Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected With Malware, Winantiviruspro


  • Please log in to reply
15 replies to this topic

#1 patrickjc

patrickjc

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 14 November 2007 - 09:22 PM

A few months ago my PC was hit with WinAntiVirusPro. I thought I was rid of it for a while, as I was not having problems, but recently the problems started up again. Specifically, performance on my PC is very slow, when I'm online I frequently get Internet Explorer pop ups, and I have just recently been getting a Windows error message that Windows Explorer must shut down to protect my PC, at which point Explorer (not Internet Explorer) shuts down. I generally use Firefox for web browsing, but the pop ups are always in IE. I have followed all the steps in the Preparation Guide (running Spybot, AdAware, etc). Below is the log from Hijack This. Any help would be appreciated. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:48 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\reggsmzh.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB002" /M "Stylus C88"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [eftfkviA] C:\WINDOWS\eftfkviA.exe
O4 - HKLM\..\Run: [Windows NT] C:\WINDOWS\Twunk_16.exe
O4 - HKLM\..\Run: [{32-26-6D-D5-ZN}] C:\Documents and Settings\Patrick\Local Settings\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [isrdmcc] KB27948801.exe
O4 - HKLM\..\Run: [drmsses] C:\WINDOWS\system32\reggsmzh.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [isrdmcc] KB27948801.exe
O4 - HKCU\..\Run: [drmsses] C:\WINDOWS\system32\reggsmzh.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: .lnk = C:\WINDOWS\system32\msmapibx32.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Patrick\Local Settings\Temp\thinksnet.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://imail2.bbh.com/iNotes6.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: msmapibx32.dll
O21 - SSODL: rjezqPhXW - {FCC326D6-5669-8C7C-A5C7-878CC7F7963D} - C:\WINDOWS\system32\jk.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\apaehfbq.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Network Serialize - Unknown owner - C:\WINDOWS\system32\mswns32.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7700 bytes

BC AdBot (Login to Remove)

 


#2 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:40 AM

Posted 28 November 2007 - 11:03 AM

Hi Patrickjc!

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. I'm in Hijackthis school and Teachers will check my posts.
Sorry that it took us so long to get back to you, but as you can see we're stumped withthe amout of logs.

Before we can start, please post a fresh hijackthis log back here.
Posted Image

#3 patrickjc

patrickjc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 28 November 2007 - 07:54 PM

Thanks for helping, here is an updated log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:49 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\reggsmzh.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB002" /M "Stylus C88"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [eftfkviA] C:\WINDOWS\eftfkviA.exe
O4 - HKLM\..\Run: [Windows NT] C:\WINDOWS\Twunk_16.exe
O4 - HKLM\..\Run: [{32-26-6D-D5-ZN}] C:\Documents and Settings\Patrick\Local Settings\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [isrdmcc] KB27948801.exe
O4 - HKLM\..\Run: [drmsses] C:\WINDOWS\system32\reggsmzh.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [isrdmcc] KB27948801.exe
O4 - HKCU\..\Run: [drmsses] C:\WINDOWS\system32\reggsmzh.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: .lnk = C:\WINDOWS\system32\msmapibx32.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Patrick\Local Settings\Temp\thinksnet.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://imail2.bbh.com/iNotes6.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: msmapibx32.dll
O21 - SSODL: rjezqPhXW - {FCC326D6-5669-8C7C-A5C7-878CC7F7963D} - C:\WINDOWS\system32\jk.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\apaehfbq.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Network Serialize - Unknown owner - C:\WINDOWS\system32\mswns32.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7733 bytes

#4 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:40 AM

Posted 06 December 2007 - 12:19 PM

Hi!

I'm really sorry for dealy :thumbsup:


#1
While Spybot's TeaTimer is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.


#2
Please download Combofix to your desktop.
Doubleclick comboFix.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

#3
Rename HijackThis.exe

1. Right click on the HijackThis icon.

Posted Image

2. Select Rename.

Posted Image

3. Now type the following scanner.exe <<< NOTE: make sure to put period before exe when typing.
Hit the enter key on keyboard.

Posted Image
Posted Image

#5 patrickjc

patrickjc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 15 December 2007 - 08:28 PM

When I double click on the Combofix.exe from my desktop, I get an error saying that it is not a valid Win32 application.

#6 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:40 AM

Posted 17 December 2007 - 12:10 AM

Hi!

Do the same things than last time, but when you should run combofix, please do it like this:

Please, delete your combofix.exe.

Please Download now ComboFix from here
IMPORTANT !!! Place it on your Desktop.


Go to start --> run and copy/paste in the following:

"%userprofile%\desktop\combofix.exe"

When finished, it shall produce a log for you. Save it and post that log in your next reply. ;)

Please post a fresh HijackThis log (scanner.exe) and Combofix log.
Posted Image

#7 patrickjc

patrickjc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 17 December 2007 - 07:43 PM

Thanks, I was able to run ComboFix that way. Here is the ComboFix log:

ComboFix 07-12-17.1 - Patrick 2007-12-17 19:02:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.59 [GMT -5:00]
Running from: C:\Documents and Settings\Patrick\desktop\combofix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Patrick\err.log
C:\Documents and Settings\Patrick\My Documents\SSEMBL~1
C:\Documents and Settings\Patrick\Start Menu\Programs\Startup\.lnk
C:\Documents and Settings\Patrick\Start Menu\Programs\Startup\TA_Start.lnk
C:\Program Files\poolsv
C:\Program Files\poolsv\YazzleBundle-1549.exe
C:\Program Files\svhost
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\WINDOWS\b147.exe
C:\WINDOWS\cfg32.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\acgxncjw.ini
C:\WINDOWS\system32\acwearsj.dll
C:\WINDOWS\system32\advfjpbn.ini
C:\WINDOWS\system32\aetcjhhi.dll
C:\WINDOWS\system32\agcdtygs.exe
C:\WINDOWS\system32\agdjvjaw.dll
C:\WINDOWS\system32\aglrluuc.exe
C:\WINDOWS\system32\alqfcgdm.exe
C:\WINDOWS\system32\amtopnhf.exe
C:\WINDOWS\system32\amwgpjii.exe
C:\WINDOWS\system32\aogqhiim.exe
C:\WINDOWS\system32\apwonnbp.exe
C:\WINDOWS\system32\aqnioxwf.exe
C:\WINDOWS\system32\aqomohuc.ini
C:\WINDOWS\system32\aqonpqax.ini
C:\WINDOWS\system32\avpsqjvl.ini
C:\WINDOWS\system32\bbgpirqa.exe
C:\WINDOWS\system32\bepsprqp.dll
C:\WINDOWS\system32\bepuhcnu.exe
C:\WINDOWS\system32\bevwqwnb.ini
C:\WINDOWS\system32\bgoamjmt.exe
C:\WINDOWS\system32\bgyxshxc.dll
C:\WINDOWS\system32\bhtdywjc.exe
C:\WINDOWS\system32\biakqxjv.ini
C:\WINDOWS\system32\bjassxfc.ini
C:\WINDOWS\system32\bknvvrfr.dll
C:\WINDOWS\system32\bnwqwveb.dll
C:\WINDOWS\system32\bqoisbrw.exe
C:\WINDOWS\system32\bxjirpim.dll
C:\WINDOWS\system32\byjydgkr.exe
C:\WINDOWS\system32\cagvnoos.dll
C:\WINDOWS\system32\calnqplf.ini
C:\WINDOWS\system32\cdifqmnq.ini
C:\WINDOWS\system32\cfxssajb.dll
C:\WINDOWS\system32\cnetxlnt.dll
C:\WINDOWS\system32\cnmfnqns.exe
C:\WINDOWS\system32\commands.xml
C:\WINDOWS\system32\cotbauml.exe
C:\WINDOWS\system32\covqqxny.dll
C:\WINDOWS\system32\cpnlmlnk.dll
C:\WINDOWS\system32\crlwwcly.exe
C:\WINDOWS\system32\csvvjbbf.dll
C:\WINDOWS\system32\ctapebge.dll
C:\WINDOWS\system32\cuhomoqa.dll
C:\WINDOWS\system32\cvaqsvjp.dll
C:\WINDOWS\system32\cxhsxygb.ini
C:\WINDOWS\system32\cyekddwo.dll
C:\WINDOWS\system32\dbieodfh.exe
C:\WINDOWS\system32\dboppqsy.dll
C:\WINDOWS\system32\dcafahyb.exe
C:\WINDOWS\system32\dcuuxvis.dll
C:\WINDOWS\system32\ddkibypa.dll
C:\WINDOWS\system32\dennfcdk.dll
C:\WINDOWS\system32\dftkfheg.exe
C:\WINDOWS\system32\dhqhilpr.exe
C:\WINDOWS\system32\djevqgxy.exe
C:\WINDOWS\system32\dmymuwmg.ini
C:\WINDOWS\system32\dobtyfro.exe
C:\WINDOWS\system32\dopfsskk.dll
C:\WINDOWS\system32\drivers\ohciusb.sys
C:\WINDOWS\system32\drivers\ohciusb.syt
C:\WINDOWS\system32\drivers\ohctusb.sys
C:\WINDOWS\system32\drivers\ohctusb.syt
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\drivers\VKBY46.sys
C:\WINDOWS\system32\dtsvrwwg.exe
C:\WINDOWS\system32\dvxbgoyr.exe
C:\WINDOWS\system32\dxkanchi.dll
C:\WINDOWS\system32\edukcwkt.ini
C:\WINDOWS\system32\eejfwsxx.dll
C:\WINDOWS\system32\eeyljchw.dll
C:\WINDOWS\system32\efsrgswl.ini
C:\WINDOWS\system32\efwlnxlw.exe
C:\WINDOWS\system32\egbepatc.ini
C:\WINDOWS\system32\eksegrif.ini
C:\WINDOWS\system32\emjllhqn.ini
C:\WINDOWS\system32\enascksp.dll
C:\WINDOWS\system32\eoayhkff.dll
C:\WINDOWS\system32\euuxyxin.exe
C:\WINDOWS\system32\evuiymsf.ini
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\F1
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F3
C:\WINDOWS\system32\F4
C:\WINDOWS\system32\F5
C:\WINDOWS\system32\F5\wbb22.exe
C:\WINDOWS\system32\F9
C:\WINDOWS\system32\fapygkcg.ini
C:\WINDOWS\system32\fbbjvvsc.ini
C:\WINDOWS\system32\fcbbevos.ini
C:\WINDOWS\system32\fdkcpexg.exe
C:\WINDOWS\system32\fdstxrrj.dll
C:\WINDOWS\system32\femnuhsx.dll
C:\WINDOWS\system32\ffkhyaoe.ini
C:\WINDOWS\system32\firgeske.dll
C:\WINDOWS\system32\fjjvnerr.ini
C:\WINDOWS\system32\flpqnlac.dll
C:\WINDOWS\system32\fsmyiuve.dll
C:\WINDOWS\system32\ftutymlj.dll
C:\WINDOWS\system32\fvpfwgsm.exe
C:\WINDOWS\system32\fwybjxti.exe
C:\WINDOWS\system32\fyrcaqfy.ini
C:\WINDOWS\system32\gbkvjsqc.exe
C:\WINDOWS\system32\gckgypaf.dll
C:\WINDOWS\system32\gdqnydwj.dll
C:\WINDOWS\system32\gfmjaxtk.dll
C:\WINDOWS\system32\gllhmpen.dll
C:\WINDOWS\system32\gltrjikt.dll
C:\WINDOWS\system32\gmmavhco.ini
C:\WINDOWS\system32\gmwumymd.dll
C:\WINDOWS\system32\gnkcrqid.exe
C:\WINDOWS\system32\gnrmimxr.ini
C:\WINDOWS\system32\gqwixfux.ini
C:\WINDOWS\system32\gvocujxx.dll
C:\WINDOWS\system32\gwekvket.exe
C:\WINDOWS\system32\gxujxqhw.ini
C:\WINDOWS\system32\help.txt
C:\WINDOWS\system32\heovlkun.dll
C:\WINDOWS\system32\hgacyqpv.exe
C:\WINDOWS\system32\hjjlm.bak1
C:\WINDOWS\system32\hjjlm.bak2
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\hjjlm.ini2
C:\WINDOWS\system32\hjjlm.tmp
C:\WINDOWS\system32\hljxfydn.exe
C:\WINDOWS\system32\hsikatqi.dll
C:\WINDOWS\system32\hsjqqqos.dll
C:\WINDOWS\system32\htihylmx.ini
C:\WINDOWS\system32\htnkaear.dll
C:\WINDOWS\system32\htoknnfo.ini
C:\WINDOWS\system32\htwgntvv.dll
C:\WINDOWS\system32\hubygjnn.exe
C:\WINDOWS\system32\hvgtjdfk.dll
C:\WINDOWS\system32\hxklwnhr.exe
C:\WINDOWS\system32\hxtmhmvd.exe
C:\WINDOWS\system32\hxxxjuke.exe
C:\WINDOWS\system32\ihaxacnx.exe
C:\WINDOWS\system32\ihcnakxd.ini
C:\WINDOWS\system32\ihhjctea.ini
C:\WINDOWS\system32\ihkyhgag.exe
C:\WINDOWS\system32\iipxlefq.ini
C:\WINDOWS\system32\ikgkwkix.exe
C:\WINDOWS\system32\ikuxbckr.dll
C:\WINDOWS\system32\imfbgvxr.exe
C:\WINDOWS\system32\ipyioruj.exe
C:\WINDOWS\system32\iqtakish.ini
C:\WINDOWS\system32\isgbggmf.exe
C:\WINDOWS\system32\ivewmxsm.dll
C:\WINDOWS\system32\iydnoayr.ini
C:\WINDOWS\system32\jbasbmju.ini
C:\WINDOWS\system32\jfyhndky.exe
C:\WINDOWS\system32\jjkikjaw.ini
C:\WINDOWS\system32\jjlnaxxj.dll
C:\WINDOWS\system32\jkhxkryq.exe
C:\WINDOWS\system32\jldkuoju.dll
C:\WINDOWS\system32\jlinesna.exe
C:\WINDOWS\system32\jlmytutf.ini
C:\WINDOWS\system32\jmhhhcxg.exe
C:\WINDOWS\system32\jnitxlvd.exe
C:\WINDOWS\system32\jsraewca.ini
C:\WINDOWS\system32\jvgsajye.exe
C:\WINDOWS\system32\jwdynqdg.ini
C:\WINDOWS\system32\jxvdlonn.dll
C:\WINDOWS\system32\jxxanljj.ini
C:\WINDOWS\system32\KB27858024.exe
C:\WINDOWS\system32\kdcfnned.ini
C:\WINDOWS\system32\kfdjtgvh.ini
C:\WINDOWS\system32\kgyyhlut.ini
C:\WINDOWS\system32\kkssfpod.ini
C:\WINDOWS\system32\klgrnpdv.exe
C:\WINDOWS\system32\kllsnkoq.exe
C:\WINDOWS\system32\kmbqvdop.dll
C:\WINDOWS\system32\kmuxfrmy.exe
C:\WINDOWS\system32\knlmlnpc.ini
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\kqnrgbwr.dll
C:\WINDOWS\system32\krhbqbhy.exe
C:\WINDOWS\system32\ktbnqxby.ini
C:\WINDOWS\system32\ktxajmfg.ini
C:\WINDOWS\system32\kubbkvgs.ini
C:\WINDOWS\system32\kvbflwlq.exe
C:\WINDOWS\system32\kwnxjkcw.ini
C:\WINDOWS\system32\kwywiret.exe
C:\WINDOWS\system32\kyjtffhw.dll
C:\WINDOWS\system32\kyowiavk.exe
C:\WINDOWS\system32\l3acdb2.dll
C:\WINDOWS\system32\lcgdfppu.exe
C:\WINDOWS\system32\ldqqnfdr.dll
C:\WINDOWS\system32\lijridqa.exe
C:\WINDOWS\system32\lnwklxny.dll
C:\WINDOWS\system32\lpvurcin.exe
C:\WINDOWS\system32\ltgjmsok.exe
C:\WINDOWS\system32\lulttsro.exe
C:\WINDOWS\system32\lvjqspva.dll
C:\WINDOWS\system32\lvnhcufw.ini
C:\WINDOWS\system32\lwsgrsfe.dll
C:\WINDOWS\system32\maneywxh.exe
C:\WINDOWS\system32\mgqlnarv.ini
C:\WINDOWS\system32\mhnaxjwu.dll
C:\WINDOWS\system32\miprijxb.ini
C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\mmjiudyy.ini
C:\WINDOWS\system32\mnrrsfrb.dll
C:\WINDOWS\system32\moswhpyn.ini
C:\WINDOWS\system32\mqyldjwp.dll
C:\WINDOWS\system32\mrnqujqq.ini
C:\WINDOWS\system32\msmapibx32.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\msrskyta.exe
C:\WINDOWS\system32\msxmwevi.ini
C:\WINDOWS\system32\mtxuqfad.exe
C:\WINDOWS\system32\mxekeyqs.ini
C:\WINDOWS\system32\nanlibmj.exe
C:\WINDOWS\system32\nbpjfvda.dll
C:\WINDOWS\system32\nelgqojb.exe
C:\WINDOWS\system32\nepmhllg.ini
C:\WINDOWS\system32\nlgldtfo.exe
C:\WINDOWS\system32\nlvlpwhk.exe
C:\WINDOWS\system32\nlxaiiau.ini
C:\WINDOWS\system32\nnhnvejf.exe
C:\WINDOWS\system32\nnoldvxj.ini
C:\WINDOWS\system32\nqhlljme.dll
C:\WINDOWS\system32\nqmkmdgm.exe
C:\WINDOWS\system32\nsaasnhj.exe
C:\WINDOWS\system32\nuklvoeh.ini
C:\WINDOWS\system32\nyphwsom.dll
C:\WINDOWS\system32\o09PrEz
C:\WINDOWS\system32\oagvjytw.dll
C:\WINDOWS\system32\ochvammg.dll
C:\WINDOWS\system32\oejeavpq.dll
C:\WINDOWS\system32\ofjtbcsq.ini
C:\WINDOWS\system32\ofnnkoth.dll
C:\WINDOWS\system32\ogovywfw.exe
C:\WINDOWS\system32\ohljkxcy.dll
C:\WINDOWS\system32\ohrqeogx.ini
C:\WINDOWS\system32\okqojjgv.exe
C:\WINDOWS\system32\omqooblv.ini
C:\WINDOWS\system32\omsbddqx.dll
C:\WINDOWS\system32\orouhmmu.exe
C:\WINDOWS\system32\otnpcbgu.exe
C:\WINDOWS\system32\otsmyyga.exe
C:\WINDOWS\system32\ovlpqwuj.exe
C:\WINDOWS\system32\ovyqqiey.dll
C:\WINDOWS\system32\owddkeyc.ini
C:\WINDOWS\system32\oykgtqip.exe
C:\WINDOWS\system32\pfkjirdq.dll
C:\WINDOWS\system32\pgmtwcsv.ini
C:\WINDOWS\system32\pjvsqavc.ini
C:\WINDOWS\system32\podvqbmk.ini
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\pqrpspeb.ini
C:\WINDOWS\system32\prrbypyr.exe
C:\WINDOWS\system32\ps.dat
C:\WINDOWS\system32\pshrlidy.exe
C:\WINDOWS\system32\pskcsane.ini
C:\WINDOWS\system32\psvaxcjc.exe
C:\WINDOWS\system32\ptxoftps.ini
C:\WINDOWS\system32\pwjdlyqm.ini
C:\WINDOWS\system32\qaukpsot.dll
C:\WINDOWS\system32\qdrijkfp.ini
C:\WINDOWS\system32\qechnoht.exe
C:\WINDOWS\system32\qfelxpii.dll
C:\WINDOWS\system32\qffubmqi.exe
C:\WINDOWS\system32\qkrmhoqv.exe
C:\WINDOWS\system32\qljklopy.exe
C:\WINDOWS\system32\qmwrdget.dll
C:\WINDOWS\system32\qnmqfidc.dll
C:\WINDOWS\system32\qnvwbitn.exe
C:\WINDOWS\system32\qodybwpe.exe
C:\WINDOWS\system32\qpajaeff.exe
C:\WINDOWS\system32\qpvaejeo.ini
C:\WINDOWS\system32\qqciveia.exe
C:\WINDOWS\system32\qqjuqnrm.dll
C:\WINDOWS\system32\qscbtjfo.dll
C:\WINDOWS\system32\qtjpydvd.exe
C:\WINDOWS\system32\qtohwlby.dll
C:\WINDOWS\system32\raeaknth.ini
C:\WINDOWS\system32\rbodpqgu.exe
C:\WINDOWS\system32\rcxfovly.ini
C:\WINDOWS\system32\rdfnqqdl.ini
C:\WINDOWS\system32\rexwwksv.ini
C:\WINDOWS\system32\rfrqwejf.exe
C:\WINDOWS\system32\rgjtleik.exe
C:\WINDOWS\system32\rgsbrqmu.dll
C:\WINDOWS\system32\rkcbxuki.ini
C:\WINDOWS\system32\rkvounst.dll
C:\WINDOWS\system32\rqbamcni.exe
C:\WINDOWS\system32\rrenvjjf.dll
C:\WINDOWS\system32\rugjohws.exe
C:\WINDOWS\system32\rwbgrnqk.ini
C:\WINDOWS\system32\rxmimrng.dll
C:\WINDOWS\system32\ryaondyi.dll
C:\WINDOWS\system32\sbumeeds.ini
C:\WINDOWS\system32\scgsnyvs.exe
C:\WINDOWS\system32\scsxuiva.exe
C:\WINDOWS\system32\sdeemubs.dll
C:\WINDOWS\system32\sfjvsbrm.exe
C:\WINDOWS\system32\sgbgbcae.exe
C:\WINDOWS\system32\sgvkbbuk.dll
C:\WINDOWS\system32\sivxuucd.ini
C:\WINDOWS\system32\sjcxxoqr.exe
C:\WINDOWS\system32\sjuicyby.dll
C:\WINDOWS\system32\soonvgac.ini
C:\WINDOWS\system32\soqqqjsh.ini
C:\WINDOWS\system32\sovebbcf.dll
C:\WINDOWS\system32\sphtfmgp.exe
C:\WINDOWS\system32\sptfoxtp.dll
C:\WINDOWS\system32\sqyekexm.dll
C:\WINDOWS\system32\stppbkiu.ini
C:\WINDOWS\system32\sultjkme.exe
C:\WINDOWS\system32\swtubitb.exe
C:\WINDOWS\system32\sxwmivig.exe
C:\WINDOWS\system32\tegdrwmq.ini
C:\WINDOWS\system32\tgmwnfjx.ini
C:\WINDOWS\system32\tgywrytu.exe
C:\WINDOWS\system32\thedogku.exe
C:\WINDOWS\system32\thidnrqg.exe
C:\WINDOWS\system32\tihalsgj.exe
C:\WINDOWS\system32\titbslbu.exe
C:\WINDOWS\system32\tkijrtlg.ini
C:\WINDOWS\system32\tkwckude.dll
C:\WINDOWS\system32\tnlxtenc.ini
C:\WINDOWS\system32\tnpllvkx.ini
C:\WINDOWS\system32\toafcbny.exe
C:\WINDOWS\system32\tospkuaq.ini
C:\WINDOWS\system32\tsisblqt.exe
C:\WINDOWS\system32\tsnuovkr.ini
C:\WINDOWS\system32\tulhyygk.dll
C:\WINDOWS\system32\txhssgjx.dll
C:\WINDOWS\system32\txkgakyo.exe
C:\WINDOWS\system32\txlbixfy.dll
C:\WINDOWS\system32\txsnfswe.exe
C:\WINDOWS\system32\uaiiaxln.dll
C:\WINDOWS\system32\ubuxbidg.exe
C:\WINDOWS\system32\ugtmxamv.ini
C:\WINDOWS\system32\uikbppts.dll
C:\WINDOWS\system32\ujmbsabj.dll
C:\WINDOWS\system32\ujoukdlj.ini
C:\WINDOWS\system32\ukhdnytj.exe
C:\WINDOWS\system32\ukvxeegl.exe
C:\WINDOWS\system32\ulkgbjcv.exe
C:\WINDOWS\system32\umncrprn.exe
C:\WINDOWS\system32\umqrbsgr.ini
C:\WINDOWS\system32\upimrywt.exe
C:\WINDOWS\system32\uplqikls.exe
C:\WINDOWS\system32\uwjxanhm.ini
C:\WINDOWS\system32\V1
C:\WINDOWS\system32\V1\dllicm1.exe
C:\WINDOWS\system32\vcwgrrsi.exe
C:\WINDOWS\system32\vfbkaqos.exe
C:\WINDOWS\system32\vgfdyaox.ini
C:\WINDOWS\system32\vjxqkaib.dll
C:\WINDOWS\system32\vkafkefu.exe
C:\WINDOWS\system32\vkbcerdw.ini
C:\WINDOWS\system32\vlbooqmo.dll
C:\WINDOWS\system32\vmaxmtgu.dll
C:\WINDOWS\system32\vmhbnbwc.exe
C:\WINDOWS\system32\vranlqgm.dll
C:\WINDOWS\system32\vscwtmgp.dll
C:\WINDOWS\system32\vskwwxer.dll
C:\WINDOWS\system32\vvtngwth.ini
C:\WINDOWS\system32\wajkikjj.dll
C:\WINDOWS\system32\wajvjdga.ini
C:\WINDOWS\system32\wckjxnwk.dll
C:\WINDOWS\system32\wcpisafc.exe
C:\WINDOWS\system32\wdrecbkv.dll
C:\WINDOWS\system32\wfuchnvl.dll
C:\WINDOWS\system32\whcjlyee.ini
C:\WINDOWS\system32\whfftjyk.ini
C:\WINDOWS\system32\whqxjuxg.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wjcnxgca.dll
C:\WINDOWS\system32\wkivrxlr.exe
C:\WINDOWS\system32\wtyjvgao.ini
C:\WINDOWS\system32\wvjdrtly.ini
C:\WINDOWS\system32\wwbaandd.exe
C:\WINDOWS\system32\xaqpnoqa.dll
C:\WINDOWS\system32\xgoeqrho.dll
C:\WINDOWS\system32\xjfnwmgt.dll
C:\WINDOWS\system32\xjgsshxt.ini
C:\WINDOWS\system32\xkvllpnt.dll
C:\WINDOWS\system32\xmlyhith.dll
C:\WINDOWS\system32\xnansqwv.exe
C:\WINDOWS\system32\xoaydfgv.dll
C:\WINDOWS\system32\xqddbsmo.ini
C:\WINDOWS\system32\xrqmiycr.exe
C:\WINDOWS\system32\xrurqeax.exe
C:\WINDOWS\system32\xshunmef.ini
C:\WINDOWS\system32\xtekhnqt.exe
C:\WINDOWS\system32\xufxiwqg.dll
C:\WINDOWS\system32\xxjucovg.ini
C:\WINDOWS\system32\xxswfjee.ini
C:\WINDOWS\system32\yblwhotq.ini
C:\WINDOWS\system32\ybxqnbtk.dll
C:\WINDOWS\system32\ybyciujs.ini
C:\WINDOWS\system32\ycbkfymy.exe
C:\WINDOWS\system32\ycwslqoe.exe
C:\WINDOWS\system32\ycxkjlho.ini
C:\WINDOWS\system32\yeiqqyvo.ini
C:\WINDOWS\system32\yffknjoy.exe
C:\WINDOWS\system32\yfqacryf.dll
C:\WINDOWS\system32\yfxiblxt.ini
C:\WINDOWS\system32\yhmsyrnl.dll
C:\WINDOWS\system32\yltrdjvw.dll
C:\WINDOWS\system32\ylvofxcr.dll
C:\WINDOWS\system32\ylxbsfaf.exe
C:\WINDOWS\system32\ynxlkwnl.ini
C:\WINDOWS\system32\ynxqqvoc.ini
C:\WINDOWS\system32\yogvpdeb.exe
C:\WINDOWS\system32\ysqppobd.ini
C:\WINDOWS\system32\ytudccqs.exe
C:\WINDOWS\system32\yxdortnd.exe
C:\WINDOWS\system32\yxkgyhrs.exe
C:\WINDOWS\system32\yyduijmm.dll
C:\WINDOWS\wpcjmd.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_OHCIUSB
-------\LEGACY_POOF
-------\LEGACY_SMTPDRV
-------\LEGACY_VKBY46
-------\DomainService
-------\ohciusb


