Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde, Reditty, Search Stt, Crush Calculator? Wtf


  • This topic is locked This topic is locked
24 replies to this topic

#1 bleepingninja

bleepingninja

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 21 February 2008 - 01:28 AM

ran adaware, spybot, spy doctor... keeps coming back and crashing my explorer as well as disconnecting my internet randomly. :thumbsup:

never done a hijack log since the programs and norton usually do the trick... not this time unfortunately.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:00 PM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli .exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray .exe
C:\Program Files\DIGStream\digstream .exe
C:\Program Files\ESPNRunTime\DIGServices .exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind .exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\travel\Local Settings\Temporary Internet Files\Content.IE5\V0N9FPGT\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddabx.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {e70a78b4-8f0e-8df9-8fe4-31503c473fa2} - {2af374c3-0513-4ef8-9fd8-e0f84b87a07e} - C:\WINDOWS\system32\meedyxch.dll
O2 - BHO: (no name) - {3AF096FC-35B5-4E0E-954C-7798807C1BCD} - (no file)
O2 - BHO: (no name) - {4b3a2224-d4aa-447f-8b37-900309dcf8f0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5CC59997-40F7-40C4-8365-2C0865D97A81} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\nnnlmjg.dll
O2 - BHO: (no name) - {726F5609-CB75-40C4-AA51-5864697CDEBF} - (no file)
O2 - BHO: (no name) - {8F3C73ED-2A22-4D43-A6A8-5C0EA4E8C35D} - (no file)
O2 - BHO: (no name) - {90BAA812-E367-4649-AAD2-E1C6940C4101} - (no file)
O2 - BHO: (no name) - {A7C597E5-D707-4358-8F95-5D21FF83B171} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BC7340E2-B648-4A4B-96CA-D4E1C50DE8DC} - C:\WINDOWS\system32\ddabx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DBA5D864-A117-484B-91C6-ACBFC3DC83CE} - (no file)
O2 - BHO: (no name) - {f91c96b0-4be3-4532-ba9f-3ae5fe92c53e} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\MC74AE~1.EXE /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [34cb8687] rundll32.exe "C:\WINDOWS\system32\sqtjwudl.dll",b
O4 - HKLM\..\Run: [BM37f8b51b] Rundll32.exe "C:\WINDOWS\system32\khbfuwsp.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent .exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim .exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: nnnlmjg - C:\WINDOWS\SYSTEM32\nnnlmjg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 12753 bytes

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:26 PM

Posted 21 February 2008 - 07:35 AM

Hi,

First of all, I notice from the log that there are running more than one different Anti-Virus programs with Auto-protect enabled. Norton and McAfee.
Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!
The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.
Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown.

So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.
Then reboot after uninstalling.

Also, I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.
After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
Doubleclick ResetTeaTimer.bat and let it run.
This will only take a few seconds.

Then, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 bleepingninja

bleepingninja
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 26 February 2008 - 03:03 AM

hi, thanks for your reply. mcafee doesn't work. i've tried removing it several times through remove programs in the control panel and the uninstall file, but it freezes during the uninstall. It's been installed for awhile w/ the norton before i ever got the malware. i know sounds goofy, but didn't have any problems with it before since norton is the only one that runs correctly.

i removed teatimer via the resetteatimer.bat. however, i'm having problems running combofix. I installed the windows console, and the combofix runs through all the stages. however, at the end of the stages, it says it wants to open another window, which it does, and then it says it's rebooting the machine. After it reboots by itself, the combofix window shows up for a sec and goes away. i cant find any log created by combofix. it says under the instructions that it creates it under C:, but i've found nothing. however, i'm running combo fix off my desktop, and after it reboots, i do see a new zip file on my desktop called "catchme.zip" and it contains a file called jkkli.dll. the system clock is never fixed either, so it doesn't look like combofix continues after the reboot. i still have malware. it even replaces images when i pull up webpages. out of control

please help! :thumbsup:

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:26 PM

Posted 26 February 2008 - 06:47 AM

Hi,

The reason why Combofix won't work is because McAfee AND Norton are preventing it running properly.

Let's delete McAfee first..

* Download and run the McAfee Consumer Products Removal tool (MCPR.exe).
Running the McAfee Consumer Product Removal tool (MCPR.exe) removes all 2005, 2006, and 2007 versions of McAfee consumer products.
  • McAfee Security Center
  • McAfee VirusScan
  • McAfee Personal Firewall Plus
  • McAfee Privacy Service
  • McAfee SpamKiller
  • McAfee Wireless Network Security
  • McAfee SiteAdvisor
  • McAfee Data Backup
  • McAfee Network Manager
  • McAfee Easy Network
  • McAfee AntiSpyware
Download the removal tool from http://download.mcafee.com/products/licens...atches/MCPR.exe
  • Click Save and save the file to any folder on the computer.
  • Navigate to the folder where the file is saved.
  • Double-click MCPR.exe.
  • Click Run. A Command Line window will be displayed, and then close automatically. Wait for a second Command Line window to be displayed.
    Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.
    After the second window appears, the program will begin the cleanup.
  • Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window:
    The machine must reboot to complete the un-installation. Reboot now? [y.n]
  • Press Y on the keyboard.
  • Wait for the computer to restart.
All McAfee products are now removed from your computer.
These McAfee removal instructions can be found at http://ts.mcafeehelp.com/faq3.asp?docid=408302

Then, try to run Combofix again, but close your Norton first.

If that didn't work, run Combofix in Windows Safe mode.

°To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.
Choose Safe Mode from the menu that will appear and press Enter.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 bleepingninja

bleepingninja
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 29 February 2008 - 12:51 AM

k, i removed mcafee. thanks for the link. however, i can't get combofix from start to finish... i tried a few times already, 1st turning off my norton, then in safe mode. this is the only thing i could get from the log called combofix.txt, but it's kind of obvious it's not complete. Any suggestions? windows console is already installed. should i reinstall combo fix? everytime it looks like it's working, but after it forces a reboot, it'll sit around for up to an hour w/ the command prompt up without doing anything. there's a 2nd window up called kmd.exe but it's black and doesn't show any processes running. i figured it was part of combofix, but they both just sit there :thumbsup:

ComboFix 08-02-22 - travel 2008-02-28 20:43:17.10 - NTFSx86 MINIMAL
Running from: C:\ComboFix\ComboFix.exe
.
/wow section not completed

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jkhhe.dll
.
---- Previous Run -------
.
C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dwrefqil.dll
C:\WINDOWS\system32\ehhkj.ini
C:\WINDOWS\system32\ehhkj.ini2
C:\WINDOWS\system32\eilunujk.ini
C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\jhfesiid.dll
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\jkhhe.exe
C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\jkkli.exe
C:\WINDOWS\system32\kjunulie.dll
C:\WINDOWS\system32\nuyiajaj.dll
C:\WINDOWS\system32\vyptdpsv.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 )))))))))))))))))))))))))))))))
.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:26 PM

Posted 29 February 2008 - 01:32 AM

Hi,

Can you post a new HijackThislog please?
Also, Combofix.exe didn't run from your desktop as said in the instructions...

