Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde


  • Please log in to reply
3 replies to this topic

#1 silpossible

silpossible

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 23 January 2008 - 06:20 PM

I've tried to see if i can get rid of it and i think i did....but maybe there is still more viruses....also
i keep setting my privacy setting to medium so that it wont accept all cookies but everytime i close it
wen i open it again its on accept all cookie..






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:51 PM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Spyware Doctor\pctsTray .exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Windows Defender\MSASCui .exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
C:\Program Files\AWS\WeatherBug\Weather .exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkhhe.exe
O2 - BHO: (no name) - {03AB003E-A5B3-4E6C-80A7-72A08422D9FE} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {e5dc276e-ad9b-4e1a-dfc4-2bbd474a3bc1} - {1cb3a474-dbb2-4cfd-a1e4-b9dae672cd5e} - C:\WINDOWS\system32\fhowqmfa.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [e00411a6] rundll32.exe "C:\WINDOWS\system32\qdmtmcyu.dll",b
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8677] command /c del "C:\WINDOWS\system32\jkhhe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9582] cmd /c del "C:\WINDOWS\system32\jkhhe.dll_old"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather .exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200803477343
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 9143 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 28 January 2008 - 02:03 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum silpossible
My name is Richie and i'll be helping you to fix your problems.

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 4'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation jre-6u4-windows-i586-p.exe' [15.12 MB] and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.


Please disable Spybot S&Dís protection,or it will interfere.
You can enable it after you're clean.

Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Restart the computer.
If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm


If you have previously downloaded ComboFix,please delete that version now.
Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,NOT for private use.
Using this tool incorrectly could render your system/pc inoperable.

Now download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 silpossible

silpossible
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 06 February 2008 - 11:51 PM

here is the COMBO FIX log:



ComboFix 08-02.05.3 - Compaq_Owner 2008-02-06 22:26:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.108 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jkhhe.dll
C:\Program Files\Ares\Ares.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bdmwhmpo.exe
C:\WINDOWS\system32\bjkwrsyg.ini
C:\WINDOWS\system32\crwthngb.dll
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ehhkj.ini
C:\WINDOWS\system32\ehhkj.ini2
C:\WINDOWS\system32\fhowqmfa.dll
C:\WINDOWS\system32\gxcojjxf.dll
C:\WINDOWS\system32\gysrwkjb.dll
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\jkhhe.exe
C:\WINDOWS\system32\qckyydwq.ini
C:\WINDOWS\system32\RCX1F.tmp
C:\WINDOWS\system32\uybywcnr.dll
C:\WINDOWS\system32\uycmtmdq.ini
C:\WINDOWS\system32\wnxfhtuq.ini

