Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloaders, Trojan Droppers, Mrofinu72, Spyware.cyberlog-x, And Many More


  • Please log in to reply
10 replies to this topic

#1 bigjeepzz

bigjeepzz

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 21 November 2007 - 01:46 PM

Hey guys my problems started two days ago when I logged into Paypal. I downloaded a new program to make online debit card purchases called Paypal Plugin and I got an Active X message asking, do I trust the publisher, Paypal INC? I clicked yes and ran the installation. As soon as I ran the install my virus software warned me of a Trojan Dropper and a downloader. Immediatley I began recieving pop ups including on which said Paypal Plugin was succesfully installed. My computer crashed due to the amount of uncotrollable popups. Once I got the system back up and running Paypal plugin never installed on the computer and I am left with an almost useless computer. I called Paypal and got the runaround telling me just to turn on my popup blocker and I would be set, LOL.

I have followed the instruction to the "T" on posting a Hijack This log and I hope someone can help. It has taken roughly 30mins just to post this message so I have a feeling I have several issues going on. I am going to post the Hijack This log and a Combo fix Log below. I will be looking forward to any assistance.

Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:41 PM, on 11/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QdrModule\QdrModule9.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\pgmklocg.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\faupwkxa.dll
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [XeroxScannerDaemon] "C:\Program Files\Xerox\NWWia\XrxFTPLt.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [masqform.exe] "C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" -UpdateCurrentUser
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.apus.edu/li...s/ebraryRdr.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\pgmklocg.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9582 bytes





--------------------------------------------------------------------------------------------------------------------------------------------------

Combo Fix Log

ComboFix 07-11-19.3 - Jake 2007-11-21 18:32:36.3 - NTFSx86
Running from: C:\Documents and Settings\Jake\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\faupwkxa.dllbox
C:\WINDOWS\SYSTEM32\uvvwa.ini
C:\WINDOWS\SYSTEM32\uvvwa.ini2

.
((((((((((((((((((((((((( Files Created from 2007-10-21 to 2007-11-21 )))))))))))))))))))))))))))))))
.

