Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log, Please Examine For Problems


  • Please log in to reply
8 replies to this topic

#1 cody10

cody10

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 23 February 2008 - 10:12 PM

Hi. My computer has recently started crashing and having various problems running programs. I ran hijack this and created a log file for examination. thank you for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:17 PM, on 2/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLHostManager.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLServiceHost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLServiceHost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLServiceHost.exe
C:\Documents and Settings\cody\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1131734091\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [hcsystray] "C:\Program Files\Kuma Games\hcsystray\hc_tray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [j9221830] rundll32 C:\WINDOWS\system32\j9221830.dll sook
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BMebe2ed7a] Rundll32.exe "C:\WINDOWS\system32\hdfqavsl.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122232897781
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11427 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:06 PM

Posted 06 March 2008 - 03:12 PM

Hello cody10,

Welcome to Bleeping Computer :thumbsup:

Sorry about the delay.:blink: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 cody10

cody10
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 08 March 2008 - 01:09 AM

Hello Tea. Thank you for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:40 AM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLHostManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLServiceHost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLServiceHost.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLServiceHost.exe
C:\Documents and Settings\cody\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} - (no file)
O2 - BHO: (no name) - {4B108EFC-B584-4635-90EB-F148372CEB08} - (no file)
O2 - BHO: (no name) - {6223CFBF-D813-4993-8B14-4EF714162F0C} - (no file)
O2 - BHO: (no name) - {62FF6675-8F6C-4CDC-9481-D15C33F057B5} - (no file)
O2 - BHO: (no name) - {6EEB9D52-29B6-4463-806E-00F7619885AC} - (no file)
O2 - BHO: (no name) - {820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04} - (no file)
O2 - BHO: (no name) - {8963C3D0-92A9-4B89-8F31-BE9AC9145831} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\jfxpcebz.dll (file missing)
O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - (no file)
O2 - BHO: (no name) - {E7269154-FA75-4380-BA68-D5D3A7D3E42B} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1131734091\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [hcsystray] "C:\Program Files\Kuma Games\hcsystray\hc_tray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [j9221830] rundll32 C:\WINDOWS\system32\j9221830.dll sook
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BMebe2ed7a] Rundll32.exe "C:\WINDOWS\system32\hdfqavsl.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122232897781
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: fccyvvw - fccyvvw.dll (file missing)
O20 - Winlogon Notify: gebywvt - gebywvt.dll (file missing)
O20 - Winlogon Notify: jfxpcebz - jfxpcebz.dll (file missing)
O20 - Winlogon Notify: jkkjj - C:\WINDOWS\
O20 - Winlogon Notify: pmnlj - C:\WINDOWS\
O20 - Winlogon Notify: pmnlmml - pmnlmml.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12788 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:06 PM

Posted 08 March 2008 - 11:21 AM

Hello,

Is your Norton up to date?

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 cody10

cody10
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 08 March 2008 - 06:12 PM