<pre>
C:\Program Files\Yahoo!\Messenger\YAHOOM~1   .EXE ---> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
</pre>
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-06 22:43 . 2008-02-06 22:43 0 --a------ C:\WINDOWS\system32\jkhhe.dll
2008-02-06 22:13 . 2008-02-06 22:13 <DIR> d-------- C:\Program Files\Sun
2008-02-06 22:13 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-05 22:07 . 2008-02-05 22:07 <DIR> dr-h----- C:\Documents and Settings\Compaq_Owner\Application Data\yahoo!
2008-02-04 14:14 . 2008-02-04 14:14 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-02-04 14:14 . 2008-02-04 14:14 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-02-04 14:05 . 2008-02-04 14:07 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-03 21:38 . 2008-02-03 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-02-02 14:38 . 2008-02-02 14:56 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\PowerChallenge
2008-02-01 03:00 . 2008-02-01 03:00 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-01 02:54 . 2008-02-01 02:56 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-01-29 16:11 . 2008-02-06 10:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-29 16:11 . 2008-01-29 16:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-29 16:05 . 2008-01-29 16:05 <DIR> d-------- C:\Program Files\Bonjour
2008-01-29 15:58 . 2008-01-29 15:58 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-27 17:16 . 2008-01-27 17:16 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\GTek
2008-01-27 17:16 . 2008-01-27 17:16 3,716 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2008-01-25 06:25 . 2008-02-04 14:05 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-23 18:14 . 2008-01-23 18:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-22 22:16 . 2008-01-23 00:34 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-22 21:51 . 2008-01-22 22:09 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\.housecall6.6
2008-01-22 18:15 . 2008-02-06 22:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-22 18:15 . 2008-01-22 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-22 17:25 . 2008-01-22 17:25 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-22 17:25 . 2008-01-22 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-22 17:23 . 2008-01-22 17:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-22 16:48 . 2008-02-06 22:38 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-22 16:48 . 2008-01-22 16:48 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\PC Tools
2008-01-22 16:48 . 2008-02-06 22:44 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-22 16:48 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-22 16:48 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-22 16:48 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-22 16:48 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-21 22:43 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-21 22:43 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-21 22:43 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-21 22:34 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-01-20 19:13 . 2008-01-20 19:13 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2008-01-20 16:35 . 2008-02-04 20:59 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-20 14:50 . 2008-01-20 16:24 <DIR> d-------- C:\Program Files\Parental Control
2008-01-20 14:50 . 2008-01-20 14:50 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\ParentalControl
2008-01-20 14:50 . 2008-01-20 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParentalControl
2008-01-20 14:44 . 2008-01-20 14:44 <DIR> d-------- C:\Program Files\AWS
2008-01-20 14:44 . 2008-01-20 14:44 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\WeatherBug
2008-01-20 11:55 . 2007-02-28 04:10 2,180,352 --a------ C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-01-20 11:55 . 2007-02-28 04:08 2,136,064 --a------ C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-01-20 11:55 . 2007-02-28 03:38 2,057,600 --a------ C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-01-20 11:55 . 2007-02-28 03:38 2,015,744 --a------ C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-01-20 11:53 . 2006-06-01 13:47 163,840 --a------ C:\WINDOWS\system32\dllcache\jgdw400.dll
2008-01-20 11:53 . 2006-06-01 13:47 27,648 --a------ C:\WINDOWS\system32\dllcache\jgpl400.dll
2008-01-20 11:52 . 2007-10-10 18:55 6,065,664 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-20 11:52 . 2007-06-30 22:31 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-20 11:52 . 2007-06-30 22:36 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-20 11:52 . 2007-10-10 18:55 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-20 11:52 . 2007-10-10 18:55 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-20 11:52 . 2007-10-10 18:55 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-20 11:52 . 2007-10-10 18:55 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-20 11:52 . 2007-10-10 18:55 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-20 11:52 . 2007-10-10 05:59 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-19 23:41 . 2008-02-06 22:44 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2008-01-19 23:31 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-01-19 23:31 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-19 23:31 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-19 23:31 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-19 23:31 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-19 22:59 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-19 22:08 . 2004-08-04 07:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-19 22:08 . 2008-01-19 22:08 1,850 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_PX790AA-ABA SR1511NX NA530_YC_0Pres_QCNH519_E53NAheRED2_47_ISalmon_SASUSTek Computer INC._V1.04_B3.12_T050420_WXH2_L409_M384_J100_7AMD_8Sempron_91.81_#050805_N10390900_Z10573052_G10396330.MRK