2007-11-21 18:41 20,810 ---hs---- C:\WINDOWS\SYSTEM32\faupwkxa.dllbox
2007-11-21 13:20 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-21 05:37 85,056 --a------ C:\WINDOWS\SYSTEM32\mlmmsbgk.dll
2007-11-21 05:37 294 --ahs---- C:\WINDOWS\SYSTEM32\kgbsmmlm.ini
2007-11-21 05:34 80,960 --a------ C:\WINDOWS\SYSTEM32\hulbmlxj.dll
2007-11-21 05:29 145,984 --a------ C:\WINDOWS\SYSTEM32\faupwkxa.dll
2007-11-21 05:29 71,232 --a------ C:\WINDOWS\SYSTEM32\pgmklocg.exe
2007-11-21 05:28 145,984 --a------ C:\WINDOWS\SYSTEM32\nhamfmih.dll
2007-11-20 21:08 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-11-19 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-19 23:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-19 20:51 <DIR> d-------- C:\Documents and Settings\Jake\.housecall6.6
2007-11-18 13:51 <DIR> d-------- C:\Program Files\QdrModule
2007-11-18 13:51 <DIR> d-------- C:\Program Files\QdrDrive
2007-11-18 13:50 36,352 --a------ C:\WINDOWS\SYSTEM32\jkkijig.dll
2007-10-27 18:10 <DIR> d-------- C:\Program Files\Fox
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 23:41 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-21 02:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-20 04:07 --------- d-----w C:\Program Files\Lavasoft
2007-11-20 04:07 --------- d-----w C:\Documents and Settings\Jake\Application Data\Lavasoft
2007-11-20 02:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-18 20:00 --------- d-----w C:\Program Files\Google
2007-11-13 02:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-11-09 22:34 89,088 ----a-w C:\WINDOWS\SYSTEM32\atl71.dll
2007-11-03 03:39 --------- d-----w C:\Program Files\eMachineShop
2007-11-03 03:25 --------- d-----w C:\Program Files\PlayFirst
2007-11-03 03:24 --------- d-----w C:\Program Files\Oberon Media
2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-24 00:31 --------- d-----w C:\Program Files\PartyGaming
2007-10-20 23:18 --------- d-----w C:\Program Files\Java
2007-10-15 21:33 --------- d-----w C:\Program Files\TrialsPro
2007-10-15 21:28 --------- d-----w C:\Program Files\Common Files\Java
2007-10-14 20:06 --------- d-----w C:\Program Files\Trials Basic
2007-10-05 01:41 --------- d-----w C:\Program Files\LimeWire
2007-09-28 23:18 --------- d-----w C:\Program Files\WinMX
2007-09-15 17:11 101,950 ----a-w C:\WINDOWS\SYSTEM32\winpows.exe
2007-08-22 13:12 96,256 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
2007-08-22 13:12 658,944 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-08-22 13:12 615,424 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-08-22 13:12 55,808 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-08-22 13:12 532,480 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-08-22 13:12 474,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
2007-08-22 13:12 449,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-08-22 13:12 39,424 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2007-08-22 13:12 357,888 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-08-22 13:12 3,058,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-08-22 13:12 251,392 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
2007-08-22 13:12 205,312 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-08-22 13:12 16,384 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-08-22 13:12 151,040 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
2007-08-22 13:12 146,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-08-22 13:12 1,494,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
2007-08-22 13:12 1,054,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
2007-08-22 13:12 1,022,976 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
2007-08-21 10:30 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2007-03-20 01:50 31,352 -c--a-w C:\Documents and Settings\Jake\Application Data\GDIPFONTCACHEV1.DAT
2006-02-28 01:37 255 -c-ha-w C:\Program Files\hpothb07.tif
2006-02-28 01:37 146 -c-ha-w C:\Program Files\hpothb07.dat
2006-02-28 01:35 387 -c-ha-w C:\Documents and Settings\Jake\hpothb07.dat
2005-05-21 06:19 807 -c--a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{210E1B78-2106-4513-8C3C-865039CD98AB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]
C:\Program Files\QdrDrive\QdrDrive8.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-21 05:29 145984 --a------ C:\WINDOWS\system32\faupwkxa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
2007-11-18 13:50 36352 --a------ C:\WINDOWS\system32\jkkijig.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\faupwkxa.dll [2007-11-21 05:29 145984]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\faupwkxa.dll [2007-11-21 05:29 145984]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Symantec NetDriver Monitor"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE" []
"avpa"="C:\WINDOWS\system32\avpo.exe" []
"QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" [2007-11-01 14:51]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
"XeroxScannerDaemon"="C:\Program Files\Xerox\NWWia\XrxFTPLt.exe" [2001-08-17 21:37]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 15:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 14:18]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" [2004-01-26 21:47]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-24 00:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 02:56 C:\WINDOWS\SYSTEM32\narrator.exe]

C:\Documents and Settings\Ann\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2005-01-28 21:36:25]

C:\Documents and Settings\Jake\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2005-06-09 13:58:45]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-06-19 14:20:01]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-05-28 09:06:47]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 00:37:10]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AA6B979A-796F-452A-94B3-DF1F17B72031}"= C:\WINDOWS\winpow32.dll [ ]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\jkkijig.dll [2007-11-18 13:50 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\faupwkxa]
faupwkxa.dll 2007-11-21 05:29 145984 C:\WINDOWS\SYSTEM32\faupwkxa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkijig]
jkkijig.dll 2007-11-18 13:50 36352 C:\WINDOWS\SYSTEM32\jkkijig.dll
C:\WINDOWS\System32\NavLogon.dll 2004-03-12 14:17 83176 C:\WINDOWS\SYSTEM32\NavLogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jake^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Jake\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 09:36 256576 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

S3 GT680xNT;Visioneer OneTouch 7300 Driver;C:\WINDOWS\system32\drivers\gt680x.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-15 22:25:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-05-28 00:33:34 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1141087999.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-21 18:43:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-21 18:46:35 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-21 14:43
C:\ComboFix3.txt ... 2007-11-18 20:00
.
--- E O F ---

Edited by bigjeepzz, 21 November 2007 - 06:53 PM.