Edited by miekiemoes, 29 February 2008 - 01:34 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 bleepingninja

bleepingninja
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 02 March 2008 - 11:19 PM

i originally ran it several times from my desktop, but it would never finish creating the log file that's supposed to be located at C:\combofix.txt. the farthest it got was a reboot and the "preparing log screen". I would let it run for over an hour and nothing happened. so i moved the combofix.exe to my c: drive in hopes that it would work. i guess that was incorrect from your feedback. here is my hijack log. thank you in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14, on 2008-03-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\hijackthis\HiJackThis_v2.exe
C:\WINDOWS\explorer.exe
C:\Program Files\hijackthis\HiJackThis.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DNA\btdna .exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkjh.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [34cb8687] rundll32.exe "C:\WINDOWS\system32\dxkjmuxm.dll",b
O4 - HKLM\..\Run: [BM37f8b51b] Rundll32.exe "C:\WINDOWS\system32\ukaiorky.dll",s
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim .exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O24 - Desktop Component 1: (no name) - http://www.jtuned.com/media/gallery/papers...lpaper/1280.jpg
O24 - Desktop Component 2: (no name) - http://mail.google.com/mail/?attid=0.4&...182f9547b6b79fc

--
End of file - 8564 bytes

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:26 PM

Posted 03 March 2008 - 02:53 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Then,
Please delete Combofix and redownload it again since it has been updated.

Then try it again. If it doesn't work, try it from Windows Safe mode.

Edited by miekiemoes, 03 March 2008 - 02:54 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 bleepingninja

bleepingninja
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 04 March 2008 - 02:16 AM

Malwarebytes' Anti-Malware 1.05
Database version: 449

Scan type: Quick Scan
Objects scanned: 29341
Time elapsed: 39 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 21
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\dsxtrrys.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\pmkjh.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\nnnlmjg.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ee922d2-bde2-4744-b6a0-a7d8cfebe3ef} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2ee922d2-bde2-4744-b6a0-a7d8cfebe3ef} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlmjg (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Vundo) -> Data: c:\windows\system32\pmkjh.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmkjh -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmkjh -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\cnlbfqlt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tlqfblnc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dsxtrrys.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\syrrtxsd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxkjmuxm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mxumjkxd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmkjh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmkjh.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hjkmp.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hjkmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtutu.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ututv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ututv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnlmjg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\LD3A4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\314.tmp (Adware.Purityscan) -> Quarantined and deleted successfully.
C:\338.tmp (Adware.Purityscan) -> Quarantined and deleted successfully.
C:\315.tmp (Heuristic.Malware) -> Quarantined and deleted successfully.
C:\316.tmp (Heuristic.Malware) -> Quarantined and deleted successfully.

#10 bleepingninja

bleepingninja
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 04 March 2008 - 02:19 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18, on 2008-03-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\hijackthis\HiJackThis.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DNA\btdna .exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkjh.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [34cb8687] rundll32.exe "C:\WINDOWS\system32\dsxtrrys.dll",b
O4 - HKLM\..\Run: [BM37f8b51b] Rundll32.exe "C:\WINDOWS\system32\hjlgygyn.dll",s
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna .exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim .exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O24 - Desktop Component 0: (no name) - http://reebok.zugara.com/RBK_music/wallpap...wallpapers1.jpg
O24 - Desktop Component 1: (no name) - http://www.jtuned.com/media/gallery/papers...lpaper/1280.jpg
O24 - Desktop Component 2: (no name) - http://mail.google.com/mail/?attid=0.4&...182f9547b6b79fc

--
End of file - 8727 bytes

#11 bleepingninja

bleepingninja
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 04 March 2008 - 02:58 AM

finally ran okay. here's the combo log
ComboFix 08-03-04.2 - travel 2008-03-03 23:29:34.11 - NTFSx86
Running from: C:\Documents and Settings\travel\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM37f8b51b.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bfkdghdf.dll
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\dkrfxafh.dll
C:\WINDOWS\system32\dsxtrrys.dll
C:\WINDOWS\system32\ffrscieu.dll
C:\WINDOWS\system32\gdcynxwb.dll
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjlgygyn.dll
C:\WINDOWS\system32\hviicocy.dll
C:\WINDOWS\system32\oxkwcoix.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.exe
C:\WINDOWS\system32\qarxwbgi.dll
C:\WINDOWS\system32\shpvkpic.dll
C:\WINDOWS\system32\ukaiorky.dll
C:\WINDOWS\system32\vhflngcu.dll
C:\WINDOWS\system32\vtutu.exe
C:\WINDOWS\system32\vujinlaf.dll
C:\WINDOWS\system32\wawjfrnd.dll
C:\WINDOWS\system32\xfasdwhf.dll
.
---- Previous Run -------
.
C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dwrefqil.dll
C:\WINDOWS\system32\ehhkj.ini
C:\WINDOWS\system32\ehhkj.ini2
C:\WINDOWS\system32\eilunujk.ini
C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\jhfesiid.dll
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\jkhhe.exe
C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\jkkli.exe
C:\WINDOWS\system32\kjunulie.dll
C:\WINDOWS\system32\nuyiajaj.dll
C:\WINDOWS\system32\vyptdpsv.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.