((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 )))))))))))))))))))))))))))))))
.

2007-12-15 20:37 . 2007-12-15 20:56 354 --ahs---- C:\WINDOWS\system32\iykmyijd.ini
2007-12-11 07:09 . 2007-12-11 07:09 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-10 21:40 . 2007-12-10 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WFP
2007-12-10 21:39 . 2007-12-11 07:13 <DIR> d-------- C:\Program Files\Microsoft Windows Feedback Panel
2007-12-09 13:42 . 2007-12-09 13:42 414 --ahs---- C:\WINDOWS\system32\htiiddbk.ini
2007-12-09 12:39 . 2007-12-09 12:39 354 --ahs---- C:\WINDOWS\system32\uexbocjm.ini
2007-12-09 12:31 . 2007-12-09 12:31 294 --ahs---- C:\WINDOWS\system32\drqabgdn.ini
2007-12-09 00:58 . 2007-12-09 00:58 654 --ahs---- C:\WINDOWS\system32\xugusvbx.ini
2007-12-08 23:55 . 2007-12-08 23:55 594 --ahs---- C:\WINDOWS\system32\xjusufnw.ini
2007-12-08 22:55 . 2007-12-08 22:55 534 --ahs---- C:\WINDOWS\system32\xpujvdqq.ini
2007-12-08 21:52 . 2007-12-08 21:52 474 --ahs---- C:\WINDOWS\system32\lddsyxia.ini
2007-12-08 20:46 . 2007-12-08 20:46 414 --ahs---- C:\WINDOWS\system32\ejnykhhg.ini
2007-12-08 19:46 . 2007-12-08 19:46 354 --ahs---- C:\WINDOWS\system32\qdyaevgl.ini
2007-12-08 17:34 . 2007-12-08 17:34 294 --ahs---- C:\WINDOWS\system32\bptvkqhd.ini
2007-11-23 19:28 . 2007-11-23 19:28 294 --ahs---- C:\WINDOWS\system32\yduogluq.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 22:52 --------- d-----w C:\Documents and Settings\Patrick\Application Data\OpenOffice.org2
2007-12-03 16:06 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-11-15 02:01 --------- d-----w C:\Program Files\Trend Micro
2007-11-15 02:00 812,344 ----a-w C:\Program Files\HJTInstall.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-09-25 01:44 26,688,424 -c--a-w C:\Program Files\form414install.exe
2007-09-18 21:41 17 -c--a-w C:\Program Files\stinger.opt
2007-09-18 11:28 1,953,799 -c--a-w C:\Program Files\stinger.exe
2007-09-12 22:22 7,467,056 -c--a-w C:\Program Files\spybotsd15.exe
2007-09-12 03:01 19,142,000 -c--a-w C:\Program Files\aaw2007.exe
2007-02-24 18:48 9,340,443 -c--a-w C:\Program Files\win2k_xp142550.exe
2007-02-24 15:35 415,784 -c--a-w C:\Program Files\msgr8us.exe
2007-02-24 14:45 37,742,792 -c--a-w C:\Program Files\gametap_setup.exe
2007-02-21 23:01 1,744,128 -c--a-w C:\Program Files\foxitreader_setup.exe
2006-10-10 02:23 836,783 -c--a-w C:\Program Files\7z442.exe
2006-10-10 00:44 6,224,944 -c--a-w C:\Program Files\pkreader.exe
2007-06-13 10:23 89,003 --sha-r C:\WINDOWS\system32\netfemmj.exe
2004-08-04 11:00 46,329 --sha-r C:\WINDOWS\system32\reggsmzh.exe
2005-07-29 20:24 472 -csha-r C:\WINDOWS\UGF0cmljaw\o3IXwA53uT.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C8E40A9-B9ED-4931-40B9-72F7D5BE3821}]
C:\Program Files\Internet Explorer\labupuco631.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C2F1F27-D489-43AC-85A0-2CC2014B4588}]
C:\WINDOWS\system32\vtsqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54900915-99E3-4245-A97D-0637BF966F46}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"isrdmcc"="KB27948801.exe" []
"drmsses"="C:\WINDOWS\system32\reggsmzh.exe" [2004-08-04 06:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-03 00:03]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 23:59]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 11:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 01:35]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-12-09 14:58]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-11-10 12:54]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-01-28 19:08]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 08:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-26 20:32]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"eftfkviA"="C:\WINDOWS\eftfkviA.exe" []
"Windows NT"="C:\WINDOWS\Twunk_16.exe" [2004-08-04 06:00]
"{32-26-6D-D5-ZN}"="C:\Documents and Settings\Patrick\Local Settings\Temp\thinksnet.exe" []
"isrdmcc"="KB27948801.exe" []
"drmsses"="C:\WINDOWS\system32\reggsmzh.exe" [2004-08-04 06:00]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 14:53]

C:\Documents and Settings\Patrick\Start Menu\Programs\Startup\
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-06-22 13:15:48]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
WFPUser.lnk - C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe [2006-06-13 16:43:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"rjezqPhXW"= {FCC326D6-5669-8C7C-A5C7-878CC7F7963D} - C:\WINDOWS\system32\jk.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmkji]
pmnmkji.dll

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 WFPService;WFPService;C:\Program Files\Microsoft Windows Feedback Panel\WFPService.exe [2006-06-13 16:43]
S2 Windows Network Serialize;Windows Network Serialize;"C:\WINDOWS\system32\mswns32.exe" []
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 10:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e42d7ad6-2ed7-11db-bff3-00123f0fc939}]
\Shell\AutoRun\command - rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 19:30:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-17 19:34:40 - machine was rebooted
.
2007-12-12 03:24:42 --- E O F ---




And here is the updated HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:32 PM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows Feedback Panel\WFPService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Microsoft Windows Feedback Panel\WFPUser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpasieve.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpcore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\reggsmzh.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {0C8E40A9-B9ED-4931-40B9-72F7D5BE3821} - C:\Program Files\Internet Explorer\labupuco631.dll (file missing)
O2 - BHO: (no name) - {4C2F1F27-D489-43AC-85A0-2CC2014B4588} - C:\WINDOWS\system32\vtsqn.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Editor plugin - {54900915-99E3-4245-A97D-0637BF966F46} - cortals.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB002" /M "Stylus C88"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eftfkviA] C:\WINDOWS\eftfkviA.exe
O4 - HKLM\..\Run: [Windows NT] C:\WINDOWS\Twunk_16.exe
O4 - HKLM\..\Run: [{32-26-6D-D5-ZN}] C:\Documents and Settings\Patrick\Local Settings\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [isrdmcc] KB27948801.exe
O4 - HKLM\..\Run: [drmsses] C:\WINDOWS\system32\reggsmzh.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [isrdmcc] KB27948801.exe
O4 - HKCU\..\Run: [drmsses] C:\WINDOWS\system32\reggsmzh.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WFPUser.lnk = C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://imail2.bbh.com/iNotes6.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: pmnmkji - pmnmkji.dll (file missing)
O21 - SSODL: rjezqPhXW - {FCC326D6-5669-8C7C-A5C7-878CC7F7963D} - C:\WINDOWS\system32\jk.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Network Serialize - Unknown owner - C:\WINDOWS\system32\mswns32.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8087 bytes

#8 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:40 AM

Posted 19 December 2007 - 12:11 AM

Hi!

Step one

Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

O2 - BHO: 0 - {0C8E40A9-B9ED-4931-40B9-72F7D5BE3821} - C:\Program Files\Internet Explorer\labupuco631.dll (file missing)
O2 - BHO: (no name) - {4C2F1F27-D489-43AC-85A0-2CC2014B4588} - C:\WINDOWS\system32\vtsqn.dll (file missing)
O2 - BHO: Editor plugin - {54900915-99E3-4245-A97D-0637BF966F46} - cortals.dll (file missing)
O4 - HKLM\..\Run: [eftfkviA] C:\WINDOWS\eftfkviA.exe
O4 - HKLM\..\Run: [Windows NT] C:\WINDOWS\Twunk_16.exe
O4 - HKLM\..\Run: [{32-26-6D-D5-ZN}] C:\Documents and Settings\Patrick\Local Settings\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [isrdmcc] KB27948801.exe
O4 - HKLM\..\Run: [drmsses] C:\WINDOWS\system32\reggsmzh.exe
O4 - HKCU\..\Run: [isrdmcc] KB27948801.exe
O4 - HKCU\..\Run: [drmsses] C:\WINDOWS\system32\reggsmzh.exe
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O20 - Winlogon Notify: pmnmkji - pmnmkji.dll (file missing)
O21 - SSODL: rjezqPhXW - {FCC326D6-5669-8C7C-A5C7-878CC7F7963D} - C:\WINDOWS\system32\jk.dll (file missing)


Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.


Step two

Go to Start->Run and type in notepad and hit OK.
Then copy and paste the content of the following codebox into Notepad:
sc stop "Windows Network Serialize"
sc delete "Windows Network Serialize"
del delete.bat

Save the file as "delete.bat". Make sure to save it with the quotation marks.

Double click delete.bat.