BC AdBot (Login to Remove)

 


#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 27 November 2007 - 12:14 PM

bigjeepzz

1. Open NotePad (not wordpad). Copy and paste the following into Notepad (Not the word code)
File::
C:\WINDOWS\SYSTEM32\faupwkxa.dllbox
C:\WINDOWS\SYSTEM32\mlmmsbgk.dll
C:\WINDOWS\SYSTEM32\kgbsmmlm.ini
C:\WINDOWS\SYSTEM32\hulbmlxj.dll
C:\WINDOWS\SYSTEM32\faupwkxa.dll
C:\WINDOWS\SYSTEM32\pgmklocg.exe
C:\WINDOWS\SYSTEM32\nhamfmih.dll
C:\WINDOWS\SYSTEM32\jkkijig.dll
C:\WINDOWS\SYSTEM32\winpows.exe

Folder::
C:\Program Files\QdrModule
C:\Program Files\QdrDrive

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avpa"=-
"QdrModule9"=-
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AA6B979A-796F-452A-94B3-DF1F17B72031}"=-
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\faupwkxa]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkijig]
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply

Posted Image
Microsoft MVP - Windows Security

#3 bigjeepzz

bigjeepzz
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 27 November 2007 - 06:07 PM

Ok, I had a problem at first because I forgot to disable Spybot's Teatimer. I ran a new combofix scan after disabling the teatimer setting......



ComboFix 07-11-19.3 - Jake 2007-11-27 17:53:39.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.89 [GMT -5:00]
Running from: C:\Documents and Settings\Jake\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Ann\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Ann\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Jake\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Jake\Desktop\Online Security Guide.lnk
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\bhewlsyj.exe
C:\WINDOWS\system32\qsworwpc.exe
C:\WINDOWS\system32\rqwpdqkh.exe
C:\WINDOWS\SYSTEM32\rtvwa.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
.

2007-11-27 17:48 <DIR> d-------- C:\Program Files\QdrModule
2007-11-27 17:48 <DIR> d-------- C:\Program Files\QdrDrive
2007-11-26 17:52 80,960 --a------ C:\WINDOWS\SYSTEM32\qvkvmlao.dll
2007-11-26 17:49 780,335 --ahs---- C:\WINDOWS\SYSTEM32\wirufmpi.ini
2007-11-26 17:49 85,056 --a------ C:\WINDOWS\SYSTEM32\ipmfuriw.dll
2007-11-26 17:49 71,232 --a------ C:\WINDOWS\SYSTEM32\ktgfxmlr.exe
2007-11-26 16:52 780,275 --ahs---- C:\WINDOWS\SYSTEM32\qbquilju.ini
2007-11-26 16:43 71,232 --a------ C:\WINDOWS\SYSTEM32\ufxafefg.exe
2007-11-25 16:49 775,892 --ahs---- C:\WINDOWS\SYSTEM32\rmphhevp.ini
2007-11-25 16:49 85,056 --a------ C:\WINDOWS\SYSTEM32\pvehhpmr.dll
2007-11-25 16:43 79,936 --a------ C:\WINDOWS\SYSTEM32\lkxhrgew.dll
2007-11-25 16:41 71,232 --a------ C:\WINDOWS\SYSTEM32\uelttdbr.exe
2007-11-24 22:17 775,832 --ahs---- C:\WINDOWS\SYSTEM32\tyvxikhl.ini
2007-11-24 22:17 85,056 --a------ C:\WINDOWS\SYSTEM32\lhkixvyt.dll
2007-11-24 22:17 81,472 --a------ C:\WINDOWS\SYSTEM32\nuexyjrm.dll
2007-11-24 22:11 71,232 --a------ C:\WINDOWS\SYSTEM32\qwuhtjdl.exe
2007-11-23 22:13 775,832 --ahs---- C:\WINDOWS\SYSTEM32\kubqcvii.ini
2007-11-23 22:13 85,056 --a------ C:\WINDOWS\SYSTEM32\iivcqbuk.dll
2007-11-23 22:10 83,520 --a------ C:\WINDOWS\SYSTEM32\rcdctage.dll
2007-11-23 22:10 71,232 --a------ C:\WINDOWS\SYSTEM32\onxalrcc.exe
2007-11-22 22:38 738,296 --ahs---- C:\WINDOWS\SYSTEM32\etxgpsyg.ini
2007-11-22 22:38 85,056 --a------ C:\WINDOWS\SYSTEM32\gyspgxte.dll
2007-11-22 22:12 79,936 --a------ C:\WINDOWS\SYSTEM32\qpjibvql.dll
2007-11-22 22:09 71,232 --a------ C:\WINDOWS\SYSTEM32\emlyunum.exe
2007-11-21 13:20 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-21 05:37 85,056 --a------ C:\WINDOWS\SYSTEM32\mlmmsbgk.dll
2007-11-21 05:37 294 --ahs---- C:\WINDOWS\SYSTEM32\kgbsmmlm.ini
2007-11-21 05:34 80,960 --a------ C:\WINDOWS\SYSTEM32\hulbmlxj.dll
2007-11-21 05:29 145,984 --a------ C:\WINDOWS\SYSTEM32\faupwkxa.dll
2007-11-21 05:29 71,232 --a------ C:\WINDOWS\SYSTEM32\pgmklocg.exe
2007-11-21 05:28 145,984 --a------ C:\WINDOWS\SYSTEM32\nhamfmih.dll
2007-11-20 21:08 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-11-19 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-19 23:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-19 20:51 <DIR> d-------- C:\Documents and Settings\Jake\.housecall6.6
2007-11-18 13:50 36,352 --a------ C:\WINDOWS\SYSTEM32\jkkijig.dll
2007-10-27 18:10 <DIR> d-------- C:\Program Files\Fox