ComboFix 08-03-07.4 - cody 2008-03-08 17:55:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.481 [GMT -5:00]
Running from: C:\Documents and Settings\cody\My Documents\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\cody\Application Data\ASEMBL~1
C:\Documents and Settings\cody\Application Data\CROSOF~1.NET
C:\Documents and Settings\cody\Application Data\ICROSO~1
C:\Documents and Settings\cody\Application Data\PPPATC~1
C:\Documents and Settings\cody\Application Data\SKS~1
C:\Documents and Settings\cody\Application Data\TSKS~1
C:\Documents and Settings\cody\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\cody\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Documents and Settings\cody\Application Data\WNSXS~1
C:\Documents and Settings\cody\My Documents\APPATC~1
C:\Documents and Settings\cody\My Documents\ASEMBL~1
C:\Documents and Settings\cody\My Documents\ASKS~1
C:\Documents and Settings\cody\My Documents\CROSOF~1.NET
C:\Documents and Settings\cody\My Documents\CURITY~1
C:\Documents and Settings\cody\My Documents\DOBE~1
C:\Documents and Settings\cody\My Documents\ECURIT~1
C:\Documents and Settings\cody\My Documents\FNTS~1
C:\Documents and Settings\cody\My Documents\FNTS~2
C:\Documents and Settings\cody\My Documents\RACLE~1
C:\Documents and Settings\cody\My Documents\SSTEM3~1
C:\Documents and Settings\cody\My Documents\STEM32~1
C:\Documents and Settings\cody\My Documents\WNSXS~1
C:\Documents and Settings\cody\My Documents\YSTEM~1
C:\Documents and Settings\cody\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\cody\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\appatc~1
C:\Program Files\Common Files\appatc~1
C:\Program Files\Common Files\asembl~1
C:\Program Files\Common Files\crosof~1
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\icroso~1.net
C:\Program Files\Common Files\ppatch~1
C:\Program Files\Common Files\pppatc~1
C:\Program Files\Common Files\racle~1
C:\Program Files\Common Files\racle~2
C:\Program Files\Common Files\scurit~1
C:\Program Files\Common Files\sks~1
C:\Program Files\Common Files\sks~2
C:\Program Files\Common Files\sstem3~1
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\ymbols~1
C:\Program Files\Common Files\ystem~1
C:\Program Files\fnts~1
C:\Program Files\icroso~1
C:\Program Files\icroso~1.net
C:\Program Files\ISM
C:\Program Files\ISM\targets.gz
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\kernel
C:\Program Files\mantec~1
C:\Program Files\mcroso~1.net
C:\Program Files\pppatc~1
C:\Program Files\racle~1
C:\Program Files\racle~2
C:\Program Files\scurit~1
C:\Program Files\ssembl~1
C:\Program Files\stem~1
C:\Program Files\Temporary
C:\Program Files\ystem3~1
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\abW9
C:\Temp\abW9\tPho.log
C:\temp\brr
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\asembl~1
C:\WINDOWS\BMebe2ed7a.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1.net
C:\WINDOWS\curity~1
C:\WINDOWS\dobe~1
C:\WINDOWS\ecurit~1
C:\WINDOWS\fnts~1
C:\WINDOWS\icroso~1.net
C:\WINDOWS\mbols~1
C:\WINDOWS\mcroso~1
C:\WINDOWS\mcroso~1.net
C:\WINDOWS\ppatch~1
C:\WINDOWS\pppatc~1
C:\WINDOWS\pskt.ini
C:\WINDOWS\sembly~1
C:\WINDOWS\sks~1
C:\WINDOWS\sks~1\??sks\
C:\WINDOWS\ssembl~1
C:\WINDOWS\sstem~1
C:\WINDOWS\stem32~1
C:\WINDOWS\system32\A1
C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\aqeassbo.dll
C:\WINDOWS\system32\aqtuarpl.ini
C:\WINDOWS\system32\asrqaner.ini
C:\WINDOWS\system32\atfjfktu.ini
C:\WINDOWS\system32\atkvqkws.dll
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\aybeg.bak1
C:\WINDOWS\system32\aybeg.ini
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\bbmpgrly.dll
C:\WINDOWS\system32\bbogsdlf.dll
C:\WINDOWS\system32\bcvssfdu.dll
C:\WINDOWS\system32\bdgocccg.ini
C:\WINDOWS\system32\bdkrrepp.ini
C:\WINDOWS\system32\biotiasj.dll
C:\WINDOWS\system32\bkgqymod.ini
C:\WINDOWS\system32\bmfatavx.dll
C:\WINDOWS\system32\bmwemxsk.ini
C:\WINDOWS\system32\bttgxkxe.dll
C:\WINDOWS\system32\buktikuy.dll
C:\WINDOWS\system32\bwrtmacy.ini
C:\WINDOWS\system32\ccmauvbk.dll
C:\WINDOWS\system32\ceqpndpa.dll
C:\WINDOWS\system32\cketjkvv.dll
C:\WINDOWS\system32\cqbdwjoo.ini
C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\crosof~1.net
C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\dnuyrvwf.dll
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\dobe~2
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\dsilobrv.dll
C:\WINDOWS\system32\dvvjmrjt.dll
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\ehkmp.bak1
C:\WINDOWS\system32\ehkmp.bak2
C:\WINDOWS\system32\ehkmp.ini
C:\WINDOWS\system32\eiyryrep.dll
C:\WINDOWS\system32\ejtevagj.ini
C:\WINDOWS\system32\etckeqps.dll
C:\WINDOWS\system32\etwjyhmn.dll
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\fawcgicl.dll
C:\WINDOWS\system32\fdvdsckx.ini
C:\WINDOWS\system32\fgrpvxyr.dll
C:\WINDOWS\system32\fmyjfiyg.dll
C:\WINDOWS\system32\fsghatcx.dll