2008-03-03 22:08 . 2008-03-03 22:08 <DIR> d-------- C:\Documents and Settings\travel\Application Data\Malwarebytes
2008-03-03 22:07 . 2008-03-03 23:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-03 22:07 . 2008-03-03 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-02 07:40 . 2008-03-02 07:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-02 07:40 . 2008-03-02 07:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-01 08:49 . 2008-03-02 07:21 1,614 ---hs---- C:\WINDOWS\system32\xexumryl.ini
2008-02-29 07:50 . 2008-03-03 23:40 <DIR> d-------- C:\Program Files\DNA
2008-02-29 07:50 . 2008-03-03 01:45 <DIR> d-------- C:\Documents and Settings\travel\Application Data\DNA
2008-02-29 07:31 . 2008-03-01 08:43 1,374 ---hs---- C:\WINDOWS\system32\vxloevnn.ini
2008-02-28 21:28 . 2008-02-29 07:27 654 ---hs---- C:\WINDOWS\system32\xnuqxnnd.ini
2008-02-26 21:25 . 2008-02-27 21:11 1,554 --ahs---- C:\WINDOWS\system32\reowtopy.ini
2008-02-24 22:35 . 2008-02-28 21:08 388,608 --a------ C:\WINDOWS\system32\kmd .exe
2008-02-23 00:18 . 2008-02-24 02:34 834 --ahs---- C:\WINDOWS\system32\nxwtmmbl.ini
2008-02-20 21:18 . 2008-02-20 21:18 344,064 --a------ C:\WINDOWS\system32\RCX51C.tmp
2008-02-19 22:47 . 2008-02-19 22:47 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-18 20:18 . 2008-02-19 20:06 4,074 --ahs---- C:\WINDOWS\system32\pxomdbtx.ini
2008-02-17 20:20 . 2008-02-18 20:15 3,054 --ahs---- C:\WINDOWS\system32\tqqxraak.ini
2008-02-16 10:06 . 2008-02-17 20:16 1,794 --ahs---- C:\WINDOWS\system32\stfilvdh.ini
2008-02-14 21:31 . 2008-02-28 22:51 299 --a------ C:\WINDOWS\wininit.ini
2008-02-13 22:20 . 2008-02-19 08:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-13 21:47 . 2008-02-14 21:53 1,194 --ahs---- C:\WINDOWS\system32\wryrrakw.ini
2008-02-13 21:44 . 2008-02-13 21:44 534 --ahs---- C:\WINDOWS\system32\lfdhsjca.ini
2008-02-13 20:44 . 2008-02-13 21:29 474 --ahs---- C:\WINDOWS\system32\wtnqumff.ini
2008-02-13 20:41 . 2008-02-13 20:41 294 --ahs---- C:\WINDOWS\system32\iacwuvci.ini
2008-02-12 01:02 . 2008-02-12 01:02 294 --ahs---- C:\WINDOWS\system32\twsilgth.ini
2008-02-11 01:08 . 2008-02-11 01:08 294 --ahs---- C:\WINDOWS\system32\wbjnnnhm.ini
2008-02-10 01:05 . 2008-02-10 02:01 2,154 --ahs---- C:\WINDOWS\system32\tjjibaiu.ini
2008-02-10 01:02 . 2008-02-10 01:02 1,914 --ahs---- C:\WINDOWS\system32\hjfmoggw.ini
2008-02-08 08:46 . 2008-02-10 00:58 1,854 --ahs---- C:\WINDOWS\system32\qsfdusgw.ini
2008-02-08 08:44 . 2008-02-08 08:44 1,734 --ahs---- C:\WINDOWS\system32\axvnarno.ini
2008-02-07 08:49 . 2008-02-08 07:36 1,674 --ahs---- C:\WINDOWS\system32\cjbkvywh.ini
2008-02-07 08:43 . 2008-02-07 08:43 1,194 --ahs---- C:\WINDOWS\system32\prpndxpx.ini
2008-02-07 00:57 . 2008-02-07 00:55 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-07 00:57 . 2008-02-07 00:57 3,449 --a------ C:\WINDOWS\unins000.dat
2008-02-06 08:41 . 2008-02-07 08:40 1,134 --ahs---- C:\WINDOWS\system32\eouuhpsr.ini
2008-02-06 08:35 . 2008-02-06 08:40 354 --ahs---- C:\WINDOWS\system32\rxnejpuu.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 09:45 --------- d-----w C:\Documents and Settings\travel\Application Data\BitTorrent
2008-02-29 15:50 --------- d-----w C:\Program Files\BitTorrent
2008-02-29 06:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-25 06:21 --------- d-----w C:\Program Files\QuickTime
2008-02-22 07:30 --------- d-----w C:\Program Files\SymNetDrv
2008-02-22 07:30 --------- d-----w C:\Program Files\ESPNRunTime
2008-02-22 07:30 --------- d-----w C:\Program Files\DIGStream
2008-02-22 06:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2008-02-22 06:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-14 05:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-08 15:40 --------- d-----w C:\Program Files\Mapedit
2008-02-08 06:10 --------- d-----w C:\Program Files\ESPN
2008-02-07 16:27 --------- d-----w C:\Program Files\Symantec
2008-02-07 09:43 --------- d-----w C:\Program Files\AIM6
2008-02-06 05:37 --------- d-----w C:\Program Files\Viewpoint
2008-02-06 05:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-03 02:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-03 02:21 --------- d-----w C:\Documents and Settings\travel\Application Data\acccore
2008-02-03 02:12 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-03 02:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-01 06:29 --------- d-----w C:\Program Files\AIM
2008-01-30 06:14 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2008-01-27 19:56 --------- d-----w C:\Program Files\Pure Networks
2008-01-27 18:51 --------- d-----w C:\Program Files\WhiskeyMilitia
2008-01-27 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-27 09:25 --------- d-----w C:\Program Files\Lavasoft
2008-01-27 09:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-27 09:04 381,952 ----a-w C:\WINDOWS\mrofinu72.exe.tmp
2008-01-17 05:43 --------- d-----w C:\Program Files\Google
.
<pre>
----a-w		 1,732,608 2008-02-22 06:48:49  C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray .exe
----a-w			67,112 2008-01-31 16:34:28  C:\Program Files\AIM\aim .exe
----a-w			50,528 2008-02-07 09:45:49  C:\Program Files\AIM6\aim6 .exe
----a-w		   976,472 2008-02-27 04:10:15  C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater .exe
----a-w			78,960 2008-02-02 16:03:16  C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler .exe
----a-w			50,688 2008-02-22 06:48:56  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind .exe
----a-w			58,488 2008-02-22 06:48:35  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w			32,768 2008-02-22 06:48:43  C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w		   282,624 2008-02-22 06:48:49  C:\Program Files\DIGStream\digstream .exe
----a-w		   287,040 2008-03-04 07:30:56  C:\Program Files\DNA\btdna  .exe
----a-w		   287,040 2008-03-04 07:47:41  C:\Program Files\DNA\btdna .exe
----a-w		   101,888 2008-02-22 06:48:54  C:\Program Files\ESPNRunTime\DIGServices .exe
----a-w		   171,448 2008-01-27 20:00:23  C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
----a-w		   454,784 2008-01-30 06:16:25  C:\Program Files\Linksys EasyLink Advisor\LinksysAgent .exe
----a-w		   605,904 2008-03-04 07:11:36  C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe
----a-w		   653,824 2008-02-05 17:00:14  C:\Program Files\QuickTime\qttask							 .exe
----a-w		   653,824 2008-02-05 16:46:21  C:\Program Files\QuickTime\qttask							.exe
----a-w		   653,824 2008-02-05 16:30:08  C:\Program Files\QuickTime\qttask						   .exe
----a-w		   653,824 2008-02-05 07:45:24  C:\Program Files\QuickTime\qttask						  .exe
----a-w		   653,824 2008-02-05 03:46:30  C:\Program Files\QuickTime\qttask						 .exe
----a-w		   653,824 2008-02-04 08:28:55  C:\Program Files\QuickTime\qttask						.exe
----a-w		   653,824 2008-02-04 07:09:47  C:\Program Files\QuickTime\qttask					   .exe
----a-w		   653,824 2008-02-03 18:01:29  C:\Program Files\QuickTime\qttask					  .exe
----a-w		   653,824 2008-02-03 01:52:02  C:\Program Files\QuickTime\qttask					 .exe
----a-w		   653,824 2008-02-02 19:36:01  C:\Program Files\QuickTime\qttask					.exe
----a-w		   653,824 2008-02-02 18:06:11  C:\Program Files\QuickTime\qttask				   .exe
----a-w		   653,824 2008-02-02 16:02:52  C:\Program Files\QuickTime\qttask				  .exe
----a-w		   653,824 2008-02-02 09:00:11  C:\Program Files\QuickTime\qttask				 .exe
----a-w		   653,824 2008-02-02 05:17:00  C:\Program Files\QuickTime\qttask				.exe
----a-w		   653,824 2008-02-01 16:53:47  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   653,824 2008-02-01 06:41:35  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   653,824 2008-02-01 06:34:01  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   653,824 2008-01-31 16:33:46  C:\Program Files\QuickTime\qttask			.exe
----a-w		   653,824 2008-01-31 04:24:50  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   653,824 2008-01-30 15:33:18  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   653,824 2008-01-30 06:48:00  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   653,824 2008-01-30 06:15:10  C:\Program Files\QuickTime\qttask		.exe
----a-w		   653,824 2008-01-29 16:36:06  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   653,824 2008-01-29 05:11:03  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   653,824 2008-01-28 16:27:36  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   653,824 2008-01-28 03:57:29  C:\Program Files\QuickTime\qttask	.exe
----a-w		   653,824 2008-01-27 19:58:39  C:\Program Files\QuickTime\qttask   .exe
----a-w		   282,624 2008-02-18 04:15:40  C:\Program Files\QuickTime\qttask  .exe
----a-w		   282,624 2008-02-18 19:44:40  C:\Program Files\QuickTime\qttask .exe
----a-w		 2,097,488 2008-02-22 06:41:53  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w		   100,056 2008-02-22 06:48:44  C:\Program Files\SymNetDrv\SNDMon .exe
----a-w		   684,032 2008-02-02 18:06:33  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w		   102,400 2008-02-22 06:48:37  C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w		   212,992 2008-01-30 15:33:47  C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w			15,360 2008-03-04 07:07:56  C:\WINDOWS\system32\ctfmon .exe
----a-w		   118,784 2008-02-05 17:00:37  C:\WINDOWS\system32\hkcmd .exe
----a-w		   155,648 2008-02-01 16:54:21  C:\WINDOWS\system32\igfxtray .exe
----a-w		   388,608 2008-02-29 05:08:53  C:\WINDOWS\system32\kmd .exe
----a-w		   155,648 2008-02-22 06:48:37  C:\WINDOWS\system32\NeroCheck .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CA63094-17F5-4415-A148-B60862A4F4B3}]
C:\WINDOWS\system32\mljjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8b2e006b-8b74-460d-ac66-699d79372b83}]
2008-03-03 23:47 95296 --a------ C:\WINDOWS\system32\mbmccuco.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5FA9D25-FBF7-4117-BC9E-6A736F39EAC0}]
2008-03-03 23:39 336896 --a------ C:\WINDOWS\system32\pmkjh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBACF499-9A74-43C7-ABC7-A049704E5DC0}]
C:\WINDOWS\system32\vtutu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe" [ ]
"BitTorrent DNA"="C:\Program Files\DNA\btdna .exe" [2008-03-03 23:50 287040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [ ]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [ ]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [ ]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ]
"BM37f8b51b"="C:\WINDOWS\system32\ehblatlf.dll" [2008-03-03 23:43 91712]
"34cb8687"="C:\WINDOWS\system32\bqjhyvam.dll" [2008-03-03 23:44 93248]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-19 14:12:05 110592]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-19 14:12:05 110592]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\pmkjh.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmkjh

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\DNA\\btdna .exe"=


.
Contents of the 'Scheduled Tasks' folder
"2005-03-19 11:49:40 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-12-29 05:22:52 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - travel.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-03-04 06:48:32 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 23:39:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\pmkjh.dll
-> C:\WINDOWS\system32\ehblatlf.dll
-> C:\WINDOWS\system32\bqjhyvam.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DNA\btdna.exe
.
**************************************************************************
.
Completion time: 2008-03-03 23:52:18 - machine was rebooted [travel]
ComboFix-quarantined-files.txt 2008-03-04 07:52:02
.
2008-02-23 16:57:34 --- E O F ---


finally ran okay. here's the combo log
ComboFix 08-03-04.2 - travel 2008-03-03 23:29:34.11 - NTFSx86
Running from: C:\Documents and Settings\travel\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM37f8b51b.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bfkdghdf.dll
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\dkrfxafh.dll
C:\WINDOWS\system32\dsxtrrys.dll
C:\WINDOWS\system32\ffrscieu.dll
C:\WINDOWS\system32\gdcynxwb.dll
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjlgygyn.dll
C:\WINDOWS\system32\hviicocy.dll
C:\WINDOWS\system32\oxkwcoix.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.exe
C:\WINDOWS\system32\qarxwbgi.dll
C:\WINDOWS\system32\shpvkpic.dll
C:\WINDOWS\system32\ukaiorky.dll
C:\WINDOWS\system32\vhflngcu.dll
C:\WINDOWS\system32\vtutu.exe
C:\WINDOWS\system32\vujinlaf.dll
C:\WINDOWS\system32\wawjfrnd.dll
C:\WINDOWS\system32\xfasdwhf.dll
.
---- Previous Run -------
.
C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dwrefqil.dll
C:\WINDOWS\system32\ehhkj.ini
C:\WINDOWS\system32\ehhkj.ini2
C:\WINDOWS\system32\eilunujk.ini
C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\jhfesiid.dll
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\jkhhe.exe
C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\jkkli.exe
C:\WINDOWS\system32\kjunulie.dll
C:\WINDOWS\system32\nuyiajaj.dll
C:\WINDOWS\system32\vyptdpsv.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.