2008-01-19 22:07 . 2005-05-06 21:14 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\WINDOWS
2008-01-19 22:07 . 2005-05-06 21:38 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Symantec
2008-01-19 22:07 . 2005-05-06 21:29 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
2008-01-19 22:07 . 2005-05-06 21:34 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\InterMute
2008-01-19 22:07 . 2005-05-06 21:13 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
2008-01-19 22:06 . 2005-05-06 21:14 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-01-19 22:06 . 2005-05-06 21:38 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-01-19 22:06 . 2005-05-06 21:29 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-01-19 22:06 . 2005-05-06 21:34 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\InterMute
2008-01-19 22:06 . 2005-05-06 21:13 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer
2008-01-19 16:30 . 2008-01-19 16:30 <DIR> d-------- C:\Documents and Settings\Asael A\Application Data\Yahoo!
2008-01-19 16:29 . 2005-05-06 21:14 <DIR> d-------- C:\Documents and Settings\Asael A\WINDOWS
2008-01-19 16:29 . 2005-05-06 21:38 <DIR> d-------- C:\Documents and Settings\Asael A\Application Data\Symantec
2008-01-19 16:29 . 2005-05-06 21:29 <DIR> d-------- C:\Documents and Settings\Asael A\Application Data\SampleView
2008-01-19 16:29 . 2005-05-06 21:34 <DIR> d-------- C:\Documents and Settings\Asael A\Application Data\InterMute
2008-01-19 16:29 . 2007-11-25 20:01 <DIR> d-------- C:\Documents and Settings\Asael A\Application Data\Gtek
2008-01-19 16:29 . 2005-05-06 21:13 <DIR> d-------- C:\Documents and Settings\Asael A\Application Data\Apple Computer
2008-01-19 13:43 . 2006-06-23 08:26 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-01-17 22:34 . 2008-02-06 22:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-16 22:36 . 2008-01-16 22:36 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-16 18:53 . 2008-01-19 23:09 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 03:38 --------- d-----w C:\Program Files\QuickTime
2008-02-07 03:38 --------- d-----w C:\Program Files\iTunes
2008-02-07 03:38 --------- d-----w C:\Program Files\Ares
2008-02-07 03:13 --------- d-----w C:\Program Files\Java
2008-02-06 03:11 --------- d-----w C:\Program Files\Yahoo!
2008-02-06 03:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-02-05 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-23 02:39 --------- d-----w C:\Program Files\RegistryFix
2008-01-23 02:39 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-01-21 01:17 --------- d-----w C:\Program Files\Microsoft Works
2008-01-20 19:52 --------- d-----w C:\Program Files\Symantec
2008-01-20 16:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-20 04:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 04:59 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-20 03:52 --------- d-----w C:\Program Files\Google
2008-01-20 03:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-20 03:29 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-20 03:29 --------- d-----w C:\Program Files\Setup NetZero
2008-01-20 03:29 --------- d-----w C:\Program Files\Quicken
2008-01-20 03:29 --------- d-----w C:\Program Files\PeoplePC Accelerated
2008-01-20 03:29 --------- d-----w C:\Program Files\PC-Doctor for Windows
2008-01-20 03:29 --------- d-----w C:\Program Files\MSN Encarta Standard
2008-01-20 03:29 --------- d-----w C:\Program Files\DivX
2008-01-20 03:29 --------- d-----w C:\Program Files\AOL Toolbar
2008-01-20 03:29 --------- d-----w C:\Program Files\America Online 9.0d
2008-01-20 03:29 --------- d-----w C:\Program Files\America Online 9.0c
2008-01-20 03:29 --------- d-----w C:\Program Files\America Online 9.0b
2008-01-20 03:29 --------- d-----w C:\Program Files\America Online 9.0
2008-01-20 03:19 --------- d-----w C:\Program Files\Easy Internet signup
2008-01-20 03:08 1,850 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_PX790AA-ABA SR1511NX NA530_YC_0Pres_QCNH519_E53NAheRED2_47_ISalmon_SASUSTek Computer INC._V1.04_B3.12_T050420_WXH2_L409_M384_J100_7AMD_8Sempron_91.81_#050805_N10390900_Z10573052_G10396330.MRK
2008-01-16 23:57 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2008-01-16 22:37 --------- d-----w C:\Program Files\Palm
2008-01-16 22:37 --------- d-----w C:\Program Files\Documents To Go
2008-01-16 22:31 377,856 ----a-w C:\WINDOWS\mrofinu72.exe.tmp
2008-01-09 21:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-01-03 17:37 --------- d-----w C:\Program Files\AskSBar
2008-01-01 19:42 --------- d-----w C:\Documents and Settings\Guest\Application Data\Yahoo!
2008-01-01 17:44 --------- d-----w C:\Documents and Settings\Guest\Application Data\Gtek
2006-05-08 01:57 422 -c--a-w C:\Documents and Settings\Ulises.SILVIO\Application Data\wklnhst.dat
2005-12-24 16:00 0 -c--a-w C:\Program Files\konami.dat
2005-11-25 19:07 164 -c--a-w C:\Documents and Settings\Misael.SILVIO\Application Data\wklnhst.dat
