EA.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\01681C1C.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
C:\Program Files\FunWebProducts\Shared\01C5DBCE.dat
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\Google\googletoolbar1.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL.vir
C:\Program Files\MyWebSearch\bar\2.bin\mwsoemon.exe.vir
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\mwsoestb.dll.vir
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\0002C970.bin
C:\Program Files\MyWebSearch\bar\Cache\000348B2.bin
C:\Program Files\MyWebSearch\bar\Cache\0013D1F9
C:\Program Files\MyWebSearch\bar\Cache\00733672.bin
C:\Program Files\MyWebSearch\bar\Cache\007505D3.bin
C:\Program Files\MyWebSearch\bar\Cache\00751B3F.bin
C:\Program Files\MyWebSearch\bar\Cache\00751D14.bin
C:\Program Files\MyWebSearch\bar\Cache\00752EC7.bin
C:\Program Files\MyWebSearch\bar\Cache\007530BB.bin
C:\Program Files\MyWebSearch\bar\Cache\00753EB5.bin
C:\Program Files\MyWebSearch\bar\Cache\007540F7.bin
C:\Program Files\MyWebSearch\bar\Cache\00754E55
C:\Program Files\MyWebSearch\bar\Cache\00B3B9E3.bin
C:\Program Files\MyWebSearch\bar\Cache\00B3BF80.bin
C:\Program Files\MyWebSearch\bar\Cache\00B3CF40.bin
C:\Program Files\MyWebSearch\bar\Cache\00B3D79C.bin
C:\Program Files\MyWebSearch\bar\Cache\017D3E63.bin
C:\Program Files\MyWebSearch\bar\Cache\017D4047.bin
C:\Program Files\MyWebSearch\bar\Cache\0217668F
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_cmc.dat
C:\Program Files\MyWebSearch\bar\Settings\s_cmc.dat.bak
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\s_psc.dat
C:\Program Files\MyWebSearch\bar\Settings\s_psc.dat.bak
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL.vir
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\cqjcfoeo.ini
C:\WINDOWS\SYSTEM32\dNVvwyxx.ini
C:\WINDOWS\SYSTEM32\dNVvwyxx.ini2
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\SYSTEM32\frjlklel.ini
C:\WINDOWS\system32\yanhjtsn.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 )))))))))))))))))))))))))))))))
.