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 22:47 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-22 00:05 32,136 -c--a-w C:\Documents and Settings\Jake\Application Data\GDIPFONTCACHEV1.DAT
2007-11-21 02:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-20 04:07 --------- d-----w C:\Program Files\Lavasoft
2007-11-20 04:07 --------- d-----w C:\Documents and Settings\Jake\Application Data\Lavasoft
2007-11-20 02:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-18 20:00 --------- d-----w C:\Program Files\Google
2007-11-13 02:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-11-03 03:39 --------- d-----w C:\Program Files\eMachineShop
2007-11-03 03:25 --------- d-----w C:\Program Files\PlayFirst
2007-11-03 03:24 --------- d-----w C:\Program Files\Oberon Media
2007-10-25 15:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-24 00:31 --------- d-----w C:\Program Files\PartyGaming
2007-10-20 23:18 --------- d-----w C:\Program Files\Java
2007-10-15 21:33 --------- d-----w C:\Program Files\TrialsPro
2007-10-15 21:28 --------- d-----w C:\Program Files\Common Files\Java
2007-10-14 20:06 --------- d-----w C:\Program Files\Trials Basic
2007-10-05 01:41 --------- d-----w C:\Program Files\LimeWire
2007-09-28 23:18 --------- d-----w C:\Program Files\WinMX
2006-02-28 01:37 255 -c-ha-w C:\Program Files\hpothb07.tif
2006-02-28 01:37 146 -c-ha-w C:\Program Files\hpothb07.dat
2006-02-28 01:35 387 -c-ha-w C:\Documents and Settings\Jake\hpothb07.dat
2005-05-21 06:19 807 -c--a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((( snapshot@2007-11-21_14.41.48.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-13 02:05:26 5,592 -c--a-w C:\WINDOWS\SYSTEM32\Restore\rstrlog.dat
+ 2007-11-27 22:48:46 755,880 -c--a-w C:\WINDOWS\SYSTEM32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{210E1B78-2106-4513-8C3C-865039CD98AB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{339D1C63-731D-49A0-9D2F-23B61D106378}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E195139-4D99-460E-8530-627C92C2ACFF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A95E395-78A5-4920-93B7-77436A9AA3AB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]
C:\Program Files\QdrDrive\QdrDrive8.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEB5F39D-1214-4E41-8FC0-62331846E996}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
2007-11-18 13:50 36352 --a------ C:\WINDOWS\system32\jkkijig.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5307BD0-1DB5-4AF5-9523-1F51C15161D8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Symantec NetDriver Monitor"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE" []
"avpa"="C:\WINDOWS\system32\avpo.exe" []
"QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" [2007-11-01 14:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
"XeroxScannerDaemon"="C:\Program Files\Xerox\NWWia\XrxFTPLt.exe" [2001-08-17 21:37]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 15:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 14:18]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" [2004-01-26 21:47]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-24 00:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 02:56 C:\WINDOWS\SYSTEM32\narrator.exe]