Step three

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\iykmyijd.ini
C:\WINDOWS\system32\htiiddbk.ini
C:\WINDOWS\system32\uexbocjm.ini
C:\WINDOWS\system32\drqabgdn.ini
C:\WINDOWS\system32\xugusvbx.ini
C:\WINDOWS\system32\xjusufnw.ini
C:\WINDOWS\system32\xpujvdqq.ini
C:\WINDOWS\system32\lddsyxia.ini
C:\WINDOWS\system32\ejnykhhg.ini
C:\WINDOWS\system32\qdyaevgl.ini
C:\WINDOWS\system32\bptvkqhd.ini
C:\WINDOWS\system32\yduogluq.ini
C:\WINDOWS\system32\reggsmzh.exe
C:\Windows\system32\KB27948801.exe
C:\Documents and Settings\Patrick\Local Settings\Temp\thinksnet.exe
C:\WINDOWS\Twunk_16.exe
C:\WINDOWS\eftfkviA.exe

Folder::
C:\WINDOWS\UGF0cmljaw


Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.


Step four

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.


Step five

You are missing one important program on that computer: An antivirus.
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can and run a complete scan of the computer:Install it and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.

Step six


Please do the following...

Download ATF (Atribune Temp File) Cleanerę by Atribune to your desktop.
This program is for XP and Windows 2000 only!

Double-click ATF Cleaner.exe to open it.

Under Main select the following:
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Click Exit on the Main menu to close the program.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
AVG Anti-Spyware
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Once in Safe Mode:

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Do not automatically generate reports and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot back into Normal Mode, and post a new HJT log, along with the AVG Anti-Spyware log.

Step seven

Please post a fresh HijackThis log, Combofix log and AVG Anti-Spyware results back here :thumbsup: :blink:
Posted Image

#9 patrickjc

patrickjc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 23 December 2007 - 08:12 PM

Thanks!

Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:41 PM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows Feedback Panel\WFPService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Microsoft Windows Feedback Panel\WFPUser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpasieve.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpcore.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: (no name) - {04A1CC7A-140C-403D-B543-BE983B0233F6} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A6AB8D5-AD12-4BE2-826D-DA63D93C47F4} - (no file)
O2 - BHO: (no name) - {2B251126-6B51-4E7A-9323-4F1DD351DEDE} - (no file)
O2 - BHO: (no name) - {462EF104-9D16-4DFB-9DD5-776ED8D63EF7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6B960B0D-678E-4C0D-87DB-4BC6BF45D16F} - (no file)
O2 - BHO: (no name) - {81FC9BD1-D17E-4B78-843A-550E1F87F932} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB002" /M "Stylus C88"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [isrdmcc] KB27948801.exe
O4 - HKCU\..\Run: [drmsses] C:\WINDOWS\system32\reggsmzh.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WFPUser.lnk = C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://imail2.bbh.com/iNotes6.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9113 bytes

#10 patrickjc

patrickjc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 23 December 2007 - 08:18 PM

Here is the Combofix log:

ComboFix 07-12-17.1 - Patrick 2007-12-17 19:02:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.59 [GMT -5:00]
Running from: C:\Documents and Settings\Patrick\desktop\combofix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Patrick\err.log
C:\Documents and Settings\Patrick\My Documents\SSEMBL~1
C:\Documents and Settings\Patrick\Start Menu\Programs\Startup\.lnk
C:\Documents and Settings\Patrick\Start Menu\Programs\Startup\TA_Start.lnk
C:\Program Files\poolsv
C:\Program Files\poolsv\YazzleBundle-1549.exe
C:\Program Files\svhost
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\WINDOWS\b147.exe
C:\WINDOWS\cfg32.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\acgxncjw.ini
C:\WINDOWS\system32\acwearsj.dll
C:\WINDOWS\system32\advfjpbn.ini
C:\WINDOWS\system32\aetcjhhi.dll
C:\WINDOWS\system32\agcdtygs.exe
C:\WINDOWS\system32\agdjvjaw.dll
C:\WINDOWS\system32\aglrluuc.exe
C:\WINDOWS\system32\alqfcgdm.exe
C:\WINDOWS\system32\amtopnhf.exe
C:\WINDOWS\system32\amwgpjii.exe
C:\WINDOWS\system32\aogqhiim.exe
C:\WINDOWS\system32\apwonnbp.exe
C:\WINDOWS\system32\aqnioxwf.exe
C:\WINDOWS\system32\aqomohuc.ini
C:\WINDOWS\system32\aqonpqax.ini
C:\WINDOWS\system32\avpsqjvl.ini
C:\WINDOWS\system32\bbgpirqa.exe
C:\WINDOWS\system32\bepsprqp.dll
C:\WINDOWS\system32\bepuhcnu.exe
C:\WINDOWS\system32\bevwqwnb.ini
C:\WINDOWS\system32\bgoamjmt.exe
C:\WINDOWS\system32\bgyxshxc.dll
C:\WINDOWS\system32\bhtdywjc.exe
C:\WINDOWS\system32\biakqxjv.ini
C:\WINDOWS\system32\bjassxfc.ini
C:\WINDOWS\system32\bknvvrfr.dll
C:\WINDOWS\system32\bnwqwveb.dll
C:\WINDOWS\system32\bqoisbrw.exe
C:\WINDOWS\system32\bxjirpim.dll
C:\WINDOWS\system32\byjydgkr.exe
C:\WINDOWS\system32\cagvnoos.dll
C:\WINDOWS\system32\calnqplf.ini
C:\WINDOWS\system32\cdifqmnq.ini
C:\WINDOWS\system32\cfxssajb.dll
C:\WINDOWS\system32\cnetxlnt.dll
C:\WINDOWS\system32\cnmfnqns.exe
C:\WINDOWS\system32\commands.xml
C:\WINDOWS\system32\cotbauml.exe
C:\WINDOWS\system32\covqqxny.dll
C:\WINDOWS\system32\cpnlmlnk.dll
C:\WINDOWS\system32\crlwwcly.exe
C:\WINDOWS\system32\csvvjbbf.dll
C:\WINDOWS\system32\ctapebge.dll
C:\WINDOWS\system32\cuhomoqa.dll
C:\WINDOWS\system32\cvaqsvjp.dll
C:\WINDOWS\system32\cxhsxygb.ini
C:\WINDOWS\system32\cyekddwo.dll
C:\WINDOWS\system32\dbieodfh.exe
C:\WINDOWS\system32\dboppqsy.dll
C:\WINDOWS\system32\dcafahyb.exe
C:\WINDOWS\system32\dcuuxvis.dll
C:\WINDOWS\system32\ddkibypa.dll
C:\WINDOWS\system32\dennfcdk.dll
C:\WINDOWS\system32\dftkfheg.exe
C:\WINDOWS\system32\dhqhilpr.exe
C:\WINDOWS\system32\djevqgxy.exe
C:\WINDOWS\system32\dmymuwmg.ini
C:\WINDOWS\system32\dobtyfro.exe
C:\WINDOWS\system32\dopfsskk.dll
C:\WINDOWS\system32\drivers\ohciusb.sys
C:\WINDOWS\system32\drivers\ohciusb.syt
C:\WINDOWS\system32\drivers\ohctusb.sys
C:\WINDOWS\system32\drivers\ohctusb.syt
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\drivers\VKBY46.sys
C:\WINDOWS\system32\dtsvrwwg.exe
C:\WINDOWS\system32\dvxbgoyr.exe
C:\WINDOWS\system32\dxkanchi.dll
C:\WINDOWS\system32\edukcwkt.ini
C:\WINDOWS\system32\eejfwsxx.dll
C:\WINDOWS\system32\eeyljchw.dll
C:\WINDOWS\system32\efsrgswl.ini
C:\WINDOWS\system32\efwlnxlw.exe
C:\WINDOWS\system32\egbepatc.ini
C:\WINDOWS\system32\eksegrif.ini
C:\WINDOWS\system32\emjllhqn.ini
C:\WINDOWS\system32\enascksp.dll
C:\WINDOWS\system32\eoayhkff.dll
C:\WINDOWS\system32\euuxyxin.exe
C:\WINDOWS\system32\evuiymsf.ini
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\F1
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F3
C:\WINDOWS\system32\F4
C:\WINDOWS\system32\F5
C:\WINDOWS\system32\F5\wbb22.exe
C:\WINDOWS\system32\F9
C:\WINDOWS\system32\fapygkcg.ini
C:\WINDOWS\system32\fbbjvvsc.ini
C:\WINDOWS\system32\fcbbevos.ini
C:\WINDOWS\system32\fdkcpexg.exe
C:\WINDOWS\system32\fdstxrrj.dll
C:\WINDOWS\system32\femnuhsx.dll
C:\WINDOWS\system32\ffkhyaoe.ini
C:\WINDOWS\system32\firgeske.dll
C:\WINDOWS\system32\fjjvnerr.ini
C:\WINDOWS\system32\flpqnlac.dll
C:\WINDOWS\system32\fsmyiuve.dll
C:\WINDOWS\system32\ftutymlj.dll
C:\WINDOWS\system32\fvpfwgsm.exe
C:\WINDOWS\system32\fwybjxti.exe
C:\WINDOWS\system32\fyrcaqfy.ini
C:\WINDOWS\system32\gbkvjsqc.exe
C:\WINDOWS\system32\gckgypaf.dll
C:\WINDOWS\system32\gdqnydwj.dll
C:\WINDOWS\system32\gfmjaxtk.dll
C:\WINDOWS\system32\gllhmpen.dll
C:\WINDOWS\system32\gltrjikt.dll
C:\WINDOWS\system32\gmmavhco.ini
C:\WINDOWS\system32\gmwumymd.dll
C:\WINDOWS\system32\gnkcrqid.exe
C:\WINDOWS\system32\gnrmimxr.ini
C:\WINDOWS\system32\gqwixfux.ini
C:\WINDOWS\system32\gvocujxx.dll
C:\WINDOWS\system32\gwekvket.exe
C:\WINDOWS\system32\gxujxqhw.ini
C:\WINDOWS\system32\help.txt
C:\WINDOWS\system32\heovlkun.dll
C:\WINDOWS\system32\hgacyqpv.exe
C:\WINDOWS\system32\hjjlm.bak1
C:\WINDOWS\system32\hjjlm.bak2
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\hjjlm.ini2
C:\WINDOWS\system32\hjjlm.tmp
C:\WINDOWS\system32\hljxfydn.exe
C:\WINDOWS\system32\hsikatqi.dll
C:\WINDOWS\system32\hsjqqqos.dll
C:\WINDOWS\system32\htihylmx.ini
C:\WINDOWS\system32\htnkaear.dll
C:\WINDOWS\system32\htoknnfo.ini
C:\WINDOWS\system32\htwgntvv.dll
C:\WINDOWS\system32\hubygjnn.exe
C:\WINDOWS\system32\hvgtjdfk.dll
C:\WINDOWS\system32\hxklwnhr.exe
C:\WINDOWS\system32\hxtmhmvd.exe
C:\WINDOWS\system32\hxxxjuke.exe
C:\WINDOWS\system32\ihaxacnx.exe
C:\WINDOWS\system32\ihcnakxd.ini
C:\WINDOWS\system32\ihhjctea.ini
C:\WINDOWS\system32\ihkyhgag.exe
C:\WINDOWS\system32\iipxlefq.ini
C:\WINDOWS\system32\ikgkwkix.exe
C:\WINDOWS\system32\ikuxbckr.dll
C:\WINDOWS\system32\imfbgvxr.exe
C:\WINDOWS\system32\ipyioruj.exe
C:\WINDOWS\system32\iqtakish.ini
C:\WINDOWS\system32\isgbggmf.exe
C:\WINDOWS\system32\ivewmxsm.dll
C:\WINDOWS\system32\iydnoayr.ini
C:\WINDOWS\system32\jbasbmju.ini
C:\WINDOWS\system32\jfyhndky.exe
C:\WINDOWS\system32\jjkikjaw.ini
C:\WINDOWS\system32\jjlnaxxj.dll
C:\WINDOWS\system32\jkhxkryq.exe
C:\WINDOWS\system32\jldkuoju.dll
C:\WINDOWS\system32\jlinesna.exe
C:\WINDOWS\system32\jlmytutf.ini
C:\WINDOWS\system32\jmhhhcxg.exe
C:\WINDOWS\system32\jnitxlvd.exe
C:\WINDOWS\system32\jsraewca.ini
C:\WINDOWS\system32\jvgsajye.exe
C:\WINDOWS\system32\jwdynqdg.ini
C:\WINDOWS\system32\jxvdlonn.dll
C:\WINDOWS\system32\jxxanljj.ini
C:\WINDOWS\system32\KB27858024.exe
C:\WINDOWS\system32\kdcfnned.ini
C:\WINDOWS\system32\kfdjtgvh.ini
C:\WINDOWS\system32\kgyyhlut.ini
C:\WINDOWS\system32\kkssfpod.ini
C:\WINDOWS\system32\klgrnpdv.exe
C:\WINDOWS\system32\kllsnkoq.exe
C:\WINDOWS\system32\kmbqvdop.dll
C:\WINDOWS\system32\kmuxfrmy.exe
C:\WINDOWS\system32\knlmlnpc.ini
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\kqnrgbwr.dll
C:\WINDOWS\system32\krhbqbhy.exe
C:\WINDOWS\system32\ktbnqxby.ini
C:\WINDOWS\system32\ktxajmfg.ini
C:\WINDOWS\system32\kubbkvgs.ini
C:\WINDOWS\system32\kvbflwlq.exe
C:\WINDOWS\system32\kwnxjkcw.ini
C:\WINDOWS\system32\kwywiret.exe
C:\WINDOWS\system32\kyjtffhw.dll
C:\WINDOWS\system32\kyowiavk.exe
C:\WINDOWS\system32\l3acdb2.dll
C:\WINDOWS\system32\lcgdfppu.exe
C:\WINDOWS\system32\ldqqnfdr.dll
C:\WINDOWS\system32\lijridqa.exe
C:\WINDOWS\system32\lnwklxny.dll
C:\WINDOWS\system32\lpvurcin.exe
C:\WINDOWS\system32\ltgjmsok.exe
C:\WINDOWS\system32\lulttsro.exe
C:\WINDOWS\system32\lvjqspva.dll
C:\WINDOWS\system32\lvnhcufw.ini
C:\WINDOWS\system32\lwsgrsfe.dll
C:\WINDOWS\system32\maneywxh.exe
C:\WINDOWS\system32\mgqlnarv.ini
C:\WINDOWS\system32\mhnaxjwu.dll
C:\WINDOWS\system32\miprijxb.ini
C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\mmjiudyy.ini
C:\WINDOWS\system32\mnrrsfrb.dll
C:\WINDOWS\system32\moswhpyn.ini
C:\WINDOWS\system32\mqyldjwp.dll
C:\WINDOWS\system32\mrnqujqq.ini
C:\WINDOWS\system32\msmapibx32.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\msrskyta.exe
C:\WINDOWS\system32\msxmwevi.ini
C:\WINDOWS\system32\mtxuqfad.exe
C:\WINDOWS\system32\mxekeyqs.ini
C:\WINDOWS\system32\nanlibmj.exe
C:\WINDOWS\system32\nbpjfvda.dll
C:\WINDOWS\system32\nelgqojb.exe
C:\WINDOWS\system32\nepmhllg.ini
C:\WINDOWS\system32\nlgldtfo.exe
C:\WINDOWS\system32\nlvlpwhk.exe
C:\WINDOWS\system32\nlxaiiau.ini
C:\WINDOWS\system32\nnhnvejf.exe
C:\WINDOWS\system32\nnoldvxj.ini
C:\WINDOWS\system32\nqhlljme.dll
C:\WINDOWS\system32\nqmkmdgm.exe
C:\WINDOWS\system32\nsaasnhj.exe
C:\WINDOWS\system32\nuklvoeh.ini
C:\WINDOWS\system32\nyphwsom.dll
C:\WINDOWS\system32\o09PrEz
C:\WINDOWS\system32\oagvjytw.dll
C:\WINDOWS\system32\ochvammg.dll
C:\WINDOWS\system32\oejeavpq.dll
C:\WINDOWS\system32\ofjtbcsq.ini
C:\WINDOWS\system32\ofnnkoth.dll
C:\WINDOWS\system32\ogovywfw.exe
C:\WINDOWS\system32\ohljkxcy.dll
C:\WINDOWS\system32\ohrqeogx.ini
C:\WINDOWS\system32\okqojjgv.exe
C:\WINDOWS\system32\omqooblv.ini
C:\WINDOWS\system32\omsbddqx.dll
C:\WINDOWS\system32\orouhmmu.exe
C:\WINDOWS\system32\otnpcbgu.exe
C:\WINDOWS\system32\otsmyyga.exe
C:\WINDOWS\system32\ovlpqwuj.exe
C:\WINDOWS\system32\ovyqqiey.dll
C:\WINDOWS\system32\owddkeyc.ini
C:\WINDOWS\system32\oykgtqip.exe
C:\WINDOWS\system32\pfkjirdq.dll
C:\WINDOWS\system32\pgmtwcsv.ini
C:\WINDOWS\system32\pjvsqavc.ini
C:\WINDOWS\system32\podvqbmk.ini
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\pqrpspeb.ini
C:\WINDOWS\system32\prrbypyr.exe
C:\WINDOWS\system32\ps.dat
C:\WINDOWS\system32\pshrlidy.exe
C:\WINDOWS\system32\pskcsane.ini
C:\WINDOWS\system32\psvaxcjc.exe
C:\WINDOWS\system32\ptxoftps.ini
C:\WINDOWS\system32\pwjdlyqm.ini
C:\WINDOWS\system32\qaukpsot.dll
C:\WINDOWS\system32\qdrijkfp.ini
C:\WINDOWS\system32\qechnoht.exe
C:\WINDOWS\system32\qfelxpii.dll
C:\WINDOWS\system32\qffubmqi.exe
C:\WINDOWS\system32\qkrmhoqv.exe
C:\WINDOWS\system32\qljklopy.exe
C:\WINDOWS\system32\qmwrdget.dll
C:\WINDOWS\system32\qnmqfidc.dll
C:\WINDOWS\system32\qnvwbitn.exe
C:\WINDOWS\system32\qodybwpe.exe
C:\WINDOWS\system32\qpajaeff.exe
C:\WINDOWS\system32\qpvaejeo.ini
C:\WINDOWS\system32\qqciveia.exe
C:\WINDOWS\system32\qqjuqnrm.dll
C:\WINDOWS\system32\qscbtjfo.dll
C:\WINDOWS\system32\qtjpydvd.exe
C:\WINDOWS\system32\qtohwlby.dll
C:\WINDOWS\system32\raeaknth.ini
C:\WINDOWS\system32\rbodpqgu.exe
C:\WINDOWS\system32\rcxfovly.ini
C:\WINDOWS\system32\rdfnqqdl.ini
C:\WINDOWS\system32\rexwwksv.ini
C:\WINDOWS\system32\rfrqwejf.exe
C:\WINDOWS\system32\rgjtleik.exe
C:\WINDOWS\system32\rgsbrqmu.dll
C:\WINDOWS\system32\rkcbxuki.ini
C:\WINDOWS\system32\rkvounst.dll
C:\WINDOWS\system32\rqbamcni.exe
C:\WINDOWS\system32\rrenvjjf.dll
C:\WINDOWS\system32\rugjohws.exe
C:\WINDOWS\system32\rwbgrnqk.ini
C:\WINDOWS\system32\rxmimrng.dll
C:\WINDOWS\system32\ryaondyi.dll
C:\WINDOWS\system32\sbumeeds.ini
C:\WINDOWS\system32\scgsnyvs.exe
C:\WINDOWS\system32\scsxuiva.exe
C:\WINDOWS\system32\sdeemubs.dll
C:\WINDOWS\system32\sfjvsbrm.exe
C:\WINDOWS\system32\sgbgbcae.exe
C:\WINDOWS\system32\sgvkbbuk.dll
C:\WINDOWS\system32\sivxuucd.ini
C:\WINDOWS\system32\sjcxxoqr.exe
C:\WINDOWS\system32\sjuicyby.dll
C:\WINDOWS\system32\soonvgac.ini
C:\WINDOWS\system32\soqqqjsh.ini
C:\WINDOWS\system32\sovebbcf.dll
C:\WINDOWS\system32\sphtfmgp.exe
C:\WINDOWS\system32\sptfoxtp.dll
C:\WINDOWS\system32\sqyekexm.dll
C:\WINDOWS\system32\stppbkiu.ini
C:\WINDOWS\system32\sultjkme.exe
C:\WINDOWS\system32\swtubitb.exe
C:\WINDOWS\system32\sxwmivig.exe
C:\WINDOWS\system32\tegdrwmq.ini
C:\WINDOWS\system32\tgmwnfjx.ini
C:\WINDOWS\system32\tgywrytu.exe
C:\WINDOWS\system32\thedogku.exe
C:\WINDOWS\system32\thidnrqg.exe
C:\WINDOWS\system32\tihalsgj.exe
C:\WINDOWS\system32\titbslbu.exe
C:\WINDOWS\system32\tkijrtlg.ini
C:\WINDOWS\system32\tkwckude.dll
C:\WINDOWS\system32\tnlxtenc.ini
C:\WINDOWS\system32\tnpllvkx.ini
C:\WINDOWS\system32\toafcbny.exe
C:\WINDOWS\system32\tospkuaq.ini
C:\WINDOWS\system32\tsisblqt.exe
C:\WINDOWS\system32\tsnuovkr.ini
C:\WINDOWS\system32\tulhyygk.dll
C:\WINDOWS\system32\txhssgjx.dll
C:\WINDOWS\system32\txkgakyo.exe
C:\WINDOWS\system32\txlbixfy.dll
C:\WINDOWS\system32\txsnfswe.exe
C:\WINDOWS\system32\uaiiaxln.dll
C:\WINDOWS\system32\ubuxbidg.exe
C:\WINDOWS\system32\ugtmxamv.ini
C:\WINDOWS\system32\uikbppts.dll
C:\WINDOWS\system32\ujmbsabj.dll
C:\WINDOWS\system32\ujoukdlj.ini
C:\WINDOWS\system32\ukhdnytj.exe
C:\WINDOWS\system32\ukvxeegl.exe
C:\WINDOWS\system32\ulkgbjcv.exe
C:\WINDOWS\system32\umncrprn.exe
C:\WINDOWS\system32\umqrbsgr.ini
C:\WINDOWS\system32\upimrywt.exe
C:\WINDOWS\system32\uplqikls.exe
C:\WINDOWS\system32\uwjxanhm.ini
C:\WINDOWS\system32\V1
C:\WINDOWS\system32\V1\dllicm1.exe
C:\WINDOWS\system32\vcwgrrsi.exe
C:\WINDOWS\system32\vfbkaqos.exe
C:\WINDOWS\system32\vgfdyaox.ini
C:\WINDOWS\system32\vjxqkaib.dll
C:\WINDOWS\system32\vkafkefu.exe
C:\WINDOWS\system32\vkbcerdw.ini
C:\WINDOWS\system32\vlbooqmo.dll
C:\WINDOWS\system32\vmaxmtgu.dll
C:\WINDOWS\system32\vmhbnbwc.exe
C:\WINDOWS\system32\vranlqgm.dll
C:\WINDOWS\system32\vscwtmgp.dll
C:\WINDOWS\system32\vskwwxer.dll
C:\WINDOWS\system32\vvtngwth.ini
C:\WINDOWS\system32\wajkikjj.dll
C:\WINDOWS\system32\wajvjdga.ini
C:\WINDOWS\system32\wckjxnwk.dll
C:\WINDOWS\system32\wcpisafc.exe
C:\WINDOWS\system32\wdrecbkv.dll
C:\WINDOWS\system32\wfuchnvl.dll
C:\WINDOWS\system32\whcjlyee.ini
C:\WINDOWS\system32\whfftjyk.ini
C:\WINDOWS\system32\whqxjuxg.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wjcnxgca.dll
C:\WINDOWS\system32\wkivrxlr.exe
C:\WINDOWS\system32\wtyjvgao.ini
C:\WINDOWS\system32\wvjdrtly.ini
C:\WINDOWS\system32\wwbaandd.exe
C:\WINDOWS\system32\xaqpnoqa.dll
C:\WINDOWS\system32\xgoeqrho.dll
C:\WINDOWS\system32\xjfnwmgt.dll
C:\WINDOWS\system32\xjgsshxt.ini
C:\WINDOWS\system32\xkvllpnt.dll
C:\WINDOWS\system32\xmlyhith.dll
C:\WINDOWS\system32\xnansqwv.exe
C:\WINDOWS\system32\xoaydfgv.dll
C:\WINDOWS\system32\xqddbsmo.ini
C:\WINDOWS\system32\xrqmiycr.exe
C:\WINDOWS\system32\xrurqeax.exe
C:\WINDOWS\system32\xshunmef.ini
C:\WINDOWS\system32\xtekhnqt.exe
C:\WINDOWS\system32\xufxiwqg.dll
C:\WINDOWS\system32\xxjucovg.ini
C:\WINDOWS\system32\xxswfjee.ini
C:\WINDOWS\system32\yblwhotq.ini
C:\WINDOWS\system32\ybxqnbtk.dll
C:\WINDOWS\system32\ybyciujs.ini
C:\WINDOWS\system32\ycbkfymy.exe
C:\WINDOWS\system32\ycwslqoe.exe
C:\WINDOWS\system32\ycxkjlho.ini
C:\WINDOWS\system32\yeiqqyvo.ini
C:\WINDOWS\system32\yffknjoy.exe
C:\WINDOWS\system32\yfqacryf.dll
C:\WINDOWS\system32\yfxiblxt.ini
C:\WINDOWS\system32\yhmsyrnl.dll
C:\WINDOWS\system32\yltrdjvw.dll
C:\WINDOWS\system32\ylvofxcr.dll
C:\WINDOWS\system32\ylxbsfaf.exe
C:\WINDOWS\system32\ynxlkwnl.ini
C:\WINDOWS\system32\ynxqqvoc.ini
C:\WINDOWS\system32\yogvpdeb.exe
C:\WINDOWS\system32\ysqppobd.ini
C:\WINDOWS\system32\ytudccqs.exe
C:\WINDOWS\system32\yxdortnd.exe
C:\WINDOWS\system32\yxkgyhrs.exe
C:\WINDOWS\system32\yyduijmm.dll
C:\WINDOWS\wpcjmd.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_OHCIUSB
-------\LEGACY_POOF
-------\LEGACY_SMTPDRV
-------\LEGACY_VKBY46
-------\DomainService
-------\ohciusb


((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 )))))))))))))))))))))))))))))))
.