2008-05-24 23:06 . 2008-05-24 23:06 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-24 22:58 . 2008-05-24 22:58 344 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kgpfr2.cfg
2008-05-23 23:24 . 2008-05-23 23:26 <DIR> d-------- C:\Program Files\Trojan Remover
2008-05-23 23:24 . 2008-05-23 23:24 <DIR> d-------- C:\Documents and Settings\rac\Application Data\Simply Super Software
2008-05-23 23:24 . 2008-05-23 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-05-23 23:24 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\SYSTEM32\ztvunrar36.dll
2008-05-23 23:24 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\SYSTEM32\UNRAR3.dll
2008-05-23 23:24 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\SYSTEM32\ztvunace26.dll
2008-05-23 23:24 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\SYSTEM32\unacev2.dll
2008-05-23 23:24 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\SYSTEM32\ztvcabinet.dll
2008-05-23 22:15 . 2008-05-23 22:15 14,336 --a------ C:\WINDOWS\SYSTEM32\WinCtrl32.dll.vir
2008-05-22 23:39 . 2008-05-22 23:39 <DIR> d-------- C:\Program Files\Panda Security
2008-05-22 20:14 . 2008-05-22 20:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Verizon
2008-05-22 17:52 . 2008-05-24 22:59 38,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kgpcpy.cfg
2008-05-22 17:50 . 2008-05-24 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-05-22 17:48 . 2008-05-22 17:48 <DIR> d-------- C:\Program Files\STOPzilla!
2008-05-22 17:48 . 2008-05-22 17:48 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-05-22 17:48 . 2008-05-24 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-05-22 16:08 . 2008-05-22 16:08 90,624 --a------ C:\WINDOWS\SYSTEM32\gwspeuom.dll.vir
2008-05-21 14:49 . 2008-05-21 14:49 397,312 -ra------ C:\WINDOWS\SYSTEM32\SZComp5.dll
2008-05-21 14:49 . 2008-05-21 14:49 258,048 -ra------ C:\WINDOWS\SYSTEM32\SZBase5.dll
2008-05-17 16:43 . 2008-01-09 10:35 55,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_skt32.sys
2008-05-17 16:42 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_pkt32.sys
2008-05-17 16:41 . 2008-05-17 16:41 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-05-17 16:40 . 2008-05-17 16:40 <DIR> d-------- C:\Program Files\Raxco
2008-05-17 16:40 . 2008-05-17 17:03 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-05-17 16:40 . 2008-05-17 16:40 <DIR> d-------- C:\Program Files\CA
2008-05-17 16:40 . 2008-05-17 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-05-17 16:35 . 2008-05-17 16:35 <DIR> d-------- C:\Documents and Settings\rac\Application Data\InstallShield
2008-05-17 16:34 . 2008-05-20 16:51 <DIR> d-------- C:\Program Files\Verizon
2008-05-17 16:29 . 2008-05-17 16:30 557,056 --a------ C:\Documents and Settings\rac\GoToAssist_phone__317_en.exe
2008-05-17 15:45 . 2008-05-17 15:48 <DIR> d-------- C:\Program Files\Registry Defender Platinum
2008-05-17 13:20 . 2008-05-22 21:51 <DIR> d-------- C:\Documents and Settings\rac\Application Data\TmpRecentIcons
2008-05-17 01:39 . 2008-05-16 19:57 204,800 --a------ C:\WINDOWS\mpfanvqg.dll.vir
2008-05-17 01:39 . 2008-05-16 19:58 135,168 --a------ C:\WINDOWS\emxa.exe.vir
2008-05-17 01:39 . 2008-05-17 01:39 29,824 --a------ C:\WINDOWS\SYSTEM32\ssqOHaXP.dll
2008-05-13 10:03 . 2008-05-13 10:03 34,432 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\SZKG.sys
2008-05-06 14:53 . 2008-05-06 14:53 364,544 -ra------ C:\WINDOWS\SYSTEM32\IS3DBA5.dll
2008-05-06 14:53 . 2008-05-06 14:53 126,976 -ra------ C:\WINDOWS\SYSTEM32\IS3HTUI5.dll
2008-05-06 14:52 . 2008-05-06 14:52 372,736 -ra------ C:\WINDOWS\SYSTEM32\IS3UI5.dll
2008-05-06 14:52 . 2008-05-06 14:52 61,440 -ra------ C:\WINDOWS\SYSTEM32\IS3Hks5.dll
2008-05-06 14:52 . 2008-05-06 14:52 23,040 -ra------ C:\WINDOWS\SYSTEM32\IS3XDat5.dll
2008-05-06 14:51 . 2008-05-06 14:51 196,608 -ra------ C:\WINDOWS\SYSTEM32\IS3Win325.dll
2008-05-06 14:50 . 2008-05-06 14:50 94,208 -ra------ C:\WINDOWS\SYSTEM32\IS3Inet5.dll
2008-05-06 14:50 . 2008-05-06 14:50 90,112 -ra------ C:\WINDOWS\SYSTEM32\IS3Svc5.dll
2008-05-06 14:47 . 2008-05-06 14:47 708,608 -ra------ C:\WINDOWS\SYSTEM32\IS3Base5.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 03:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\temp
2008-05-25 02:52 --------- d-----w C:\Program Files\Google
2008-05-23 04:31 --------- d-----w C:\Program Files\LimeWire
2008-05-23 01:51 --------- d-----w C:\Program Files\AWS
2008-05-23 01:50 --------- d-----w C:\Program Files\PokerStars
2008-05-22 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-22 22:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-20 20:51 --------- d-----w C:\Program Files\Common Files\Motive
2008-05-17 21:02 --------- d-----w C:\Program Files\Norton 360
2008-05-17 21:02 --------- d-----w C:\Documents and Settings\rac\Application Data\Verizon
2008-05-17 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Verizon
2008-05-17 20:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-23 22:19 --------- d-----w C:\Program Files\MyWebSearchWB
2008-04-02 23:57 --------- d-----w C:\Documents and Settings\rac\Application Data\SoftwareDetectionScripts
2008-03-29 16:21 --------- d-----w C:\Program Files\Java
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
.

