Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Command Srvice & Smitfraud Core Service Problems


  • This topic is locked This topic is locked
3 replies to this topic

#1 rjohnson8998

rjohnson8998

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 06 April 2008 - 08:56 PM

Tried running DSS checker but it kept failing out on Cleaning Up Temporary Files. So a Hijack This log is below. XP Home SP1. Need to get it cleaned up so I can put SP2 on it. Cleaned up all the other spyware w/ Adaware and Spybot as far as I can tell. Please help.

Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:27 PM, on 4/6/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Sherrill Widdig\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe,
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [BM0f07b2e8] Rundll32.exe "C:\WINDOWS\System32\cxgwewhw.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

--
End of file - 3086 bytes


Thanks!

BC AdBot (Login to Remove)

 


m

#2 rjohnson8998

rjohnson8998
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 07 April 2008 - 11:33 PM

OK, finally got it cleaned up enough to run DSS and here is the log. Stuck with just the Smitfraud core service piece now but can't get rid of it for the life of me. Please help me out here. My wife is bugging the mess out of me to get this (her) computer fixed up again. Thanks in advance!

Deckard's System Scanner v20071014.68
Run by Sherrill Widdig on 2008-04-07 23:23:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
69: 2008-04-08 04:24:02 UTC - RP1452 - Deckard's System Scanner Restore Point
68: 2008-04-08 01:56:17 UTC - RP1451 - System Checkpoint
67: 2008-04-07 01:43:38 UTC - RP1450 - Deckard's System Scanner Restore Point
66: 2008-04-06 19:30:55 UTC - RP1449 - System Checkpoint
65: 2008-04-05 19:10:21 UTC - RP1448 - System Checkpoint


-- First Restore Point --
1: 2008-01-24 09:40:50 UTC - RP1384 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as Sherrill Widdig.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:36 PM, on 4/7/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Sherrill Widdig\Application Data\U3\0000187DA570D94D\LaunchPad.exe
C:\Documents and Settings\Sherrill Widdig\Desktop\New Folder\dss.exe
C:\DOCUME~1\SHERRI~1\Desktop\Sherrill Widdig.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {396599ED-7554-69DA-0616-2B00CDB58ABC} - C:\WINDOWS\System32\yhencj.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {54B0010C-67B7-4619-B68C-9AC5E1A8EAAB} - C:\WINDOWS\System32\awvtq.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7B611109-8CF3-4C03-9427-9A8884FC60F2} - C:\WINDOWS\System32\awvts.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: {608e1d27-5784-6f18-20c4-28a5be35b13e} - {e31b53eb-5a82-4c02-81f6-487572d1e806} - C:\WINDOWS\System32\dosjugjk.dll
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\WINDOWS\System32\opnoppq.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [BM0f07b2e8] Rundll32.exe "C:\WINDOWS\System32\cxgwewhw.dll",s
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - Winlogon Notify: opnoppq - C:\WINDOWS\SYSTEM32\opnoppq.dll
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

--
End of file - 3983 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\SHERRI~1\Desktop\backups\) ------------

backup-20080406-215422-860 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
backup-20080406-215422-943 O4 - HKLM\..\Run: [BM0f07b2e8] Rundll32.exe "C:\WINDOWS\System32\cxgwewhw.dll",s
backup-20080406-220817-422 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
backup-20080406-220817-505 O4 - HKLM\..\Run: [BM0f07b2e8] Rundll32.exe "C:\WINDOWS\System32\cxgwewhw.dll",s

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Vmodem (W2K Vmodem) - c:\windows\system32\drivers\vmodem.sys <Not Verified; PCTEL, INC.; HSP Modem Modem Device>
R0 Vpctcom (W2K Vpctcom) - c:\windows\system32\drivers\vpctcom.sys <Not Verified; PCtel, Inc.; HSP Modem Virtual Control Device>
R0 Vvoice (W2K Vvoice) - c:\windows\system32\drivers\vvoice.sys <Not Verified; PCtel, Inc.; PCTEL HSP Modem Voice Device>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
R1 SERIALL - c:\windows\system32\drivers\seriall.sys

S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 Ptserial (W2K Pctel Serial Device Driver) - c:\windows\system32\drivers\ptserial.sys <Not Verified; PCTEL, INC.; HSP Modem Serial Device>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-07 23:23:03 432 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-03-15 09:25:49 484 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job