C:\Documents and Settings\Ann\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2005-01-28 21:36:25]

C:\Documents and Settings\Jake\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2005-06-09 13:58:45]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-06-19 14:20:01]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-05-28 09:06:47]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 00:37:10]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AA6B979A-796F-452A-94B3-DF1F17B72031}"= C:\WINDOWS\winpow32.dll [ ]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\jkkijig.dll [2007-11-18 13:50 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\faupwkxa]
faupwkxa.dll 2007-11-21 05:29 145984 C:\WINDOWS\SYSTEM32\faupwkxa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkijig]
jkkijig.dll 2007-11-18 13:50 36352 C:\WINDOWS\SYSTEM32\jkkijig.dll
C:\WINDOWS\System32\NavLogon.dll 2004-03-12 14:17 83176 C:\WINDOWS\SYSTEM32\NavLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jake^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Jake\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 09:36 256576 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

S3 GT680xNT;Visioneer OneTouch 7300 Driver;C:\WINDOWS\system32\drivers\gt680x.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-22 22:25:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-05-28 00:33:34 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1141087999.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 18:00:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-27 18:01:41 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-27 17:26
C:\ComboFix3.txt ... 2007-11-21 18:46
.
--- E O F ---

#4 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 28 November 2007 - 09:16 AM

bigjeepzz

Well leave Tea Timer turned off until we are finished.

We still have some work to do here. Rt Click and delete the CFScript file we made earlier, we are going to make another one.

1. Open NotePad (not wordpad). Copy and paste the following into Notepad

File::
C:\WINDOWS\SYSTEM32\qvkvmlao.dll
C:\WINDOWS\SYSTEM32\wirufmpi.ini
C:\WINDOWS\SYSTEM32\ipmfuriw.dll
C:\WINDOWS\SYSTEM32\ktgfxmlr.exe
C:\WINDOWS\SYSTEM32\qbquilju.ini
C:\WINDOWS\SYSTEM32\ufxafefg.exe
C:\WINDOWS\SYSTEM32\rmphhevp.ini
C:\WINDOWS\SYSTEM32\pvehhpmr.dll
C:\WINDOWS\SYSTEM32\lkxhrgew.dll
C:\WINDOWS\SYSTEM32\uelttdbr.exe
C:\WINDOWS\SYSTEM32\tyvxikhl.ini
C:\WINDOWS\SYSTEM32\lhkixvyt.dll
C:\WINDOWS\SYSTEM32\nuexyjrm.dll
C:\WINDOWS\SYSTEM32\qwuhtjdl.exe
C:\WINDOWS\SYSTEM32\kubqcvii.ini
C:\WINDOWS\SYSTEM32\iivcqbuk.dll
C:\WINDOWS\SYSTEM32\rcdctage.dll
C:\WINDOWS\SYSTEM32\onxalrcc.exe
C:\WINDOWS\SYSTEM32\etxgpsyg.ini
C:\WINDOWS\SYSTEM32\gyspgxte.dll
C:\WINDOWS\SYSTEM32\qpjibvql.dll
C:\WINDOWS\SYSTEM32\emlyunum.exe
C:\WINDOWS\SYSTEM32\mlmmsbgk.dll
C:\WINDOWS\SYSTEM32\kgbsmmlm.ini
C:\WINDOWS\SYSTEM32\hulbmlxj.dll
C:\WINDOWS\SYSTEM32\faupwkxa.dll
C:\WINDOWS\SYSTEM32\pgmklocg.exe
C:\WINDOWS\SYSTEM32\nhamfmih.dll
C:\WINDOWS\SYSTEM32\jkkijig.dll
C:\Program Files\QdrDrive\QdrDrive8.dll

Folder::
C:\Program Files\QdrModule
C:\Program Files\QdrDrive

Registry::
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AA6B979A-796F-452A-94B3-DF1F17B72031}"=-
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\faupwkxa]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkijig]
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply

Posted Image
Microsoft MVP - Windows Security

#5 bigjeepzz

bigjeepzz
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 28 November 2007 - 05:20 PM

I would like to thank you for everything you have done thusfar. I can atleast use the computer now. Here is the new log and I am waiting for further instructions.