2007-12-15 20:37 . 2007-12-15 20:56 354 --ahs---- C:\WINDOWS\system32\iykmyijd.ini
2007-12-11 07:09 . 2007-12-11 07:09 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-10 21:40 . 2007-12-10 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WFP
2007-12-10 21:39 . 2007-12-11 07:13 <DIR> d-------- C:\Program Files\Microsoft Windows Feedback Panel
2007-12-09 13:42 . 2007-12-09 13:42 414 --ahs---- C:\WINDOWS\system32\htiiddbk.ini
2007-12-09 12:39 . 2007-12-09 12:39 354 --ahs---- C:\WINDOWS\system32\uexbocjm.ini
2007-12-09 12:31 . 2007-12-09 12:31 294 --ahs---- C:\WINDOWS\system32\drqabgdn.ini
2007-12-09 00:58 . 2007-12-09 00:58 654 --ahs---- C:\WINDOWS\system32\xugusvbx.ini
2007-12-08 23:55 . 2007-12-08 23:55 594 --ahs---- C:\WINDOWS\system32\xjusufnw.ini
2007-12-08 22:55 . 2007-12-08 22:55 534 --ahs---- C:\WINDOWS\system32\xpujvdqq.ini
2007-12-08 21:52 . 2007-12-08 21:52 474 --ahs---- C:\WINDOWS\system32\lddsyxia.ini
2007-12-08 20:46 . 2007-12-08 20:46 414 --ahs---- C:\WINDOWS\system32\ejnykhhg.ini
2007-12-08 19:46 . 2007-12-08 19:46 354 --ahs---- C:\WINDOWS\system32\qdyaevgl.ini
2007-12-08 17:34 . 2007-12-08 17:34 294 --ahs---- C:\WINDOWS\system32\bptvkqhd.ini
2007-11-23 19:28 . 2007-11-23 19:28 294 --ahs---- C:\WINDOWS\system32\yduogluq.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 22:52 --------- d-----w C:\Documents and Settings\Patrick\Application Data\OpenOffice.org2
2007-12-03 16:06 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-11-15 02:01 --------- d-----w C:\Program Files\Trend Micro
2007-11-15 02:00 812,344 ----a-w C:\Program Files\HJTInstall.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-09-25 01:44 26,688,424 -c--a-w C:\Program Files\form414install.exe
2007-09-18 21:41 17 -c--a-w C:\Program Files\stinger.opt
2007-09-18 11:28 1,953,799 -c--a-w C:\Program Files\stinger.exe
2007-09-12 22:22 7,467,056 -c--a-w C:\Program Files\spybotsd15.exe
2007-09-12 03:01 19,142,000 -c--a-w C:\Program Files\aaw2007.exe
2007-02-24 18:48 9,340,443 -c--a-w C:\Program Files\win2k_xp142550.exe
2007-02-24 15:35 415,784 -c--a-w C:\Program Files\msgr8us.exe
2007-02-24 14:45 37,742,792 -c--a-w C:\Program Files\gametap_setup.exe
2007-02-21 23:01 1,744,128 -c--a-w C:\Program Files\foxitreader_setup.exe
2006-10-10 02:23 836,783 -c--a-w C:\Program Files\7z442.exe
2006-10-10 00:44 6,224,944 -c--a-w C:\Program Files\pkreader.exe
2007-06-13 10:23 89,003 --sha-r C:\WINDOWS\system32\netfemmj.exe
2004-08-04 11:00 46,329 --sha-r C:\WINDOWS\system32\reggsmzh.exe
2005-07-29 20:24 472 -csha-r C:\WINDOWS\UGF0cmljaw\o3IXwA53uT.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C8E40A9-B9ED-4931-40B9-72F7D5BE3821}]
C:\Program Files\Internet Explorer\labupuco631.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C2F1F27-D489-43AC-85A0-2CC2014B4588}]
C:\WINDOWS\system32\vtsqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54900915-99E3-4245-A97D-0637BF966F46}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"isrdmcc"="KB27948801.exe" []
"drmsses"="C:\WINDOWS\system32\reggsmzh.exe" [2004-08-04 06:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-03 00:03]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 23:59]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 11:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 01:35]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-12-09 14:58]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-11-10 12:54]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-01-28 19:08]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 08:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-26 20:32]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"eftfkviA"="C:\WINDOWS\eftfkviA.exe" []
"Windows NT"="C:\WINDOWS\Twunk_16.exe" [2004-08-04 06:00]
"{32-26-6D-D5-ZN}"="C:\Documents and Settings\Patrick\Local Settings\Temp\thinksnet.exe" []
"isrdmcc"="KB27948801.exe" []
"drmsses"="C:\WINDOWS\system32\reggsmzh.exe" [2004-08-04 06:00]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 14:53]

C:\Documents and Settings\Patrick\Start Menu\Programs\Startup\
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-06-22 13:15:48]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
WFPUser.lnk - C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe [2006-06-13 16:43:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"rjezqPhXW"= {FCC326D6-5669-8C7C-A5C7-878CC7F7963D} - C:\WINDOWS\system32\jk.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmkji]
pmnmkji.dll

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 WFPService;WFPService;C:\Program Files\Microsoft Windows Feedback Panel\WFPService.exe [2006-06-13 16:43]
S2 Windows Network Serialize;Windows Network Serialize;"C:\WINDOWS\system32\mswns32.exe" []
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 10:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e42d7ad6-2ed7-11db-bff3-00123f0fc939}]
\Shell\AutoRun\command - rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 19:30:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-17 19:34:40 - machine was rebooted
.
2007-12-12 03:24:42 --- E O F ---

#11 patrickjc

patrickjc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 23 December 2007 - 08:20 PM

The AVG log is too big to paste here, not sure what to do about that.

#12 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:40 AM

Posted 24 December 2007 - 06:13 AM

Hi!

Please upload the report to Rapidshare and give me the download link :thumbsup:
Posted Image

#13 patrickjc

patrickjc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 30 December 2007 - 09:17 PM

Here is the rapidshare link:

http://rapidshare.com/files/80211330/Repor...194723.txt.html

Thanks.

#14 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:40 AM

Posted 31 December 2007 - 07:29 AM

Hi!

I'm sorry, i didn't see that your Combofix log is same as your first Combofix log. Please navigate to C:\ and check is there Combofix2.txt. If there is Combofix2.txt please send it's results back here :thumbsup:

Edited by Baabiouz, 31 December 2007 - 07:30 AM.

Posted Image

#15 patrickjc

patrickjc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 31 December 2007 - 09:03 PM

Yes, there was a log on the C: Drive called ComboFix2. Here it is:

ComboFix 07-12-17.1 - Patrick 2007-12-17 19:02:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.59 [GMT -5:00]
Running from: C:\Documents and Settings\Patrick\desktop\combofix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Patrick\err.log
C:\Documents and Settings\Patrick\My Documents\SSEMBL~1
C:\Documents and Settings\Patrick\Start Menu\Programs\Startup\.lnk
C:\Documents and Settings\Patrick\Start Menu\Programs\Startup\TA_Start.lnk
C:\Program Files\poolsv
C:\Program Files\poolsv\YazzleBundle-1549.exe
C:\Program Files\svhost
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\WINDOWS\b147.exe
C:\WINDOWS\cfg32.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\acgxncjw.ini
C:\WINDOWS\system32\acwearsj.dll
C:\WINDOWS\system32\advfjpbn.ini
C:\WINDOWS\system32\aetcjhhi.dll
C:\WINDOWS\system32\agcdtygs.exe
C:\WINDOWS\system32\agdjvjaw.dll
C:\WINDOWS\system32\aglrluuc.exe
C:\WINDOWS\system32\alqfcgdm.exe
C:\WINDOWS\system32\amtopnhf.exe
C:\WINDOWS\system32\amwgpjii.exe
C:\WINDOWS\system32\aogqhiim.exe
C:\WINDOWS\system32\apwonnbp.exe
C:\WINDOWS\system32\aqnioxwf.exe
C:\WINDOWS\system32\aqomohuc.ini
C:\WINDOWS\system32\aqonpqax.ini
C:\WINDOWS\system32\avpsqjvl.ini
C:\WINDOWS\system32\bbgpirqa.exe
C:\WINDOWS\system32\bepsprqp.dll
C:\WINDOWS\system32\bepuhcnu.exe
C:\WINDOWS\system32\bevwqwnb.ini
C:\WINDOWS\system32\bgoamjmt.exe
C:\WINDOWS\system32\bgyxshxc.dll
C:\WINDOWS\system32\bhtdywjc.exe
C:\WINDOWS\system32\biakqxjv.ini
C:\WINDOWS\system32\bjassxfc.ini
C:\WINDOWS\system32\bknvvrfr.dll
C:\WINDOWS\system32\bnwqwveb.dll
C:\WINDOWS\system32\bqoisbrw.exe
C:\WINDOWS\system32\bxjirpim.dll
C:\WINDOWS\system32\byjydgkr.exe
C:\WINDOWS\system32\cagvnoos.dll
C:\WINDOWS\system32\calnqplf.ini
C:\WINDOWS\system32\cdifqmnq.ini
C:\WINDOWS\system32\cfxssajb.dll
C:\WINDOWS\system32\cnetxlnt.dll
C:\WINDOWS\system32\cnmfnqns.exe
C:\WINDOWS\system32\commands.xml
C:\WINDOWS\system32\cotbauml.exe
C:\WINDOWS\system32\covqqxny.dll
C:\WINDOWS\system32\cpnlmlnk.dll
C:\WINDOWS\system32\crlwwcly.exe
C:\WINDOWS\system32\csvvjbbf.dll
C:\WINDOWS\system32\ctapebge.dll
C:\WINDOWS\system32\cuhomoqa.dll
C:\WINDOWS\system32\cvaqsvjp.dll
C:\WINDOWS\system32\cxhsxygb.ini
C:\WINDOWS\system32\cyekddwo.dll
C:\WINDOWS\system32\dbieodfh.exe
C:\WINDOWS\system32\dboppqsy.dll
C:\WINDOWS\system32\dcafahyb.exe
C:\WINDOWS\system32\dcuuxvis.dll
C:\WINDOWS\system32\ddkibypa.dll
C:\WINDOWS\system32\dennfcdk.dll
C:\WINDOWS\system32\dftkfheg.exe
C:\WINDOWS\system32\dhqhilpr.exe
C:\WINDOWS\system32\djevqgxy.exe
C:\WINDOWS\system32\dmymuwmg.ini
C:\WINDOWS\system32\dobtyfro.exe
C:\WINDOWS\system32\dopfsskk.dll
C:\WINDOWS\system32\drivers\ohciusb.sys
C:\WINDOWS\system32\drivers\ohciusb.syt
C:\WINDOWS\system32\drivers\ohctusb.sys
C:\WINDOWS\system32\drivers\ohctusb.syt
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\drivers\VKBY46.sys
C:\WINDOWS\system32\dtsvrwwg.exe
C:\WINDOWS\system32\dvxbgoyr.exe
C:\WINDOWS\system32\dxkanchi.dll
C:\WINDOWS\system32\edukcwkt.ini
C:\WINDOWS\system32\eejfwsxx.dll
C:\WINDOWS\system32\eeyljchw.dll
C:\WINDOWS\system32\efsrgswl.ini
C:\WINDOWS\system32\efwlnxlw.exe
C:\WINDOWS\system32\egbepatc.ini
C:\WINDOWS\system32\eksegrif.ini
C:\WINDOWS\system32\emjllhqn.ini
C:\WINDOWS\system32\enascksp.dll
C:\WINDOWS\system32\eoayhkff.dll
C:\WINDOWS\system32\euuxyxin.exe
C:\WINDOWS\system32\evuiymsf.ini
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\F1
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F3
C:\WINDOWS\system32\F4
C:\WINDOWS\system32\F5
C:\WINDOWS\system32\F5\wbb22.exe
C:\WINDOWS\system32\F9
C:\WINDOWS\system32\fapygkcg.ini
C:\WINDOWS\system32\fbbjvvsc.ini
C:\WINDOWS\system32\fcbbevos.ini
C:\WINDOWS\system32\fdkcpexg.exe
C:\WINDOWS\system32\fdstxrrj.dll
C:\WINDOWS\system32\femnuhsx.dll
C:\WINDOWS\system32\ffkhyaoe.ini
C:\WINDOWS\system32\firgeske.dll
C:\WINDOWS\system32\fjjvnerr.ini
C:\WINDOWS\system32\flpqnlac.dll
C:\WINDOWS\system32\fsmyiuve.dll
C:\WINDOWS\system32\ftutymlj.dll
C:\WINDOWS\system32\fvpfwgsm.exe
C:\WINDOWS\system32\fwybjxti.exe
C:\WINDOWS\system32\fyrcaqfy.ini
C:\WINDOWS\system32\gbkvjsqc.exe
C:\WINDOWS\system32\gckgypaf.dll
C:\WINDOWS\system32\gdqnydwj.dll
C:\WINDOWS\system32\gfmjaxtk.dll
C:\WINDOWS\system32\gllhmpen.dll
C:\WINDOWS\system32\gltrjikt.dll
C:\WINDOWS\system32\gmmavhco.ini
C:\WINDOWS\system32\gmwumymd.dll
C:\WINDOWS\system32\gnkcrqid.exe
C:\WINDOWS\system32\gnrmimxr.ini
C:\WINDOWS\system32\gqwixfux.ini
C:\WINDOWS\system32\gvocujxx.dll
C:\WINDOWS\system32\gwekvket.exe
C:\WINDOWS\system32\gxujxqhw.ini
C:\WINDOWS\system32\help.txt
C:\WINDOWS\system32\heovlkun.dll
C:\WINDOWS\system32\hgacyqpv.exe
C:\WINDOWS\system32\hjjlm.bak1
C:\WINDOWS\system32\hjjlm.bak2
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\hjjlm.ini2
C:\WINDOWS\system32\hjjlm.tmp
C:\WINDOWS\system32\hljxfydn.exe
C:\WINDOWS\system32\hsikatqi.dll
C:\WINDOWS\system32\hsjqqqos.dll
C:\WINDOWS\system32\htihylmx.ini
C:\WINDOWS\system32\htnkaear.dll
C:\WINDOWS\system32\htoknnfo.ini
C:\WINDOWS\system32\htwgntvv.dll
C:\WINDOWS\system32\hubygjnn.exe
C:\WINDOWS\system32\hvgtjdfk.dll
C:\WINDOWS\system32\hxklwnhr.exe
C:\WINDOWS\system32\hxtmhmvd.exe
C:\WINDOWS\system32\hxxxjuke.exe
C:\WINDOWS\system32\ihaxacnx.exe
C:\WINDOWS\system32\ihcnakxd.ini
C:\WINDOWS\system32\ihhjctea.ini
C:\WINDOWS\system32\ihkyhgag.exe
C:\WINDOWS\system32\iipxlefq.ini
C:\WINDOWS\system32\ikgkwkix.exe
C:\WINDOWS\system32\ikuxbckr.dll
C:\WINDOWS\system32\imfbgvxr.exe
C:\WINDOWS\system32\ipyioruj.exe
C:\WINDOWS\system32\iqtakish.ini
C:\WINDOWS\system32\isgbggmf.exe
C:\WINDOWS\system32\ivewmxsm.dll
C:\WINDOWS\system32\iydnoayr.ini
C:\WINDOWS\system32\jbasbmju.ini
C:\WINDOWS\system32\jfyhndky.exe
C:\WINDOWS\system32\jjkikjaw.ini
C:\WINDOWS\system32\jjlnaxxj.dll
C:\WINDOWS\system32\jkhxkryq.exe
C:\WINDOWS\system32\jldkuoju.dll
C:\WINDOWS\system32\jlinesna.exe
C:\WINDOWS\system32\jlmytutf.ini
C:\WINDOWS\system32\jmhhhcxg.exe
C:\WINDOWS\system32\jnitxlvd.exe
C:\WINDOWS\system32\jsraewca.ini
C:\WINDOWS\system32\jvgsajye.exe
C:\WINDOWS\system32\jwdynqdg.ini
C:\WINDOWS\system32\jxvdlonn.dll
C:\WINDOWS\system32\jxxanljj.ini
C:\WINDOWS\system32\KB27858024.exe
C:\WINDOWS\system32\kdcfnned.ini
C:\WINDOWS\system32\kfdjtgvh.ini
C:\WINDOWS\system32\kgyyhlut.ini
C:\WINDOWS\system32\kkssfpod.ini
C:\WINDOWS\system32\klgrnpdv.exe
C:\WINDOWS\system32\kllsnkoq.exe
C:\WINDOWS\system32\kmbqvdop.dll
C:\WINDOWS\system32\kmuxfrmy.exe
C:\WINDOWS\system32\knlmlnpc.ini
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\kqnrgbwr.dll
C:\WINDOWS\system32\krhbqbhy.exe
C:\WINDOWS\system32\ktbnqxby.ini
C:\WINDOWS\system32\ktxajmfg.ini
C:\WINDOWS\system32\kubbkvgs.ini
C:\WINDOWS\system32\kvbflwlq.exe
C:\WINDOWS\system32\kwnxjkcw.ini
C:\WINDOWS\system32\kwywiret.exe
C:\WINDOWS\system32\kyjtffhw.dll
C:\WINDOWS\system32\kyowiavk.exe
C:\WINDOWS\system32\l3acdb2.dll
C:\WINDOWS\system32\lcgdfppu.exe
C:\WINDOWS\system32\ldqqnfdr.dll
C:\WINDOWS\system32\lijridqa.exe
C:\WINDOWS\system32\lnwklxny.dll
C:\WINDOWS\system32\lpvurcin.exe
C:\WINDOWS\system32\ltgjmsok.exe
C:\WINDOWS\system32\lulttsro.exe
C:\WINDOWS\system32\lvjqspva.dll
C:\WINDOWS\system32\lvnhcufw.ini
C:\WINDOWS\system32\lwsgrsfe.dll
C:\WINDOWS\system32\maneywxh.exe
C:\WINDOWS\system32\mgqlnarv.ini
C:\WINDOWS\system32\mhnaxjwu.dll
C:\WINDOWS\system32\miprijxb.ini
C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\mmjiudyy.ini
C:\WINDOWS\system32\mnrrsfrb.dll
C:\WINDOWS\system32\moswhpyn.ini
C:\WINDOWS\system32\mqyldjwp.dll
C:\WINDOWS\system32\mrnqujqq.ini
C:\WINDOWS\system32\msmapibx32.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\msrskyta.exe
C:\WINDOWS\system32\msxmwevi.ini
C:\WINDOWS\system32\mtxuqfad.exe
C:\WINDOWS\system32\mxekeyqs.ini
C:\WINDOWS\system32\nanlibmj.exe
C:\WINDOWS\system32\nbpjfvda.dll
C:\WINDOWS\system32\nelgqojb.exe
C:\WINDOWS\system32\nepmhllg.ini
C:\WINDOWS\system32\nlgldtfo.exe
C:\WINDOWS\system32\nlvlpwhk.exe
C:\WINDOWS\system32\nlxaiiau.ini
C:\WINDOWS\system32\nnhnvejf.exe
C:\WINDOWS\system32\nnoldvxj.ini
C:\WINDOWS\system32\nqhlljme.dll
C:\WINDOWS\system32\nqmkmdgm.exe
C:\WINDOWS\system32\nsaasnhj.exe
C:\WINDOWS\system32\nuklvoeh.ini
C:\WINDOWS\system32\nyphwsom.dll
C:\WINDOWS\system32\o09PrEz
C:\WINDOWS\system32\oagvjytw.dll
C:\WINDOWS\system32\ochvammg.dll
C:\WINDOWS\system32\oejeavpq.dll
C:\WINDOWS\system32\ofjtbcsq.ini
C:\WINDOWS\system32\ofnnkoth.dll
C:\WINDOWS\system32\ogovywfw.exe
C:\WINDOWS\system32\ohljkxcy.dll
C:\WINDOWS\system32\ohrqeogx.ini
C:\WINDOWS\system32\okqojjgv.exe
C:\WINDOWS\system32\omqooblv.ini
C:\WINDOWS\system32\omsbddqx.dll
C:\WINDOWS\system32\orouhmmu.exe
C:\WINDOWS\system32\otnpcbgu.exe
C:\WINDOWS\system32\otsmyyga.exe
C:\WINDOWS\system32\ovlpqwuj.exe
C:\WINDOWS\system32\ovyqqiey.dll
C:\WINDOWS\system32\owddkeyc.ini
C:\WINDOWS\system32\oykgtqip.exe
C:\WINDOWS\system32\pfkjirdq.dll
C:\WINDOWS\system32\pgmtwcsv.ini
C:\WINDOWS\system32\pjvsqavc.ini
C:\WINDOWS\system32\podvqbmk.ini
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\pqrpspeb.ini
C:\WINDOWS\system32\prrbypyr.exe
C:\WINDOWS\system32\ps.dat
C:\WINDOWS\system32\pshrlidy.exe
C:\WINDOWS\system32\pskcsane.ini
C:\WINDOWS\system32\psvaxcjc.exe
C:\WINDOWS\system32\ptxoftps.ini
C:\WINDOWS\system32\pwjdlyqm.ini
C:\WINDOWS\system32\qaukpsot.dll
C:\WINDOWS\system32\qdrijkfp.ini
C:\WINDOWS\system32\qechnoht.exe
C:\WINDOWS\system32\qfelxpii.dll
C:\WINDOWS\system32\qffubmqi.exe
C:\WINDOWS\system32\qkrmhoqv.exe
C:\WINDOWS\system32\qljklopy.exe
C:\WINDOWS\system32\qmwrdget.dll
C:\WINDOWS\system32\qnmqfidc.dll
C:\WINDOWS\system32\qnvwbitn.exe
C:\WINDOWS\system32\qodybwpe.exe
C:\WINDOWS\system32\qpajaeff.exe
C:\WINDOWS\system32\qpvaejeo.ini
C:\WINDOWS\system32\qqciveia.exe
C:\WINDOWS\system32\qqjuqnrm.dll
C:\WINDOWS\system32\qscbtjfo.dll
C:\WINDOWS\system32\qtjpydvd.exe
C:\WINDOWS\system32\qtohwlby.dll
C:\WINDOWS\system32\raeaknth.ini
C:\WINDOWS\system32\rbodpqgu.exe
C:\WINDOWS\system32\rcxfovly.ini
C:\WINDOWS\system32\rdfnqqdl.ini
C:\WINDOWS\system32\rexwwksv.ini
C:\WINDOWS\system32\rfrqwejf.exe
C:\WINDOWS\system32\rgjtleik.exe
C:\WINDOWS\system32\rgsbrqmu.dll
C:\WINDOWS\system32\rkcbxuki.ini
C:\WINDOWS\system32\rkvounst.dll
C:\WINDOWS\system32\rqbamcni.exe
C:\WINDOWS\system32\rrenvjjf.dll
C:\WINDOWS\system32\rugjohws.exe
C:\WINDOWS\system32\rwbgrnqk.ini
C:\WINDOWS\system32\rxmimrng.dll
C:\WINDOWS\system32\ryaondyi.dll
C:\WINDOWS\system32\sbumeeds.ini
C:\WINDOWS\system32\scgsnyvs.exe
C:\WINDOWS\system32\scsxuiva.exe
C:\WINDOWS\system32\sdeemubs.dll
C:\WINDOWS\system32\sfjvsbrm.exe
C:\WINDOWS\system32\sgbgbcae.exe
C:\WINDOWS\system32\sgvkbbuk.dll
C:\WINDOWS\system32\sivxuucd.ini
C:\WINDOWS\system32\sjcxxoqr.exe
C:\WINDOWS\system32\sjuicyby.dll
C:\WINDOWS\system32\soonvgac.ini
C:\WINDOWS\system32\soqqqjsh.ini
C:\WINDOWS\system32\sovebbcf.dll
C:\WINDOWS\system32\sphtfmgp.exe
C:\WINDOWS\system32\sptfoxtp.dll
C:\WINDOWS\system32\sqyekexm.dll
C:\WINDOWS\system32\stppbkiu.ini
C:\WINDOWS\system32\sultjkme.exe
C:\WINDOWS\system32\swtubitb.exe
C:\WINDOWS\system32\sxwmivig.exe
C:\WINDOWS\system32\tegdrwmq.ini
C:\WINDOWS\system32\tgmwnfjx.ini
C:\WINDOWS\system32\tgywrytu.exe
C:\WINDOWS\system32\thedogku.exe
C:\WINDOWS\system32\thidnrqg.exe
C:\WINDOWS\system32\tihalsgj.exe
C:\WINDOWS\system32\titbslbu.exe
C:\WINDOWS\system32\tkijrtlg.ini
C:\WINDOWS\system32\tkwckude.dll
C:\WINDOWS\system32\tnlxtenc.ini
C:\WINDOWS\system32\tnpllvkx.ini
C:\WINDOWS\system32\toafcbny.exe
C:\WINDOWS\system32\tospkuaq.ini
C:\WINDOWS\system32\tsisblqt.exe
C:\WINDOWS\system32\tsnuovkr.ini
C:\WINDOWS\system32\tulhyygk.dll
C:\WINDOWS\system32\txhssgjx.dll
C:\WINDOWS\system32\txkgakyo.exe
C:\WINDOWS\system32\txlbixfy.dll
C:\WINDOWS\system32\txsnfswe.exe
C:\WINDOWS\system32\uaiiaxln.dll
C:\WINDOWS\system32\ubuxbidg.exe
C:\WINDOWS\system32\ugtmxamv.ini
C:\WINDOWS\system32\uikbppts.dll
C:\WINDOWS\system32\ujmbsabj.dll
C:\WINDOWS\system32\ujoukdlj.ini
C:\WINDOWS\system32\ukhdnytj.exe
C:\WINDOWS\system32\ukvxeegl.exe
C:\WINDOWS\system32\ulkgbjcv.exe
C:\WINDOWS\system32\umncrprn.exe
C:\WINDOWS\system32\umqrbsgr.ini
C:\WINDOWS\system32\upimrywt.exe
C:\WINDOWS\system32\uplqikls.exe
C:\WINDOWS\system32\uwjxanhm.ini
C:\WINDOWS\system32\V1
C:\WINDOWS\system32\V1\dllicm1.exe
C:\WINDOWS\system32\vcwgrrsi.exe
C:\WINDOWS\system32\vfbkaqos.exe
C:\WINDOWS\system32\vgfdyaox.ini
C:\WINDOWS\system32\vjxqkaib.dll
C:\WINDOWS\system32\vkafkefu.exe
C:\WINDOWS\system32\vkbcerdw.ini
C:\WINDOWS\system32\vlbooqmo.dll
C:\WINDOWS\system32\vmaxmtgu.dll
C:\WINDOWS\system32\vmhbnbwc.exe
C:\WINDOWS\system32\vranlqgm.dll
C:\WINDOWS\system32\vscwtmgp.dll
C:\WINDOWS\system32\vskwwxer.dll
C:\WINDOWS\system32\vvtngwth.ini
C:\WINDOWS\system32\wajkikjj.dll
C:\WINDOWS\system32\wajvjdga.ini
C:\WINDOWS\system32\wckjxnwk.dll
C:\WINDOWS\system32\wcpisafc.exe
C:\WINDOWS\system32\wdrecbkv.dll
C:\WINDOWS\system32\wfuchnvl.dll
C:\WINDOWS\system32\whcjlyee.ini
C:\WINDOWS\system32\whfftjyk.ini
C:\WINDOWS\system32\whqxjuxg.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wjcnxgca.dll
C:\WINDOWS\system32\wkivrxlr.exe
C:\WINDOWS\system32\wtyjvgao.ini
C:\WINDOWS\system32\wvjdrtly.ini
C:\WINDOWS\system32\wwbaandd.exe
C:\WINDOWS\system32\xaqpnoqa.dll
C:\WINDOWS\system32\xgoeqrho.dll
C:\WINDOWS\system32\xjfnwmgt.dll
C:\WINDOWS\system32\xjgsshxt.ini
C:\WINDOWS\system32\xkvllpnt.dll
C:\WINDOWS\system32\xmlyhith.dll
C:\WINDOWS\system32\xnansqwv.exe
C:\WINDOWS\system32\xoaydfgv.dll
C:\WINDOWS\system32\xqddbsmo.ini
C:\WINDOWS\system32\xrqmiycr.exe
C:\WINDOWS\system32\xrurqeax.exe
C:\WINDOWS\system32\xshunmef.ini
C:\WINDOWS\system32\xtekhnqt.exe
C:\WINDOWS\system32\xufxiwqg.dll
C:\WINDOWS\system32\xxjucovg.ini
C:\WINDOWS\system32\xxswfjee.ini
C:\WINDOWS\system32\yblwhotq.ini
C:\WINDOWS\system32\ybxqnbtk.dll
C:\WINDOWS\system32\ybyciujs.ini
C:\WINDOWS\system32\ycbkfymy.exe
C:\WINDOWS\system32\ycwslqoe.exe
C:\WINDOWS\system32\ycxkjlho.ini
C:\WINDOWS\system32\yeiqqyvo.ini
C:\WINDOWS\system32\yffknjoy.exe
C:\WINDOWS\system32\yfqacryf.dll
C:\WINDOWS\system32\yfxiblxt.ini
C:\WINDOWS\system32\yhmsyrnl.dll
C:\WINDOWS\system32\yltrdjvw.dll
C:\WINDOWS\system32\ylvofxcr.dll
C:\WINDOWS\system32\ylxbsfaf.exe
C:\WINDOWS\system32\ynxlkwnl.ini
C:\WINDOWS\system32\ynxqqvoc.ini
C:\WINDOWS\system32\yogvpdeb.exe
C:\WINDOWS\system32\ysqppobd.ini
C:\WINDOWS\system32\ytudccqs.exe
C:\WINDOWS\system32\yxdortnd.exe
C:\WINDOWS\system32\yxkgyhrs.exe
C:\WINDOWS\system32\yyduijmm.dll
C:\WINDOWS\wpcjmd.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_OHCIUSB
-------\LEGACY_POOF
-------\LEGACY_SMTPDRV
-------\LEGACY_VKBY46
-------\DomainService
-------\ohciusb