2008-03-03 22:08 . 2008-03-03 22:08 <DIR> d-------- C:\Documents and Settings\travel\Application Data\Malwarebytes
2008-03-03 22:07 . 2008-03-03 23:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-03 22:07 . 2008-03-03 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-02 07:40 . 2008-03-02 07:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-02 07:40 . 2008-03-02 07:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-01 08:49 . 2008-03-02 07:21 1,614 ---hs---- C:\WINDOWS\system32\xexumryl.ini
2008-02-29 07:50 . 2008-03-03 23:40 <DIR> d-------- C:\Program Files\DNA
2008-02-29 07:50 . 2008-03-03 01:45 <DIR> d-------- C:\Documents and Settings\travel\Application Data\DNA
2008-02-29 07:31 . 2008-03-01 08:43 1,374 ---hs---- C:\WINDOWS\system32\vxloevnn.ini
2008-02-28 21:28 . 2008-02-29 07:27 654 ---hs---- C:\WINDOWS\system32\xnuqxnnd.ini
2008-02-26 21:25 . 2008-02-27 21:11 1,554 --ahs---- C:\WINDOWS\system32\reowtopy.ini
2008-02-24 22:35 . 2008-02-28 21:08 388,608 --a------ C:\WINDOWS\system32\kmd .exe
2008-02-23 00:18 . 2008-02-24 02:34 834 --ahs---- C:\WINDOWS\system32\nxwtmmbl.ini
2008-02-20 21:18 . 2008-02-20 21:18 344,064 --a------ C:\WINDOWS\system32\RCX51C.tmp
2008-02-19 22:47 . 2008-02-19 22:47 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-18 20:18 . 2008-02-19 20:06 4,074 --ahs---- C:\WINDOWS\system32\pxomdbtx.ini
2008-02-17 20:20 . 2008-02-18 20:15 3,054 --ahs---- C:\WINDOWS\system32\tqqxraak.ini
2008-02-16 10:06 . 2008-02-17 20:16 1,794 --ahs---- C:\WINDOWS\system32\stfilvdh.ini
2008-02-14 21:31 . 2008-02-28 22:51 299 --a------ C:\WINDOWS\wininit.ini
2008-02-13 22:20 . 2008-02-19 08:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-13 21:47 . 2008-02-14 21:53 1,194 --ahs---- C:\WINDOWS\system32\wryrrakw.ini
2008-02-13 21:44 . 2008-02-13 21:44 534 --ahs---- C:\WINDOWS\system32\lfdhsjca.ini
2008-02-13 20:44 . 2008-02-13 21:29 474 --ahs---- C:\WINDOWS\system32\wtnqumff.ini
2008-02-13 20:41 . 2008-02-13 20:41 294 --ahs---- C:\WINDOWS\system32\iacwuvci.ini
2008-02-12 01:02 . 2008-02-12 01:02 294 --ahs---- C:\WINDOWS\system32\twsilgth.ini
2008-02-11 01:08 . 2008-02-11 01:08 294 --ahs---- C:\WINDOWS\system32\wbjnnnhm.ini
2008-02-10 01:05 . 2008-02-10 02:01 2,154 --ahs---- C:\WINDOWS\system32\tjjibaiu.ini
2008-02-10 01:02 . 2008-02-10 01:02 1,914 --ahs---- C:\WINDOWS\system32\hjfmoggw.ini
2008-02-08 08:46 . 2008-02-10 00:58 1,854 --ahs---- C:\WINDOWS\system32\qsfdusgw.ini
2008-02-08 08:44 . 2008-02-08 08:44 1,734 --ahs---- C:\WINDOWS\system32\axvnarno.ini
2008-02-07 08:49 . 2008-02-08 07:36 1,674 --ahs---- C:\WINDOWS\system32\cjbkvywh.ini
2008-02-07 08:43 . 2008-02-07 08:43 1,194 --ahs---- C:\WINDOWS\system32\prpndxpx.ini
2008-02-07 00:57 . 2008-02-07 00:55 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-07 00:57 . 2008-02-07 00:57 3,449 --a------ C:\WINDOWS\unins000.dat
2008-02-06 08:41 . 2008-02-07 08:40 1,134 --ahs---- C:\WINDOWS\system32\eouuhpsr.ini
2008-02-06 08:35 . 2008-02-06 08:40 354 --ahs---- C:\WINDOWS\system32\rxnejpuu.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 09:45 --------- d-----w C:\Documents and Settings\travel\Application Data\BitTorrent
2008-02-29 15:50 --------- d-----w C:\Program Files\BitTorrent
2008-02-29 06:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-25 06:21 --------- d-----w C:\Program Files\QuickTime
2008-02-22 07:30 --------- d-----w C:\Program Files\SymNetDrv
2008-02-22 07:30 --------- d-----w C:\Program Files\ESPNRunTime
2008-02-22 07:30 --------- d-----w C:\Program Files\DIGStream
2008-02-22 06:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2008-02-22 06:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-14 05:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-08 15:40 --------- d-----w C:\Program Files\Mapedit
2008-02-08 06:10 --------- d-----w C:\Program Files\ESPN
2008-02-07 16:27 --------- d-----w C:\Program Files\Symantec
2008-02-07 09:43 --------- d-----w C:\Program Files\AIM6
2008-02-06 05:37 --------- d-----w C:\Program Files\Viewpoint
2008-02-06 05:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-03 02:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-03 02:21 --------- d-----w C:\Documents and Settings\travel\Application Data\acccore
2008-02-03 02:12 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-03 02:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-01 06:29 --------- d-----w C:\Program Files\AIM
2008-01-30 06:14 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2008-01-27 19:56 --------- d-----w C:\Program Files\Pure Networks
2008-01-27 18:51 --------- d-----w C:\Program Files\WhiskeyMilitia
2008-01-27 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-27 09:25 --------- d-----w C:\Program Files\Lavasoft
2008-01-27 09:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-27 09:04 381,952 ----a-w C:\WINDOWS\mrofinu72.exe.tmp
2008-01-17 05:43 --------- d-----w C:\Program Files\Google
.
<pre>
----a-w		 1,732,608 2008-02-22 06:48:49  C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray .exe
----a-w			67,112 2008-01-31 16:34:28  C:\Program Files\AIM\aim .exe
----a-w			50,528 2008-02-07 09:45:49  C:\Program Files\AIM6\aim6 .exe
----a-w		   976,472 2008-02-27 04:10:15  C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater .exe
----a-w			78,960 2008-02-02 16:03:16  C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler .exe