ComboFix 07-11-19.4C - Jake 2007-11-28 17:09:38.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.77 [GMT -5:00]
Running from: C:\Documents and Settings\Jake\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jake\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\QdrDrive\QdrDrive8.dll
C:\WINDOWS\SYSTEM32\emlyunum.exe
C:\WINDOWS\SYSTEM32\etxgpsyg.ini
C:\WINDOWS\SYSTEM32\faupwkxa.dll
C:\WINDOWS\SYSTEM32\gyspgxte.dll
C:\WINDOWS\SYSTEM32\hulbmlxj.dll
C:\WINDOWS\SYSTEM32\iivcqbuk.dll
C:\WINDOWS\SYSTEM32\ipmfuriw.dll
C:\WINDOWS\SYSTEM32\jkkijig.dll
C:\WINDOWS\SYSTEM32\kgbsmmlm.ini
C:\WINDOWS\SYSTEM32\ktgfxmlr.exe
C:\WINDOWS\SYSTEM32\kubqcvii.ini
C:\WINDOWS\SYSTEM32\lhkixvyt.dll
C:\WINDOWS\SYSTEM32\lkxhrgew.dll
C:\WINDOWS\SYSTEM32\mlmmsbgk.dll
C:\WINDOWS\SYSTEM32\nhamfmih.dll
C:\WINDOWS\SYSTEM32\nuexyjrm.dll
C:\WINDOWS\SYSTEM32\onxalrcc.exe
C:\WINDOWS\SYSTEM32\pgmklocg.exe
C:\WINDOWS\SYSTEM32\pvehhpmr.dll
C:\WINDOWS\SYSTEM32\qbquilju.ini
C:\WINDOWS\SYSTEM32\qpjibvql.dll
C:\WINDOWS\SYSTEM32\qvkvmlao.dll
C:\WINDOWS\SYSTEM32\qwuhtjdl.exe
C:\WINDOWS\SYSTEM32\rcdctage.dll
C:\WINDOWS\SYSTEM32\rmphhevp.ini
C:\WINDOWS\SYSTEM32\tyvxikhl.ini
C:\WINDOWS\SYSTEM32\uelttdbr.exe
C:\WINDOWS\SYSTEM32\ufxafefg.exe
C:\WINDOWS\SYSTEM32\wirufmpi.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\QdrModule9.exe
C:\WINDOWS\SYSTEM32\emlyunum.exe
C:\WINDOWS\SYSTEM32\etxgpsyg.ini
C:\WINDOWS\SYSTEM32\faupwkxa.dll
C:\WINDOWS\SYSTEM32\gyspgxte.dll
C:\WINDOWS\SYSTEM32\hulbmlxj.dll
C:\WINDOWS\SYSTEM32\iivcqbuk.dll
C:\WINDOWS\SYSTEM32\ipmfuriw.dll
C:\WINDOWS\SYSTEM32\jkkijig.dll
C:\WINDOWS\SYSTEM32\kgbsmmlm.ini
C:\WINDOWS\SYSTEM32\ktgfxmlr.exe
C:\WINDOWS\SYSTEM32\kubqcvii.ini
C:\WINDOWS\SYSTEM32\lhkixvyt.dll
C:\WINDOWS\SYSTEM32\lkxhrgew.dll
C:\WINDOWS\SYSTEM32\mlmmsbgk.dll
C:\WINDOWS\SYSTEM32\nhamfmih.dll
C:\WINDOWS\SYSTEM32\nuexyjrm.dll
C:\WINDOWS\SYSTEM32\onxalrcc.exe
C:\WINDOWS\SYSTEM32\pgmklocg.exe
C:\WINDOWS\SYSTEM32\pvehhpmr.dll
C:\WINDOWS\SYSTEM32\qbquilju.ini
C:\WINDOWS\SYSTEM32\qpjibvql.dll
C:\WINDOWS\SYSTEM32\qvkvmlao.dll
C:\WINDOWS\SYSTEM32\qwuhtjdl.exe
C:\WINDOWS\SYSTEM32\rcdctage.dll
C:\WINDOWS\SYSTEM32\rmphhevp.ini
C:\WINDOWS\SYSTEM32\tyvxikhl.ini
C:\WINDOWS\SYSTEM32\uelttdbr.exe
C:\WINDOWS\SYSTEM32\ufxafefg.exe
C:\WINDOWS\SYSTEM32\wirufmpi.ini