C:\WINDOWS\system32\fyoccqpf.dll
C:\WINDOWS\system32\gajihmfx.dll
C:\WINDOWS\system32\gbtudqcr.ini
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\gebyw.dll
C:\WINDOWS\system32\geksraqq.ini
C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gixkuopr.ini
C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gqbxnnvo.ini
C:\WINDOWS\system32\H2
C:\WINDOWS\system32\hdfqavsl.dll
C:\WINDOWS\system32\hdxgyryr.dll
C:\WINDOWS\system32\honmibsk.ini
C:\WINDOWS\system32\icroso~1.net
C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\ikiqdnxk.ini
C:\WINDOWS\system32\ilhungsb.dll
C:\WINDOWS\system32\isqvspyd.dll
C:\WINDOWS\system32\ivnyjvlu.ini
C:\WINDOWS\system32\jibhmbkb.dll
C:\WINDOWS\system32\jjtqdcps.dll
C:\WINDOWS\system32\jjujbyuw.ini
C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\jkhgibja.ini
C:\WINDOWS\system32\jqheyxte.dll
C:\WINDOWS\system32\jqrgdcwf.ini
C:\WINDOWS\system32\jqutbudu.dll
C:\WINDOWS\system32\jtxnmxvb.dll
C:\WINDOWS\system32\jvrcphvk.dll
C:\WINDOWS\system32\klnmp.bak1
C:\WINDOWS\system32\klnmp.bak2
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\krvbeata.ini
C:\WINDOWS\system32\ksbimnoh.dll
C:\WINDOWS\system32\ksxmewmb.dll
C:\WINDOWS\system32\kvebiqcs.dll
C:\WINDOWS\system32\kvqrupuu.ini
C:\WINDOWS\system32\kxndqiki.dll
C:\WINDOWS\system32\ldqaadqa.dll
C:\WINDOWS\system32\lessnsrk.dll
C:\WINDOWS\system32\llkwitaq.dll
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\lpfyaqtv.dll
C:\WINDOWS\system32\lprautqa.dll
C:\WINDOWS\system32\lvuqrjoc.dll
C:\WINDOWS\system32\lxnwfith.dll
C:\WINDOWS\system32\lxosiqlm.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mcroso~1.net
C:\WINDOWS\system32\mfmueklu.ini
C:\WINDOWS\system32\mfsbosav.dll
C:\WINDOWS\system32\mhrjiuev.dll
C:\WINDOWS\system32\mjlwsqbl.dll
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\mopgfjge.dll
C:\WINDOWS\system32\mvyfbgbc.dll
C:\WINDOWS\system32\mwrpoern.ini
C:\WINDOWS\system32\mynffiat.dll
C:\WINDOWS\system32\nevlninr.ini
C:\WINDOWS\system32\nmhyjwte.ini
C:\WINDOWS\system32\npqss.bak1
C:\WINDOWS\system32\npqss.bak2
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini2
C:\WINDOWS\system32\npqss.tmp
C:\WINDOWS\system32\ntmhxftr.dll
C:\WINDOWS\system32\onnmp.bak1
C:\WINDOWS\system32\onnmp.bak2
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\oojwdbqc.dll
C:\WINDOWS\system32\oqmsqijd.dll
C:\WINDOWS\system32\orhmcmpq.ini
C:\WINDOWS\system32\ouajmqed.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pfvoedkl.dll
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\prmkguco.ini
C:\WINDOWS\system32\puronsqb.dll
C:\WINDOWS\system32\Q2
C:\WINDOWS\system32\qakshqnc.dll
C:\WINDOWS\system32\qatiwkll.ini
C:\WINDOWS\system32\qaxhekol.dll
C:\WINDOWS\system32\qjfqmjrq.dll
C:\WINDOWS\system32\qmklaokf.dll
C:\WINDOWS\system32\qomqjwoc.dll
C:\WINDOWS\system32\qpmcmhro.dll
C:\WINDOWS\system32\qptwdlha.dll
C:\WINDOWS\system32\qtutv.bak1
C:\WINDOWS\system32\qtutv.ini
C:\WINDOWS\system32\qugeumyd.dll
C:\WINDOWS\system32\qwltvrkk.dll
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\renaqrsa.dll
C:\WINDOWS\system32\rkjyfejm.ini
C:\WINDOWS\system32\rnkmecth.ini
C:\WINDOWS\system32\rocikatc.ini
C:\WINDOWS\system32\rpoukxig.dll
C:\WINDOWS\system32\ryrygxdh.ini
C:\WINDOWS\system32\sdhkwgyl.dll
C:\WINDOWS\system32\sdmfulcw.tmp
C:\WINDOWS\system32\sdmfulcw.tmp2
C:\WINDOWS\system32\sembly~1
C:\WINDOWS\system32\sjmfbtjk.dll
C:\WINDOWS\system32\slhgdsxy.dll
C:\WINDOWS\system32\sqkqgtum.dll
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\stem32~1
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\stvwa.bak2
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\stvwa.ini2
C:\WINDOWS\system32\stvwa.tmp
C:\WINDOWS\system32\sxbnaxcs.dll
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\tkyfahgd.ini
C:\WINDOWS\system32\tmfvspod.dll
C:\WINDOWS\system32\tmtkxpkb.dll
C:\WINDOWS\system32\toihhufx.ini
C:\WINDOWS\system32\tpwqcqrs.ini
C:\WINDOWS\system32\trqioeaw.dll
C:\WINDOWS\system32\twafbnve.ini
C:\WINDOWS\system32\udubtuqj.ini
C:\WINDOWS\system32\upvinyye.dll
C:\WINDOWS\system32\uypqitkc.dll
C:\WINDOWS\system32\vasobsfm.ini
C:\WINDOWS\system32\vfdwutib.dll
C:\WINDOWS\system32\vrvgqjlu.dll
C:\WINDOWS\system32\vtqayfpl.ini
C:\WINDOWS\system32\vupecrxa.dll
C:\WINDOWS\system32\vybeg.bak1
C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\wdliyhav.dll
C:\WINDOWS\system32\whsbakcs.dll
C:\WINDOWS\system32\wmwwotnj.dll
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\wuvweost.dll
C:\WINDOWS\system32\wvdwouag.dll
C:\WINDOWS\system32\wybeg.bak1
C:\WINDOWS\system32\wybeg.ini
C:\WINDOWS\system32\xbximkfs.dll
C:\WINDOWS\system32\xjkxtuad.ini
C:\WINDOWS\system32\ycreuhrh.dll
C:\WINDOWS\system32\ydtpeput.dll
C:\WINDOWS\system32\ystem3~1
C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.bak2
C:\WINDOWS\system32\yycdd.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\core