((((((((((((((((((((((((((((( snapshot@2008-05-24_23.08.19.04 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}]
2008-05-17 01:39 29824 --a------ C:\WINDOWS\system32\ssqOHaXP.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-22 16:56 171448]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"EleFunAnimatedWallpaper"="" []
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-04 15:08 98304]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2008-02-13 13:03 2065648]
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [2008-02-26 17:10 318704]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [2008-02-26 17:11 13552]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" [ ]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54 57344]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 13:52 339968]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [ ]
"Amazing3DAquariumWallpaper"="" []

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}"= C:\WINDOWS\system32\ssqOHaXP.dll [2008-05-17 01:39 29824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqOHaXP]
ssqOHaXP.dll 2008-05-17 01:39 29824 C:\WINDOWS\SYSTEM32\ssqOHaXP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\afA76.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bvY83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ddp36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fbT06.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\frK65.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gbn02.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gvE58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hcW27.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\heE40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hhA25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jmR30.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nuP04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\oyL78.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\psU47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qnB65.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rfR62.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdQ61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uxP10.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wcF47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wuW03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xdQ67.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xfA76.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xxO14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=

R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-05-13 10:03]
S3 Radialpoint Security Services;Verizon Internet Security Suite;"C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe" [2008-02-26 17:10]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 10:04]

.
Contents of the 'Scheduled Tasks' folder
"2007-01-19 16:17:17 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\OOBEBALN.EXE
"2008-05-23 07:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
"2008-05-25 03:10:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3FA2525-895E-43D9-AD62-41E412717464}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 23:11:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ssqOHaXP.dll
.
Completion time: 2008-05-24 23:13:41
ComboFix-quarantined-files.txt 2008-05-25 03:13:31

Pre-Run: 148,582,416,384 bytes free
Post-Run: 148,570,791,936 bytes free

348 --- E O F --- 2008-05-16 22:58:23

dolfy22 0 Newbie Poster · Answer 4 · 2008-05-26T03:51:43+00:00

hi again i dont know what hijack this is...? something i download?
thank you :)

2 things. Only run combofix as instructed. You ran it twice.
Don't forget the hijackthis log :). oops, you already did forget :D.

dolfy22 0 Newbie Poster · Answer 5 · 2008-05-26T03:57:47+00:00

hi this is the hijackthis log results .. thank you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:16 PM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]https://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=900&fs=1&_lang=EN&lc=1033[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\WINDOWS\system32\ssqOHaXP.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O8 - Extra context menu item: &Search - [url]http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk572LFUS[/url]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url]http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab[/url]
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - [url]http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[/url]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - [url]http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB[/url]
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - [url]https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsi.cab[/url]
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - [url]https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab[/url]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [url]http://lads.myspace.com/upload/MySpaceUploader1006.cab[/url]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab[/url]
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - [url]http://imikimi.com/download/imikimi_plugin_0.5.1.cab[/url]
O20 - Winlogon Notify: ssqOHaXP - C:\WINDOWS\SYSTEM32\ssqOHaXP.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O24 - Desktop Component 0: (no name) - [url]http://www.yourspacelayouts.com/Glitter-Text-Generator/donez/z4787c3ead66da.gif[/url]
O24 - Desktop Component 1: (no name) - [url]http://wtv-zone.com/emma/kiss/gifs/glove.gif[/url]
O24 - Desktop Component 2: (no name) - [url]http://i131.photobucket.com/albums/p315/ovivip/love/022.gif[/url]

--
End of file - 10015 bytes

dolfy22 0 Newbie Poster · Answer 6 · 2008-05-27T01:32:12+00:00

hello,
ok here is the results from the combofix, i did the hijackthis scan with those boxes selcted and i went to norton and removed symantec, comp seems to be a little faster now i am going to update java. and i can not thank you enough

ComboFix 08-05-21.3 - rac 2008-05-26 15:24:05.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.201 [GMT -4:00]
Running from: C:\Documents and Settings\rac\Desktop\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.