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.

2007-11-21 13:20 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-20 21:08 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-11-19 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-19 23:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-19 20:51 <DIR> d-------- C:\Documents and Settings\Jake\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 23:00 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-22 00:05 32,136 -c--a-w C:\Documents and Settings\Jake\Application Data\GDIPFONTCACHEV1.DAT
2007-11-21 02:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-20 04:07 --------- d-----w C:\Program Files\Lavasoft
2007-11-20 04:07 --------- d-----w C:\Documents and Settings\Jake\Application Data\Lavasoft
2007-11-20 02:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-18 20:00 --------- d-----w C:\Program Files\Google
2007-11-13 02:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-11-03 03:39 --------- d-----w C:\Program Files\eMachineShop
2007-11-03 03:25 --------- d-----w C:\Program Files\PlayFirst
2007-11-03 03:24 --------- d-----w C:\Program Files\Oberon Media
2007-10-27 23:10 --------- d-----w C:\Program Files\Fox
2007-10-25 15:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-24 00:31 --------- d-----w C:\Program Files\PartyGaming
2007-10-20 23:18 --------- d-----w C:\Program Files\Java
2007-10-15 21:33 --------- d-----w C:\Program Files\TrialsPro
2007-10-15 21:28 --------- d-----w C:\Program Files\Common Files\Java
2007-10-14 20:06 --------- d-----w C:\Program Files\Trials Basic
2007-10-05 01:41 --------- d-----w C:\Program Files\LimeWire
2007-09-28 23:18 --------- d-----w C:\Program Files\WinMX
2006-02-28 01:37 255 -c-ha-w C:\Program Files\hpothb07.tif
2006-02-28 01:37 146 -c-ha-w C:\Program Files\hpothb07.dat
2006-02-28 01:35 387 -c-ha-w C:\Documents and Settings\Jake\hpothb07.dat
2005-05-21 06:19 807 -c--a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((( snapshot@2007-11-21_14.41.48.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-13 02:05:26 5,592 -c--a-w C:\WINDOWS\SYSTEM32\Restore\rstrlog.dat
+ 2007-11-27 22:48:46 755,880 -c--a-w C:\WINDOWS\SYSTEM32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{210E1B78-2106-4513-8C3C-865039CD98AB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{339D1C63-731D-49A0-9D2F-23B61D106378}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E195139-4D99-460E-8530-627C92C2ACFF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A95E395-78A5-4920-93B7-77436A9AA3AB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]
C:\Program Files\QdrDrive\QdrDrive8.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEB5F39D-1214-4E41-8FC0-62331846E996}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5307BD0-1DB5-4AF5-9523-1F51C15161D8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Symantec NetDriver Monitor"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE" []
"avpa"="C:\WINDOWS\system32\avpo.exe" []
"QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
"XeroxScannerDaemon"="C:\Program Files\Xerox\NWWia\XrxFTPLt.exe" [2001-08-17 21:37]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 15:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 14:18]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" [2004-01-26 21:47]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-24 00:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 02:56 C:\WINDOWS\SYSTEM32\narrator.exe]

C:\Documents and Settings\Ann\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2005-01-28 21:36:25]