((((((((((((((((((((((((( Files Created from 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))
.

2008-03-07 20:25 . 2008-03-07 20:25 <DIR> d-------- C:\Deckard
2008-02-22 00:11 . 2008-02-24 13:13 20,612 ---hs---- C:\WINDOWS\system32\jfxpcebz.dllbox
2008-02-21 23:36 . 2008-02-21 23:36 163,904 --a------ C:\WINDOWS\system32\tjezxiot.dll.vir
2008-02-21 23:36 . 2008-02-22 00:07 23,156 ---hs---- C:\WINDOWS\system32\tjezxiot.dllbox
2008-02-21 16:33 . 2008-02-21 16:33 163,904 --a------ C:\WINDOWS\system32\tdhpcjoj.dll.vir
2008-02-21 16:33 . 2008-02-21 17:57 20,612 ---hs---- C:\WINDOWS\system32\tdhpcjoj.dllbox
2008-02-18 22:41 . 2008-02-22 13:15 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-17 23:59 . 2008-02-18 00:03 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-02-17 22:29 . 2008-02-17 22:29 294 ---hs---- C:\WINDOWS\system32\vxeeqnsg.ini
2008-02-15 19:03 . 2008-02-15 19:01 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-15 19:03 . 2008-02-15 19:03 3,444 --a------ C:\WINDOWS\unins000.dat
2008-02-15 18:23 . 2008-02-15 18:47 <DIR> d-------- C:\Program Files\Chily Registry Cleaner
2008-02-15 18:14 . 2008-02-15 18:19 <DIR> d-------- C:\Program Files\Fix Registry Errors
2008-02-14 23:59 . 2008-02-17 15:30 <DIR> d-------- C:\Program Files\ErrorSweeper
2008-02-14 23:59 . 2008-02-14 23:59 <DIR> d-------- C:\Documents and Settings\cody\Application Data\ErrorSweeper
2008-02-14 23:40 . 2008-02-15 18:04 <DIR> d-------- C:\Program Files\RegistryFix
2008-02-14 09:11 . 2008-02-18 22:31 20,612 ---hs---- C:\WINDOWS\system32\qbyipgie.dllbox
2008-02-14 09:10 . 2008-02-14 09:10 163,904 --a------ C:\WINDOWS\system32\qbyipgie.dll.vir
2008-02-10 12:04 . 2008-02-10 12:07 179,664 ---hs---- C:\WINDOWS\system32\jjkkj.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 05:12 --------- d-----w C:\Program Files\Kuma Games
2008-02-21 22:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-19 03:53 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 03:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 03:03 --------- d-----w C:\Program Files\Verizon Wireless
2008-01-16 03:01 --------- d-----w C:\Documents and Settings\cody\Application Data\Smith Micro
2008-01-16 02:58 --------- d-----w C:\Program Files\LG Drivers
2008-01-13 03:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-07 21:47 10 ----a-w C:\Program Files\.autoreg
2008-01-07 21:30 39,936 ----a-w C:\WINDOWS\mrofinu572.exe.tmp
2007-12-31 16:21 53,760 ----a-w C:\WINDOWS\b122.exe
2007-05-29 03:22 486 ----a-w C:\Program Files\Common Files\laxur
2007-04-30 15:06 142 ----a-w C:\Program Files\Common Files\prohdyg.html
2007-07-22 06:25 6,489 --sha-w C:\WINDOWS\system32\ehhkj.bak1
2007-09-20 13:15 1,979,329 --sha-w C:\WINDOWS\system32\fgjlm.bak1
2007-11-18 18:10 6,473 --sh--w C:\WINDOWS\system32\ghkmp.bak1
2007-07-17 01:58 6,369 --sha-w C:\WINDOWS\system32\hjjlm.bak1
2007-11-02 10:31 417,752 --sh--w C:\WINDOWS\system32\hjjlm.bak2
2007-11-24 16:32 6,473 --sh--w C:\WINDOWS\system32\ilnmp.bak1
2007-11-18 16:49 439,091 --sh--w C:\WINDOWS\system32\jjjlm.bak1
2007-11-29 22:22 442,224 --sh--w C:\WINDOWS\system32\jjjlm.bak2
2007-12-06 00:49 467,478 --sh--w C:\WINDOWS\system32\jjjlm.ini2
2007-11-23 03:23 6,498 --sh--w C:\WINDOWS\system32\jlkkj.bak1
2007-08-09 05:05 1,729,485 --sha-w C:\WINDOWS\system32\jlnmp.bak1
2007-08-09 05:05 1,728,924 --sha-w C:\WINDOWS\system32\jlnmp.bak2
2007-08-09 05:08 1,732,058 --sha-w C:\WINDOWS\system32\jlnmp.ini2
2007-07-24 00:38 6,471 --sha-w C:\WINDOWS\system32\kjjlm.bak1
2007-12-02 16:35 6,539 --sh--w C:\WINDOWS\system32\kjkkj.bak1
2007-07-21 21:12 6,489 --sha-w C:\WINDOWS\system32\llnmp.bak1
2007-09-19 04:56 693,484 --sha-w C:\WINDOWS\system32\mbowndss.ini2
2007-06-02 02:10 1,599,543 --sha-w C:\WINDOWS\system32\mmllm.bak2
2007-06-02 05:10 1,597,627 --sha-w C:\WINDOWS\system32\mmllm.ini2
2007-11-02 18:31 6,473 --sh--w C:\WINDOWS\system32\nmllm.bak1
2007-07-24 01:57 6,471 --sha-w C:\WINDOWS\system32\nqtss.bak1
2007-07-24 06:51 6,471 --sha-w C:\WINDOWS\system32\oqstv.bak1
2007-11-19 17:58 6,473 --sh--w C:\WINDOWS\system32\oqstv.bak2
2007-09-18 17:21 6,448 --sha-w C:\WINDOWS\system32\qpqss.bak1
2007-09-19 22:25 2,016,101 --sha-w C:\WINDOWS\system32\qpqss.bak2
2007-09-19 04:58 1,966,150 --sha-w C:\WINDOWS\system32\qpqss.ini2
2007-11-02 17:25 6,473 --sh--w C:\WINDOWS\system32\rqtwa.bak1
2007-11-13 18:50 6,473 --sh--w C:\WINDOWS\system32\utstv.bak1
2007-07-23 20:48 6,511 --sha-w C:\WINDOWS\system32\vvvwa.bak1
2007-11-02 19:30 6,473 --sh--w C:\WINDOWS\system32\xybeg.bak1
2005-07-29 21:24 472 --sha-r C:\WINDOWS\Y29keQ\sZ64yk.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2007-09-20 13:22 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8963C3D0-92A9-4B89-8F31-BE9AC9145831}]
C:\WINDOWS\system32\ssqpn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2007-09-20 13:22 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 14:08 67160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 22:00 344064]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26 606208]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 08:04 53248]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.exe" [2003-07-08 03:00 99840]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27 85696]
"HostManager"="C:\Program Files\Common Files\AOL\1131734091\ee\AOLHostManager.exe" [2005-08-02 14:33 159832]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" [2006-11-01 20:46 30928]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"j9221830"="C:\WINDOWS\system32\j9221830.dll" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 19:15 271672]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"RegistryMechanic"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