2008-05-25 17:55 . 2008-05-25 17:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-23 22:15 . 2008-05-23 22:15 14,336 --a------ C:\WINDOWS\SYSTEM32\WinCtrl32.dll.vir
2008-05-22 23:39 . 2008-05-22 23:39 <DIR> d-------- C:\Program Files\Panda Security
2008-05-22 20:14 . 2008-05-22 20:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Verizon
2008-05-22 17:50 . 2008-05-25 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-05-22 17:48 . 2008-05-22 17:48 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-05-22 17:48 . 2008-05-26 14:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-05-22 16:08 . 2008-05-22 16:08 90,624 --a------ C:\WINDOWS\SYSTEM32\gwspeuom.dll.vir
2008-05-17 16:43 . 2008-01-09 10:35 55,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_skt32.sys
2008-05-17 16:42 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_pkt32.sys
2008-05-17 16:41 . 2008-05-17 16:41 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-05-17 16:40 . 2008-05-17 16:40 <DIR> d-------- C:\Program Files\Raxco
2008-05-17 16:40 . 2008-05-17 17:03 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-05-17 16:40 . 2008-05-17 16:40 <DIR> d-------- C:\Program Files\CA
2008-05-17 16:40 . 2008-05-17 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-05-17 16:35 . 2008-05-17 16:35 <DIR> d-------- C:\Documents and Settings\rac\Application Data\InstallShield
2008-05-17 16:34 . 2008-05-20 16:51 <DIR> d-------- C:\Program Files\Verizon
2008-05-17 16:29 . 2008-05-17 16:30 557,056 --a------ C:\Documents and Settings\rac\GoToAssist_phone__317_en.exe
2008-05-17 15:45 . 2008-05-17 15:48 <DIR> d-------- C:\Program Files\Registry Defender Platinum
2008-05-17 13:20 . 2008-05-22 21:51 <DIR> d-------- C:\Documents and Settings\rac\Application Data\TmpRecentIcons
2008-05-17 01:39 . 2008-05-16 19:57 204,800 --a------ C:\WINDOWS\mpfanvqg.dll.vir
2008-05-17 01:39 . 2008-05-16 19:58 135,168 --a------ C:\WINDOWS\emxa.exe.vir
2008-05-17 01:39 . 2008-05-17 01:39 29,824 --a------ C:\WINDOWS\SYSTEM32\ssqOHaXP.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 03:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\temp
2008-05-25 02:52 --------- d-----w C:\Program Files\Google
2008-05-23 04:31 --------- d-----w C:\Program Files\LimeWire
2008-05-23 01:51 --------- d-----w C:\Program Files\AWS
2008-05-23 01:50 --------- d-----w C:\Program Files\PokerStars
2008-05-22 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-22 22:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-20 20:51 --------- d-----w C:\Program Files\Common Files\Motive
2008-05-17 21:02 --------- d-----w C:\Program Files\Norton 360
2008-05-17 21:02 --------- d-----w C:\Documents and Settings\rac\Application Data\Verizon
2008-05-17 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Verizon
2008-05-17 20:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-23 22:19 --------- d-----w C:\Program Files\MyWebSearchWB
2008-04-02 23:57 --------- d-----w C:\Documents and Settings\rac\Application Data\SoftwareDetectionScripts
2008-03-29 16:21 --------- d-----w C:\Program Files\Java
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
.

((((((((((((((((((((((((((((( snapshot@2008-05-24_23.08.19.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-25 02:57:46 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-26 19:11:23 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2006-11-08 01:03:36 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
- 2006-11-08 01:03:36 765,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
+ 2007-07-12 23:31:54 765,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
- 2004-09-15 17:27:54 229,376 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
+ 2007-10-27 21:40:06 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
- 2004-09-15 17:27:54 229,376 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
+ 2007-10-27 21:40:06 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}]
2008-05-17 01:39 29824 --a------ C:\WINDOWS\system32\ssqOHaXP.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-22 16:56 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-04 15:08 98304]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2008-02-13 13:03 2065648]
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [2008-02-26 17:10 318704]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54 57344]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 13:52 339968]