----a-w			50,688 2008-02-22 06:48:56  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind .exe
----a-w			58,488 2008-02-22 06:48:35  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w			32,768 2008-02-22 06:48:43  C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w		   282,624 2008-02-22 06:48:49  C:\Program Files\DIGStream\digstream .exe
----a-w		   287,040 2008-03-04 07:30:56  C:\Program Files\DNA\btdna  .exe
----a-w		   287,040 2008-03-04 07:47:41  C:\Program Files\DNA\btdna .exe
----a-w		   101,888 2008-02-22 06:48:54  C:\Program Files\ESPNRunTime\DIGServices .exe
----a-w		   171,448 2008-01-27 20:00:23  C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
----a-w		   454,784 2008-01-30 06:16:25  C:\Program Files\Linksys EasyLink Advisor\LinksysAgent .exe
----a-w		   605,904 2008-03-04 07:11:36  C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe
----a-w		   653,824 2008-02-05 17:00:14  C:\Program Files\QuickTime\qttask							 .exe
----a-w		   653,824 2008-02-05 16:46:21  C:\Program Files\QuickTime\qttask							.exe
----a-w		   653,824 2008-02-05 16:30:08  C:\Program Files\QuickTime\qttask						   .exe
----a-w		   653,824 2008-02-05 07:45:24  C:\Program Files\QuickTime\qttask						  .exe
----a-w		   653,824 2008-02-05 03:46:30  C:\Program Files\QuickTime\qttask						 .exe
----a-w		   653,824 2008-02-04 08:28:55  C:\Program Files\QuickTime\qttask						.exe
----a-w		   653,824 2008-02-04 07:09:47  C:\Program Files\QuickTime\qttask					   .exe
----a-w		   653,824 2008-02-03 18:01:29  C:\Program Files\QuickTime\qttask					  .exe
----a-w		   653,824 2008-02-03 01:52:02  C:\Program Files\QuickTime\qttask					 .exe
----a-w		   653,824 2008-02-02 19:36:01  C:\Program Files\QuickTime\qttask					.exe
----a-w		   653,824 2008-02-02 18:06:11  C:\Program Files\QuickTime\qttask				   .exe
----a-w		   653,824 2008-02-02 16:02:52  C:\Program Files\QuickTime\qttask				  .exe
----a-w		   653,824 2008-02-02 09:00:11  C:\Program Files\QuickTime\qttask				 .exe
----a-w		   653,824 2008-02-02 05:17:00  C:\Program Files\QuickTime\qttask				.exe
----a-w		   653,824 2008-02-01 16:53:47  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   653,824 2008-02-01 06:41:35  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   653,824 2008-02-01 06:34:01  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   653,824 2008-01-31 16:33:46  C:\Program Files\QuickTime\qttask			.exe
----a-w		   653,824 2008-01-31 04:24:50  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   653,824 2008-01-30 15:33:18  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   653,824 2008-01-30 06:48:00  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   653,824 2008-01-30 06:15:10  C:\Program Files\QuickTime\qttask		.exe
----a-w		   653,824 2008-01-29 16:36:06  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   653,824 2008-01-29 05:11:03  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   653,824 2008-01-28 16:27:36  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   653,824 2008-01-28 03:57:29  C:\Program Files\QuickTime\qttask	.exe
----a-w		   653,824 2008-01-27 19:58:39  C:\Program Files\QuickTime\qttask   .exe
----a-w		   282,624 2008-02-18 04:15:40  C:\Program Files\QuickTime\qttask  .exe
----a-w		   282,624 2008-02-18 19:44:40  C:\Program Files\QuickTime\qttask .exe
----a-w		 2,097,488 2008-02-22 06:41:53  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w		   100,056 2008-02-22 06:48:44  C:\Program Files\SymNetDrv\SNDMon .exe
----a-w		   684,032 2008-02-02 18:06:33  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w		   102,400 2008-02-22 06:48:37  C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w		   212,992 2008-01-30 15:33:47  C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w			15,360 2008-03-04 07:07:56  C:\WINDOWS\system32\ctfmon .exe
----a-w		   118,784 2008-02-05 17:00:37  C:\WINDOWS\system32\hkcmd .exe
----a-w		   155,648 2008-02-01 16:54:21  C:\WINDOWS\system32\igfxtray .exe
----a-w		   388,608 2008-02-29 05:08:53  C:\WINDOWS\system32\kmd .exe
----a-w		   155,648 2008-02-22 06:48:37  C:\WINDOWS\system32\NeroCheck .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CA63094-17F5-4415-A148-B60862A4F4B3}]
C:\WINDOWS\system32\mljjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8b2e006b-8b74-460d-ac66-699d79372b83}]
2008-03-03 23:47 95296 --a------ C:\WINDOWS\system32\mbmccuco.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5FA9D25-FBF7-4117-BC9E-6A736F39EAC0}]
2008-03-03 23:39 336896 --a------ C:\WINDOWS\system32\pmkjh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBACF499-9A74-43C7-ABC7-A049704E5DC0}]
C:\WINDOWS\system32\vtutu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe" [ ]
"BitTorrent DNA"="C:\Program Files\DNA\btdna .exe" [2008-03-03 23:50 287040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [ ]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [ ]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [ ]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ]
"BM37f8b51b"="C:\WINDOWS\system32\ehblatlf.dll" [2008-03-03 23:43 91712]
"34cb8687"="C:\WINDOWS\system32\bqjhyvam.dll" [2008-03-03 23:44 93248]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-19 14:12:05 110592]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-19 14:12:05 110592]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\pmkjh.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmkjh

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\DNA\\btdna .exe"=


.
Contents of the 'Scheduled Tasks' folder
"2005-03-19 11:49:40 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-12-29 05:22:52 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - travel.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-03-04 06:48:32 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 23:39:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\pmkjh.dll
-> C:\WINDOWS\system32\ehblatlf.dll
-> C:\WINDOWS\system32\bqjhyvam.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DNA\btdna.exe
.
**************************************************************************
.
Completion time: 2008-03-03 23:52:18 - machine was rebooted [travel]
ComboFix-quarantined-files.txt 2008-03-04 07:52:02
.
2008-02-23 16:57:34 --- E O F ---

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:26 PM

Posted 04 March 2008 - 07:31 AM

Hi,

Please uninstall Quicktime via software > add/remove programs because the file is infected and it's better to uninstall it + delete the related folder (which we will do with a script). You can reinstall it afterwards once I say everything is clean again.

After you have uninstalled Quicktime..

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\bqjhyvam.dll
C:\WINDOWS\system32\ehblatlf.dll
C:\WINDOWS\system32\pmkjh.dll
C:\Program Files\DNA\btdna .exe
C:\WINDOWS\system32\xexumryl.ini
C:\WINDOWS\system32\vxloevnn.ini
C:\WINDOWS\system32\xnuqxnnd.ini
C:\WINDOWS\system32\reowtopy.ini
C:\WINDOWS\system32\kmd .exe
C:\WINDOWS\system32\nxwtmmbl.ini
C:\WINDOWS\system32\RCX51C.tmp
C:\WINDOWS\system32\pxomdbtx.ini
C:\WINDOWS\system32\tqqxraak.ini
C:\WINDOWS\system32\stfilvdh.ini
C:\WINDOWS\wininit.ini
C:\WINDOWS\system32\wryrrakw.ini
C:\WINDOWS\system32\lfdhsjca.ini
C:\WINDOWS\system32\wtnqumff.ini
C:\WINDOWS\system32\iacwuvci.ini
C:\WINDOWS\system32\twsilgth.ini
C:\WINDOWS\system32\wbjnnnhm.ini
C:\WINDOWS\system32\tjjibaiu.ini
C:\WINDOWS\system32\hjfmoggw.ini
C:\WINDOWS\system32\qsfdusgw.ini
C:\WINDOWS\system32\axvnarno.ini
C:\WINDOWS\system32\cjbkvywh.ini
C:\WINDOWS\system32\prpndxpx.ini
C:\WINDOWS\system32\eouuhpsr.ini
C:\WINDOWS\system32\rxnejpuu.ini
C:\WINDOWS\mrofinu72.exe.tmp
Folder::
C:\Program Files\QuickTime
RENV::
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray .exe
C:\Program Files\AIM\aim .exe
C:\Program Files\AIM6\aim6 .exe
C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater .exe
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler .exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
C:\Program Files\DIGStream\digstream .exe
C:\Program Files\DNA\btdna .exe
C:\Program Files\ESPNRunTime\DIGServices .exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent .exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\SymNetDrv\SNDMon .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
C:\WINDOWS\SMINST\RECGUARD .EXE
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\kmd .exe
C:\WINDOWS\system32\NeroCheck .exe
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CA63094-17F5-4415-A148-B60862A4F4B3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8b2e006b-8b74-460d-ac66-699d79372b83}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5FA9D25-FBF7-4117-BC9E-6A736F39EAC0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBACF499-9A74-43C7-ABC7-A049704E5DC0}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"BM37f8b51b"=-
"34cb8687"=-
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=""


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 bleepingninja

bleepingninja
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 04 March 2008 - 11:53 PM

quicktime uninstalled...

ComboFix 08-03-04.2 - travel 2008-03-04 20:24:02.12 - NTFSx86
Running from: C:\Documents and Settings\travel\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\travel\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Program Files\DNA\btdna .exe
C:\WINDOWS\mrofinu72.exe.tmp
C:\WINDOWS\system32\axvnarno.ini
C:\WINDOWS\system32\bqjhyvam.dll
C:\WINDOWS\system32\cjbkvywh.ini
C:\WINDOWS\system32\ehblatlf.dll
C:\WINDOWS\system32\eouuhpsr.ini
C:\WINDOWS\system32\hjfmoggw.ini
C:\WINDOWS\system32\iacwuvci.ini
C:\WINDOWS\system32\kmd .exe
C:\WINDOWS\system32\lfdhsjca.ini
C:\WINDOWS\system32\nxwtmmbl.ini
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\prpndxpx.ini
C:\WINDOWS\system32\pxomdbtx.ini
C:\WINDOWS\system32\qsfdusgw.ini
C:\WINDOWS\system32\RCX51C.tmp
C:\WINDOWS\system32\reowtopy.ini
C:\WINDOWS\system32\rxnejpuu.ini
C:\WINDOWS\system32\stfilvdh.ini
C:\WINDOWS\system32\tjjibaiu.ini
C:\WINDOWS\system32\tqqxraak.ini
C:\WINDOWS\system32\twsilgth.ini
C:\WINDOWS\system32\vxloevnn.ini
C:\WINDOWS\system32\wbjnnnhm.ini
C:\WINDOWS\system32\wryrrakw.ini
C:\WINDOWS\system32\wtnqumff.ini
C:\WINDOWS\system32\xexumryl.ini
C:\WINDOWS\system32\xnuqxnnd.ini
C:\WINDOWS\wininit.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\SYMNET~1\SNDMon.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\DNA\btdna .exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\QuickTime
C:\Program Files\QuickTime\Plugins\nsIQTScriptablePlugin.xpt
C:\Program Files\QuickTime\QTComponents\FLV.qtx
C:\Program Files\QuickTime\QTComponents\MMxptResources.dll
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\mrofinu72.exe.tmp
C:\WINDOWS\pskt.ini
C:\WINDOWS\SMINST\RECGUARD.EXE
C:\WINDOWS\system32\axvnarno.ini
C:\WINDOWS\system32\bqjhyvam.dll
C:\WINDOWS\system32\cjbkvywh.ini
C:\WINDOWS\system32\ehblatlf.dll
C:\WINDOWS\system32\eouuhpsr.ini
C:\WINDOWS\system32\hjfmoggw.ini
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\iacwuvci.ini
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\lfdhsjca.ini
C:\WINDOWS\system32\mbmccuco.dll
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\nxwtmmbl.ini
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.exe
C:\WINDOWS\system32\prpndxpx.ini
C:\WINDOWS\system32\pxomdbtx.ini
C:\WINDOWS\system32\qsfdusgw.ini
C:\WINDOWS\system32\RCX51C.tmp
C:\WINDOWS\system32\reowtopy.ini
C:\WINDOWS\system32\rxnejpuu.ini
C:\WINDOWS\system32\stfilvdh.ini
C:\WINDOWS\system32\tjjibaiu.ini
C:\WINDOWS\system32\tqqxraak.ini
C:\WINDOWS\system32\twsilgth.ini
C:\WINDOWS\system32\vxloevnn.ini
C:\WINDOWS\system32\wbjnnnhm.ini
C:\WINDOWS\system32\wryrrakw.ini
C:\WINDOWS\system32\wtnqumff.ini
C:\WINDOWS\system32\xexumryl.ini
C:\WINDOWS\system32\xnuqxnnd.ini
C:\WINDOWS\wininit.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.