C:\Documents and Settings\cody\Start Menu\Programs\Startup\
V CAST Music Monitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe [2008-01-15 22:03:40 446464]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 13:42:22 45056]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-05 11:55:57 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyvvw]
fccyvvw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebywvt]
gebywvt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jfxpcebz]
jfxpcebz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjj]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlj]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlmml]
pmnlmml.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\javaw.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\fpupdate.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [2008-02-13 04:00]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 21:26]
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-04-11 09:17]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-04 01:30:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-06 08:30:00 C:\WINDOWS\Tasks\ErrorSweeper Scheduled Scan.job"
- C:\Program Files\ErrorSweeper\ErrorSweeper.ex
- C:\Program Files\ErrorSweeper
"2008-03-08 23:07:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 18:05:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLServiceHost.exe
.
**************************************************************************
.
Completion time: 2008-03-08 18:08:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-08 23:08:29
.
2008-03-06 21:52:03 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:29 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLHostManager.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLServiceHost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLServiceHost.exe
C:\Documents and Settings\cody\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {8963C3D0-92A9-4B89-8F31-BE9AC9145831} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1131734091\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [hcsystray] "C:\Program Files\Kuma Games\hcsystray\hc_tray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [j9221830] rundll32 C:\WINDOWS\system32\j9221830.dll sook
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122232897781
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: fccyvvw - fccyvvw.dll (file missing)
O20 - Winlogon Notify: gebywvt - gebywvt.dll (file missing)
O20 - Winlogon Notify: jfxpcebz - jfxpcebz.dll (file missing)
O20 - Winlogon Notify: jkkjj - C:\WINDOWS\
O20 - Winlogon Notify: pmnlj - C:\WINDOWS\
O20 - Winlogon Notify: pmnlmml - pmnlmml.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11723 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:06 PM