2005-09-07 23:54 0 -c--a-w C:\Documents and Settings\Ulises\Application Data\wklnhst.dat
2005-09-25 00:10 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
<pre>
----a-w		   253,952 2008-01-22 23:06:01  C:\hp\drivers\hplsbwatcher\lsburnwatcher .exe
----a-w		   307,200 2008-01-16 22:32:09  C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w		 1,317,888 2008-01-20 02:25:45  C:\Program Files\Ares\Ares   .exe
----a-w		 1,317,888 2008-01-19 19:04:28  C:\Program Files\Ares\Ares  .exe
----a-w		   961,536 2008-01-19 23:45:42  C:\Program Files\Ares\Ares .exe
----a-w		 1,736,704 2008-02-07 03:44:00  C:\Program Files\AWS\WeatherBug\Weather .exe
----a-w		   180,269 2008-01-22 23:06:02  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w		   171,448 2008-02-06 15:33:24  C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
----a-w		   586,752 2008-01-16 23:57:24  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp  .exe
----a-w		   586,752 2008-01-16 22:31:44  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
----a-w		   267,048 2008-02-06 15:33:23  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			36,975 2008-01-16 22:31:53  C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
----a-w		   454,784 2008-01-19 23:55:33  C:\Program Files\Linksys EasyLink Advisor\LinksysAgent .exe
----a-w		 6,088,192 2008-01-20 20:34:45  C:\Program Files\Parental Control\ParentalControl .exe
----a-w		   653,824 2008-01-16 23:57:27  C:\Program Files\QuickTime\qttask   .exe
----a-w		   653,824 2008-01-16 22:31:47  C:\Program Files\QuickTime\qttask  .exe
----a-w		   653,824 2008-01-15 00:26:08  C:\Program Files\QuickTime\qttask .exe
----a-w		 1,460,560 2008-02-06 15:33:46  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w		 1,103,752 2008-02-06 15:31:16  C:\Program Files\Spyware Doctor\pctsTray .exe
----a-w		 3,461,120 2008-01-16 22:32:25  C:\Program Files\Veoh Networks\Veoh\VeohClient .exe
----a-w		   866,584 2008-02-06 15:31:55  C:\Program Files\Windows Defender\MSASCui .exe
----a-w		 4,670,704 2008-02-06 03:08:35  C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w		   224,248 2008-01-16 22:32:03  C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe
----a-w		   315,904 2008-02-04 20:23:32  C:\WINDOWS\inf\unregmp2 .exe
----a-w			15,360 2008-02-05 01:59:10  C:\WINDOWS\system32\ctfmon .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FEDBD43-317E-4CB1-8630-C7F0B0EAEA1C}]
2008-02-06 22:43 336384 --a------ C:\WINDOWS\system32\jkhhe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-01-20 14:41 267592 --a------ C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL [2008-01-20 14:41 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"ares"="C:\Program Files\Ares\Ares.exe" [ ]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather .exe" [2008-02-06 22:44 1736704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-04 18:54 49152 C:\WINDOWS\system32\SiSPower.dll]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [ ]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 04:56 544768 C:\WINDOWS\sm56hlpr.exe]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [ ]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [ ]
"e00411a6"="C:\WINDOWS\system32\qdmtmcyu.dll" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2008-02-06 22:44 488960]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 21:07:32 81920]
SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\sslaunch.exe [2005-05-06 21:15:49 73728]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoMultiIE"= 0 (0x0)
"LWA"= 0 (0x0)
"LWB"= 0 (0x0)
"LWC"= 0 (0x0)
"LWD"= 0 (0x0)
"LWE"= 0 (0x0)
"LWF"= 0 (0x0)
"LWG"= 0 (0x0)
"LWH"= 0 (0x0)
"LWI"= 0 (0x0)
"LWJ"= 0 (0x0)
"LWK"= 0 (0x0)
"LWL"= 0 (0x0)
"LWM"= 0 (0x0)
"LWN"= 0 (0x0)
"LWO"= 0 (0x0)
"LWP"= 0 (0x0)
"LWQ"= 0 (0x0)
"LWR"= 0 (0x0)
"LWS"= 0 (0x0)
"LWT"= 0 (0x0)
"LWU"= 0 (0x0)
"LWV"= 0 (0x0)
"LWW"= 0 (0x0)
"LWX"= 0 (0x0)
"LWY"= 0 (0x0)
"LWZ"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\jkhhe.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkhhe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 21:00:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-07 03:46:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 22:43:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-06 22:50:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-07 03:50:20
ComboFix2.txt 2008-01-18 04:11:34
.
2008-02-05 21:45:25 --- E O F ---







here is the HIJACK LOG :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:15 PM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\AWS\WeatherBug\Weather .exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkhhe.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [e00411a6] rundll32.exe "C:\WINDOWS\system32\yksosqin.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather .exe 1
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200803477343
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7944 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 21 February 2008 - 08:00 PM

Apologies for the late response,i somehow missed the email notification of your reply.
If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let me know.
If you still require help,please post a new Hijackthis log into this topic in your next reply.
Also post a detailed description of the issues you still may be experiencing.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users