C:\Documents and Settings\Jake\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2005-06-09 13:58:45]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-06-19 14:20:01]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-05-28 09:06:47]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 00:37:10]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AA6B979A-796F-452A-94B3-DF1F17B72031}"= C:\WINDOWS\winpow32.dll [ ]
C:\WINDOWS\System32\NavLogon.dll 2004-03-12 14:17 83176 C:\WINDOWS\SYSTEM32\NavLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jake^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Jake\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 09:36 256576 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

S3 GT680xNT;Visioneer OneTouch 7300 Driver;C:\WINDOWS\system32\drivers\gt680x.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-22 22:25:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-05-28 00:33:34 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1141087999.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 17:14:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-28 17:16:46 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-27 18:01
C:\ComboFix3.txt ... 2007-11-27 17:26
.
--- E O F ---

#6 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 28 November 2007 - 05:27 PM

bigjeepzz

You are most welcome.

Could I see a fresh Hijackthis log.
Posted Image
Microsoft MVP - Windows Security

#7 bigjeepzz

bigjeepzz
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 28 November 2007 - 09:44 PM

Here you go...



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:47 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {210E1B78-2106-4513-8C3C-865039CD98AB} - (no file)
O2 - BHO: (no name) - {339D1C63-731D-49A0-9D2F-23B61D106378} - (no file)
O2 - BHO: (no name) - {3E195139-4D99-460E-8530-627C92C2ACFF} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5A95E395-78A5-4920-93B7-77436A9AA3AB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {AEB5F39D-1214-4E41-8FC0-62331846E996} - (no file)
O2 - BHO: (no name) - {F5307BD0-1DB5-4AF5-9523-1F51C15161D8} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [XeroxScannerDaemon] "C:\Program Files\Xerox\NWWia\XrxFTPLt.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [masqform.exe] "C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" -UpdateCurrentUser
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.apus.edu/li...s/ebraryRdr.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10369 bytes

#8 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 29 November 2007 - 11:30 AM

bigjeepzz

1. Rerun Hijackthis (scan only) and place checks beside the following entriesO2 - BHO: (no name) - {210E1B78-2106-4513-8C3C-865039CD98AB} - (no file)
O2 - BHO: (no name) - {339D1C63-731D-49A0-9D2F-23B61D106378} - (no file)
O2 - BHO: (no name) - {3E195139-4D99-460E-8530-627C92C2ACFF} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5A95E395-78A5-4920-93B7-77436A9AA3AB} - (no file)
O2 - BHO: (no name) - {AEB5F39D-1214-4E41-8FC0-62331846E996} - (no file)
O2 - BHO: (no name) - {F5307BD0-1DB5-4AF5-9523-1F51C15161D8} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\svchost.exe
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

Close all other open windows except Hijackthis and Select "Fix checked"

Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log
Posted Image
Microsoft MVP - Windows Security

#9 bigjeepzz

bigjeepzz
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 29 November 2007 - 08:40 PM

Dude I cannot thank you enough for what you are doing. Keep up the great work!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:58 PM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [XeroxScannerDaemon] "C:\Program Files\Xerox\NWWia\XrxFTPLt.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [masqform.exe] "C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" -UpdateCurrentUser
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.apus.edu/li...s/ebraryRdr.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9436 bytes

#10 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 30 November 2007 - 08:33 AM

bigjeepzz

You are most welcome

1. Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.

2. Run an online virus scan called Kaspersky from HERE.1. Click on "Kaspersky Online Scanner"
2. A new smaller window will pop up. Press on "Accept". After reading the contents.
3. Now Kaspersky will update the anti-virus database. Let it run.
4. Click on "Next"->>"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
5. Then click on "My Computer". And the scan will start.
6. When the scan is complete Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.
Copy and post the results of the Kaspersky Online scan

==========

Note: For IE7 uers. You may get returned to a window without the Accept/Decline buttons after allowing the ActiveX control. The buttons are there - you just can't see them! Click on the zoom button (bottom, right of the window) and change it from 100% to 75%. You should now see the buttons. Reset to 100% once the license has been accepted.
Posted Image
Microsoft MVP - Windows Security

#11 bigjeepzz

bigjeepzz
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 04 December 2007 - 05:24 PM

I have been having some ISP problems lately and I havn't been able to get this program downloaded. I have solved my problems and I will be posting the log later.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users