Posted 08 March 2008 - 07:26 PM

Hello,

WHOA! You've been dealing with this for quite some time. :thumbsup:

Your Java is way out of date, which leaves your computer vulnerable.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u5.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

File::
C:\WINDOWS\system32\jfxpcebz.dllbox
C:\WINDOWS\system32\tjezxiot.dll.vir
C:\WINDOWS\system32\tjezxiot.dllbox
C:\WINDOWS\system32\tdhpcjoj.dll.vir
C:\WINDOWS\system32\tdhpcjoj.dllbox
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\vxeeqnsg.ini
C:\WINDOWS\system32\qbyipgie.dllbox
C:\WINDOWS\system32\qbyipgie.dll.vir
C:\WINDOWS\system32\jjkkj.tmp
C:\Program Files\.autoreg
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\b122.exe
C:\Program Files\Common Files\laxur
C:\Program Files\Common Files\prohdyg.html
C:\WINDOWS\system32\ehhkj.bak1
C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\hjjlm.bak1
C:\WINDOWS\system32\hjjlm.bak2
C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.ini2
C:\WINDOWS\system32\jlkkj.bak1
C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\jlnmp.bak2
C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\kjkkj.bak1
C:\WINDOWS\system32\llnmp.bak1
C:\WINDOWS\system32\mbowndss.ini2
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\nmllm.bak1
C:\WINDOWS\system32\nqtss.bak1
C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.bak2
C:\WINDOWS\system32\qpqss.bak1
C:\WINDOWS\system32\qpqss.bak2
C:\WINDOWS\system32\qpqss.ini2
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\vvvwa.bak1
C:\WINDOWS\system32\xybeg.bak1

Folder::
C:\WINDOWS\Y29keQ

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8963C3D0-92A9-4B89-8F31-BE9AC9145831}]
[-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyvvw]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebywvt]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jfxpcebz]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjj]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlj]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlmml]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

How is it running now please? Also, I asked you if your Norton is up to date......please let me know.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 cody10

cody10
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 08 March 2008 - 08:50 PM