((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 )))))))))))))))))))))))))))))))
.

2007-12-15 20:37 . 2007-12-15 20:56 354 --ahs---- C:\WINDOWS\system32\iykmyijd.ini
2007-12-11 07:09 . 2007-12-11 07:09 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-10 21:40 . 2007-12-10 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WFP
2007-12-10 21:39 . 2007-12-11 07:13 <DIR> d-------- C:\Program Files\Microsoft Windows Feedback Panel
2007-12-09 13:42 . 2007-12-09 13:42 414 --ahs---- C:\WINDOWS\system32\htiiddbk.ini
2007-12-09 12:39 . 2007-12-09 12:39 354 --ahs---- C:\WINDOWS\system32\uexbocjm.ini
2007-12-09 12:31 . 2007-12-09 12:31 294 --ahs---- C:\WINDOWS\system32\drqabgdn.ini
2007-12-09 00:58 . 2007-12-09 00:58 654 --ahs---- C:\WINDOWS\system32\xugusvbx.ini
2007-12-08 23:55 . 2007-12-08 23:55 594 --ahs---- C:\WINDOWS\system32\xjusufnw.ini
2007-12-08 22:55 . 2007-12-08 22:55 534 --ahs---- C:\WINDOWS\system32\xpujvdqq.ini
2007-12-08 21:52 . 2007-12-08 21:52 474 --ahs---- C:\WINDOWS\system32\lddsyxia.ini
2007-12-08 20:46 . 2007-12-08 20:46 414 --ahs---- C:\WINDOWS\system32\ejnykhhg.ini
2007-12-08 19:46 . 2007-12-08 19:46 354 --ahs---- C:\WINDOWS\system32\qdyaevgl.ini
2007-12-08 17:34 . 2007-12-08 17:34 294 --ahs---- C:\WINDOWS\system32\bptvkqhd.ini
2007-11-23 19:28 . 2007-11-23 19:28 294 --ahs---- C:\WINDOWS\system32\yduogluq.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 22:52 --------- d-----w C:\Documents and Settings\Patrick\Application Data\OpenOffice.org2
2007-12-03 16:06 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-11-15 02:01 --------- d-----w C:\Program Files\Trend Micro
2007-11-15 02:00 812,344 ----a-w C:\Program Files\HJTInstall.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-09-25 01:44 26,688,424 -c--a-w C:\Program Files\form414install.exe
2007-09-18 21:41 17 -c--a-w C:\Program Files\stinger.opt
2007-09-18 11:28 1,953,799 -c--a-w C:\Program Files\stinger.exe
2007-09-12 22:22 7,467,056 -c--a-w C:\Program Files\spybotsd15.exe
2007-09-12 03:01 19,142,000 -c--a-w C:\Program Files\aaw2007.exe
2007-02-24 18:48 9,340,443 -c--a-w C:\Program Files\win2k_xp142550.exe
2007-02-24 15:35 415,784 -c--a-w C:\Program Files\msgr8us.exe
2007-02-24 14:45 37,742,792 -c--a-w C:\Program Files\gametap_setup.exe
2007-02-21 23:01 1,744,128 -c--a-w C:\Program Files\foxitreader_setup.exe
2006-10-10 02:23 836,783 -c--a-w C:\Program Files\7z442.exe
2006-10-10 00:44 6,224,944 -c--a-w C:\Program Files\pkreader.exe
2007-06-13 10:23 89,003 --sha-r C:\WINDOWS\system32\netfemmj.exe
2004-08-04 11:00 46,329 --sha-r C:\WINDOWS\system32\reggsmzh.exe
2005-07-29 20:24 472 -csha-r C:\WINDOWS\UGF0cmljaw\o3IXwA53uT.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C8E40A9-B9ED-4931-40B9-72F7D5BE3821}]
C:\Program Files\Internet Explorer\labupuco631.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C2F1F27-D489-43AC-85A0-2CC2014B4588}]
C:\WINDOWS\system32\vtsqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54900915-99E3-4245-A97D-0637BF966F46}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"isrdmcc"="KB27948801.exe" []
"drmsses"="C:\WINDOWS\system32\reggsmzh.exe" [2004-08-04 06:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-03 00:03]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 23:59]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 11:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 01:35]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-12-09 14:58]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-11-10 12:54]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-01-28 19:08]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 08:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-26 20:32]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"eftfkviA"="C:\WINDOWS\eftfkviA.exe" []
"Windows NT"="C:\WINDOWS\Twunk_16.exe" [2004-08-04 06:00]
"{32-26-6D-D5-ZN}"="C:\Documents and Settings\Patrick\Local Settings\Temp\thinksnet.exe" []
"isrdmcc"="KB27948801.exe" []
"drmsses"="C:\WINDOWS\system32\reggsmzh.exe" [2004-08-04 06:00]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 14:53]

C:\Documents and Settings\Patrick\Start Menu\Programs\Startup\
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-06-22 13:15:48]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
WFPUser.lnk - C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe [2006-06-13 16:43:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"rjezqPhXW"= {FCC326D6-5669-8C7C-A5C7-878CC7F7963D} - C:\WINDOWS\system32\jk.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmkji]
pmnmkji.dll

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 WFPService;WFPService;C:\Program Files\Microsoft Windows Feedback Panel\WFPService.exe [2006-06-13 16:43]
S2 Windows Network Serialize;Windows Network Serialize;"C:\WINDOWS\system32\mswns32.exe" []
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 10:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e42d7ad6-2ed7-11db-bff3-00123f0fc939}]
\Shell\AutoRun\command - rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 19:30:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-17 19:34:40 - machine was rebooted
.
2007-12-12 03:24:42 --- E O F ---




Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users