2008-03-04 20:03 . 2008-03-04 20:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 20:03 . 2008-03-04 20:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-03 23:44 . 2008-03-04 20:24 834 ---hs---- C:\WINDOWS\system32\mavyhjqb.ini
2008-03-03 22:08 . 2008-03-03 22:08 <DIR> d-------- C:\Documents and Settings\travel\Application Data\Malwarebytes
2008-03-03 22:07 . 2008-03-04 20:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-03 22:07 . 2008-03-03 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-29 07:50 . 2008-03-04 20:46 <DIR> d-------- C:\Program Files\DNA
2008-02-29 07:50 . 2008-03-03 01:45 <DIR> d-------- C:\Documents and Settings\travel\Application Data\DNA
2008-02-19 22:47 . 2008-02-19 22:47 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-13 22:20 . 2008-02-19 08:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-07 00:57 . 2008-02-07 00:55 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-07 00:57 . 2008-02-07 00:57 3,449 --a------ C:\WINDOWS\unins000.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 04:39 --------- d-----w C:\Program Files\SymNetDrv
2008-03-05 04:39 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2008-03-05 04:39 --------- d-----w C:\Program Files\ESPNRunTime
2008-03-05 04:39 --------- d-----w C:\Program Files\DIGStream
2008-03-05 04:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-05 04:39 --------- d-----w C:\Program Files\AIM6
2008-03-05 04:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-05 04:23 --------- d-----w C:\Program Files\AIM
2008-03-05 04:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 09:52 --------- d-----w C:\Documents and Settings\travel\Application Data\BitTorrent
2008-02-29 15:50 --------- d-----w C:\Program Files\BitTorrent
2008-02-22 06:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2008-02-14 05:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-08 15:40 --------- d-----w C:\Program Files\Mapedit
2008-02-08 06:10 --------- d-----w C:\Program Files\ESPN
2008-02-07 16:27 --------- d-----w C:\Program Files\Symantec
2008-02-06 05:37 --------- d-----w C:\Program Files\Viewpoint
2008-02-06 05:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-03 02:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-03 02:21 --------- d-----w C:\Documents and Settings\travel\Application Data\acccore
2008-02-03 02:12 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-03 02:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-27 19:56 --------- d-----w C:\Program Files\Pure Networks
2008-01-27 18:51 --------- d-----w C:\Program Files\WhiskeyMilitia
2008-01-27 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-27 09:25 --------- d-----w C:\Program Files\Lavasoft
2008-01-27 09:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-17 05:43 --------- d-----w C:\Program Files\Google
.
<pre>
----a-w		   287,040 2008-03-05 03:41:19  C:\Program Files\DNA\btdna  .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-03 23:07 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [ ]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [ ]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [ ]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [ ]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-19 14:12:05 110592]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-19 14:12:05 110592]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2005-03-19 11:49:40 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-12-29 05:22:52 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - travel.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-03-04 06:48:32 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 20:46:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-04 20:51:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-05 04:51:09
ComboFix2.txt 2008-03-04 07:52:20
.
2008-02-23 16:57:34 --- E O F ---

#14 bleepingninja

bleepingninja
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 04 March 2008 - 11:54 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:51 PM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim .exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O24 - Desktop Component 0: (no name) - http://reebok.zugara.com/RBK_music/wallpap...wallpapers1.jpg
O24 - Desktop Component 1: (no name) - http://www.jtuned.com/media/gallery/papers...lpaper/1280.jpg
O24 - Desktop Component 2: (no name) - http://mail.google.com/mail/?attid=0.4&...182f9547b6b79fc

--
End of file - 8744 bytes


my aim.exe can't be found now. did it get deleted?

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:26 PM

Posted 05 March 2008 - 02:14 AM

Hi,

Yes, your AIM was indeed infected, as well as some other programs.
Unfortunately, they couldn't get replaced with a clean copy as I see here.. so this means you need to reinstall a lot of programs again.

Your Bittorrent DNA got infected as well, so we'll need to delete that one as well.

I'll tell you afterwards what programs you need to reinstall.

But first, * Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\mavyhjqb.ini
C:\Program Files\DNA\btdna .exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"=-
"swg"=-
"Aim6"=-
"AdobeUpdater"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"=-
"ccApp"=-
"IgfxTray"=-
"HotKeysCmds"=-
"AOL Spyware Protection"=-
"NeroFilterCheck"=-
"SynTPLpr"=-
"SynTPEnh"=-
"RemoteControl"=-
"Symantec NetDriver Monitor"=-
"AdobeVersionCue"=-
"DIGStream"=-
"DIGServices"=-
"Microsoft Works Update Detection"=-


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users