ComboFix 08-03-07.4 - cody 2008-03-08 20:42:02.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.495 [GMT -5:00]
Running from: C:\Documents and Settings\cody\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\cody\Desktop\CFScript.txt.lnk
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\b122.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\jfxpcebz.dllbox
C:\WINDOWS\system32\qbyipgie.dllbox
C:\WINDOWS\system32\tdhpcjoj.dllbox
C:\WINDOWS\system32\tjezxiot.dllbox
C:\WINDOWS\system32\wcptr32.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-08 20:30 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-08 20:29 . 2008-03-08 20:29 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-07 20:25 . 2008-03-07 20:25 <DIR> d-------- C:\Deckard
2008-02-21 23:36 . 2008-02-21 23:36 163,904 --a------ C:\WINDOWS\system32\tjezxiot.dll.vir
2008-02-21 16:33 . 2008-02-21 16:33 163,904 --a------ C:\WINDOWS\system32\tdhpcjoj.dll.vir
2008-02-18 22:41 . 2008-02-22 13:15 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-17 23:59 . 2008-02-18 00:03 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-02-17 22:29 . 2008-02-17 22:29 294 ---hs---- C:\WINDOWS\system32\vxeeqnsg.ini
2008-02-15 19:03 . 2008-02-15 19:01 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-15 19:03 . 2008-02-15 19:03 3,444 --a------ C:\WINDOWS\unins000.dat
2008-02-15 18:23 . 2008-02-15 18:47 <DIR> d-------- C:\Program Files\Chily Registry Cleaner
2008-02-15 18:14 . 2008-02-15 18:19 <DIR> d-------- C:\Program Files\Fix Registry Errors
2008-02-14 23:59 . 2008-02-17 15:30 <DIR> d-------- C:\Program Files\ErrorSweeper
2008-02-14 23:59 . 2008-02-14 23:59 <DIR> d-------- C:\Documents and Settings\cody\Application Data\ErrorSweeper
2008-02-14 23:40 . 2008-02-15 18:04 <DIR> d-------- C:\Program Files\RegistryFix
2008-02-14 09:10 . 2008-02-14 09:10 163,904 --a------ C:\WINDOWS\system32\qbyipgie.dll.vir
2008-02-10 12:04 . 2008-02-10 12:07 179,664 ---hs---- C:\WINDOWS\system32\jjkkj.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 01:30 --------- d-----w C:\Program Files\Java
2008-02-22 05:12 --------- d-----w C:\Program Files\Kuma Games
2008-02-21 22:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-19 03:53 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 03:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-07 15:33 95,808 ----a-w C:\WINDOWS\system32\accggsuj.dll
2008-02-05 17:50 94,272 ----a-w C:\WINDOWS\system32\axnmkluc.dll
2008-02-04 17:50 93,248 ----a-w C:\WINDOWS\system32\wcsxppvm.dll
2008-01-23 19:24 328,288 ----a-w C:\WINDOWS\system32\jkhfd.dll
2008-01-16 03:03 --------- d-----w C:\Program Files\Verizon Wireless
2008-01-16 03:01 --------- d-----w C:\Documents and Settings\cody\Application Data\Smith Micro
2008-01-16 02:58 --------- d-----w C:\Program Files\LG Drivers
2008-01-13 03:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-13 03:44 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-07 21:47 10 ----a-w C:\Program Files\.autoreg
2008-01-07 21:30 39,936 ----a-w C:\WINDOWS\mrofinu572.exe.tmp
2008-01-07 21:29 41,472 ----a-w C:\WINDOWS\system32\ssqppol.dll.vir
2007-12-19 23:01 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-05-29 03:22 486 ----a-w C:\Program Files\Common Files\laxur
2007-04-30 15:06 142 ----a-w C:\Program Files\Common Files\prohdyg.html
2007-07-22 06:25 6,489 --sha-w C:\WINDOWS\system32\ehhkj.bak1
2007-09-20 13:15 1,979,329 --sha-w C:\WINDOWS\system32\fgjlm.bak1
2007-11-18 18:10 6,473 --sh--w C:\WINDOWS\system32\ghkmp.bak1
2007-07-17 01:58 6,369 --sha-w C:\WINDOWS\system32\hjjlm.bak1
2007-11-02 10:31 417,752 --sh--w C:\WINDOWS\system32\hjjlm.bak2
2007-11-24 16:32 6,473 --sh--w C:\WINDOWS\system32\ilnmp.bak1
2007-11-18 16:49 439,091 --sh--w C:\WINDOWS\system32\jjjlm.bak1
2007-11-29 22:22 442,224 --sh--w C:\WINDOWS\system32\jjjlm.bak2
2007-12-06 00:49 467,478 --sh--w C:\WINDOWS\system32\jjjlm.ini2
2007-11-23 03:23 6,498 --sh--w C:\WINDOWS\system32\jlkkj.bak1
2007-08-09 05:05 1,729,485 --sha-w C:\WINDOWS\system32\jlnmp.bak1
2007-08-09 05:05 1,728,924 --sha-w C:\WINDOWS\system32\jlnmp.bak2
2007-08-09 05:08 1,732,058 --sha-w C:\WINDOWS\system32\jlnmp.ini2
2007-07-24 00:38 6,471 --sha-w C:\WINDOWS\system32\kjjlm.bak1
2007-12-02 16:35 6,539 --sh--w C:\WINDOWS\system32\kjkkj.bak1
2007-07-21 21:12 6,489 --sha-w C:\WINDOWS\system32\llnmp.bak1
2007-09-19 04:56 693,484 --sha-w C:\WINDOWS\system32\mbowndss.ini2
2007-06-02 02:10 1,599,543 --sha-w C:\WINDOWS\system32\mmllm.bak2
2007-06-02 05:10 1,597,627 --sha-w C:\WINDOWS\system32\mmllm.ini2
2007-11-02 18:31 6,473 --sh--w C:\WINDOWS\system32\nmllm.bak1
2007-07-24 01:57 6,471 --sha-w C:\WINDOWS\system32\nqtss.bak1
2007-07-24 06:51 6,471 --sha-w C:\WINDOWS\system32\oqstv.bak1
2007-11-19 17:58 6,473 --sh--w C:\WINDOWS\system32\oqstv.bak2
2007-09-18 17:21 6,448 --sha-w C:\WINDOWS\system32\qpqss.bak1
2007-09-19 22:25 2,016,101 --sha-w C:\WINDOWS\system32\qpqss.bak2
2007-09-19 04:58 1,966,150 --sha-w C:\WINDOWS\system32\qpqss.ini2
2007-11-02 17:25 6,473 --sh--w C:\WINDOWS\system32\rqtwa.bak1
2007-11-13 18:50 6,473 --sh--w C:\WINDOWS\system32\utstv.bak1
2007-07-23 20:48 6,511 --sha-w C:\WINDOWS\system32\vvvwa.bak1
2007-11-02 19:30 6,473 --sh--w C:\WINDOWS\system32\xybeg.bak1
2005-07-29 21:24 472 --sha-r C:\WINDOWS\Y29keQ\sZ64yk.vbs
.

((((((((((((((((((((((((((((( snapshot@2008-03-08_18.08.06.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2003-11-19 21:36:26 24,681 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 06:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2003-11-19 21:36:30 28,779 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 06:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 07:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2007-09-20 13:22 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8963C3D0-92A9-4B89-8F31-BE9AC9145831}]
C:\WINDOWS\system32\ssqpn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2007-09-20 13:22 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 14:08 67160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33 155648]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 22:00 344064]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26 606208]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 08:04 53248]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.exe" [2003-07-08 03:00 99840]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27 85696]
"HostManager"="C:\Program Files\Common Files\AOL\1131734091\ee\AOLHostManager.exe" [2005-08-02 14:33 159832]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" [2006-11-01 20:46 30928]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"j9221830"="C:\WINDOWS\system32\j9221830.dll" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 19:15 271672]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"RegistryMechanic"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

C:\Documents and Settings\cody\Start Menu\Programs\Startup\
V CAST Music Monitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe [2008-01-15 22:03:40 446464]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 13:42:22 45056]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-05 11:55:57 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyvvw]
fccyvvw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebywvt]
gebywvt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jfxpcebz]
jfxpcebz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjj]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlj]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlmml]
pmnlmml.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\fpupdate.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 21:26]
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-04-11 09:17]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-04 01:30:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-06 08:30:00 C:\WINDOWS\Tasks\ErrorSweeper Scheduled Scan.job"
- C:\Program Files\ErrorSweeper\ErrorSweeper.ex
- C:\Program Files\ErrorSweeper
"2008-03-09 01:26:17 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 20:45:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-08 20:47:05
ComboFix-quarantined-files.txt 2008-03-09 01:46:50
ComboFix2.txt 2008-03-08 23:08:34
.
2008-03-06 21:52:03 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:24 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLServiceHost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLServiceHost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\cody\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8963C3D0-92A9-4B89-8F31-BE9AC9145831} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1131734091\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [hcsystray] "C:\Program Files\Kuma Games\hcsystray\hc_tray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [j9221830] rundll32 C:\WINDOWS\system32\j9221830.dll sook
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122232897781
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: fccyvvw - fccyvvw.dll (file missing)
O20 - Winlogon Notify: gebywvt - gebywvt.dll (file missing)
O20 - Winlogon Notify: jfxpcebz - jfxpcebz.dll (file missing)
O20 - Winlogon Notify: jkkjj - C:\WINDOWS\
O20 - Winlogon Notify: pmnlj - C:\WINDOWS\
O20 - Winlogon Notify: pmnlmml - pmnlmml.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11884 bytes

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:06 PM

Posted 08 March 2008 - 09:11 PM

Also, I asked you if your Norton is up to date......please let me know.


Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 cody10

cody10
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 08 March 2008 - 10:16 PM

Hello Tea,

Norton is up to date and seems to be working fine.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users