-- Files created between 2008-03-07 and 2008-04-07 -----------------------------

2008-04-07 18:46:02 0 d-------- C:\Anti-Spyware
2008-04-06 22:10:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-04-06 22:10:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-06 22:10:20 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-06 22:10:20 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-06 22:10:20 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-06 22:10:20 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-06 22:10:20 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-06 22:10:20 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-06 22:10:20 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-06 22:10:20 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-06 22:10:20 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-06 22:10:20 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-06 22:10:20 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-06 22:10:20 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-06 22:10:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-04-06 22:10:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-04-06 22:10:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-04-06 22:10:20 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-06 22:10:19 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-03 22:50:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-03 22:49:27 0 d-------- C:\Documents and Settings\Sherrill Widdig\Application Data\Lavasoft
2008-04-03 22:45:23 0 d-------- C:\Program Files\Lavasoft
2008-04-03 22:44:08 0 d-------- C:\Documents and Settings\Sherrill Widdig\Application Data\U3
2008-04-03 22:34:36 0 d-------- C:\WINDOWS\pss
2008-03-31 09:41:35 38400 --a------ C:\WINDOWS\System32\khfdccy.dll
2008-03-31 09:33:54 90688 --a------ C:\WINDOWS\System32\dosjugjk.dll
2008-03-31 09:32:49 82496 --a------ C:\WINDOWS\System32\btxgpemn.dll
2008-03-31 09:32:12 0 d-------- C:\Program Files\??crosoft
2008-03-31 09:31:37 60928 --a------ C:\WINDOWS\System32\yhencj.dll
2008-03-24 21:32:46 93248 --a------ C:\WINDOWS\System32\sgoveidf.dll
2008-03-24 21:32:19 91200 --a------ C:\WINDOWS\System32\cxgwewhw.dll
2008-03-23 17:27:52 92736 --a------ C:\WINDOWS\System32\trifxwnk.dll
2008-03-23 17:25:47 90176 --a------ C:\WINDOWS\System32\fsvaulft.dll
2008-03-23 16:23:41 92736 --a------ C:\WINDOWS\System32\rofareit.dll
2008-03-23 16:18:09 90176 --a------ C:\WINDOWS\System32\ykgohfgo.dll
2008-03-23 16:16:40 90176 --a------ C:\WINDOWS\System32\ceayjnrc.dll
2008-03-23 16:16:18 90176 --a------ C:\WINDOWS\System32\frmcyvdg.dll
2008-03-22 14:33:24 93248 --a------ C:\WINDOWS\System32\upxbftdf.dll
2008-03-22 14:30:18 92224 --a------ C:\WINDOWS\System32\xxbnoosj.dll
2008-03-21 10:57:23 94784 --a------ C:\WINDOWS\System32\fkksocmm.dll
2008-03-21 10:56:49 91712 --a------ C:\WINDOWS\System32\yoevloax.dll
2008-03-20 02:35:13 0 d-------- C:\Program Files\JavaCore
2008-03-20 02:29:14 0 d-------- C:\Program Files\CPV
2008-03-19 14:00:27 93248 --a------ C:\WINDOWS\System32\wbheirta.dll
2008-03-19 14:00:11 90688 --a------ C:\WINDOWS\System32\bnxaxeni.dll
2008-03-18 14:08:15 92736 --a------ C:\WINDOWS\System32\gteupxvx.dll
2008-03-18 13:59:00 91200 --a------ C:\WINDOWS\System32\koxaisvq.dll
2008-03-18 13:20:24 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-03-17 14:01:38 87616 --a------ C:\WINDOWS\System32\yrakfsow.dll
2008-03-17 13:58:43 93760 --a------ C:\WINDOWS\System32\swtdcjge.dll
2008-03-17 13:57:15 91200 --a------ C:\WINDOWS\System32\widyspwp.dll
2008-03-17 12:43:52 87616 --a------ C:\WINDOWS\System32\ivwntxml.dll
2008-03-17 12:40:50 93760 --a------ C:\WINDOWS\System32\frnrqexb.dll
2008-03-17 12:39:27 0 d-------- C:\Documents and Settings\Other\Application Data\WinTouch
2008-03-17 12:38:56 91200 --a------ C:\WINDOWS\System32\nxnahyte.dll
2008-03-17 12:38:01 0 d-------- C:\Program Files\Temporary
2008-03-16 13:58:32 99904 --a------ C:\WINDOWS\System32\asvysxvj.dll
2008-03-16 13:53:28 95296 --a------ C:\WINDOWS\System32\kvrqghkr.dll
2008-03-16 12:38:01 99904 --a------ C:\WINDOWS\System32\sckkptbi.dll
2008-03-16 12:35:52 95296 --a------ C:\WINDOWS\System32\scagtdqt.dll
2008-03-16 12:34:55 281087 --ahs---- C:\WINDOWS\System32\stvwa.ini2
2008-03-16 12:34:46 317440 --a------ C:\WINDOWS\System32\awvts.dll
2008-03-16 12:33:08 37376 --a------ C:\WINDOWS\System32\hggffed.dll
2008-03-16 12:32:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-16 12:31:34 0 d-------- C:\Program Files\Outerinfo
2008-03-16 12:31:33 0 d-------- C:\Program Files\Common Files\?ymbols
2008-03-16 12:30:08 86016 --a------ C:\WINDOWS\System32\drivers\SERIALL.sys
2008-03-16 12:29:59 0 d-------- C:\WINDOWS\System32\usn7
2008-03-16 12:29:58 0 d-------- C:\WINDOWS\System32\ras3
2008-03-16 12:29:58 0 d-------- C:\WINDOWS\System32\npd2
2008-03-16 12:29:58 0 d-------- C:\WINDOWS\System32\e5
2008-03-16 12:29:57 0 d-------- C:\Program Files\Common Files\s?stem32
2008-03-16 12:29:41 0 d-------- C:\WINDOWS\System32\iDlo01
2008-03-16 12:29:41 0 d-------- C:\Temp
2008-03-16 12:29:40 37376 --a------ C:\WINDOWS\System32\opnoppq.dll
2008-03-12 12:14:16 93760 --a------ C:\WINDOWS\System32\xakmwodd.dll
2008-03-12 12:08:16 89152 --a------ C:\WINDOWS\System32\jyrltesh.dll
2008-03-11 12:14:18 86592 --a------ C:\WINDOWS\System32\ianmxcan.dll
2008-03-11 12:08:18 90688 --a------ C:\WINDOWS\System32\kdwaecuo.dll
2008-03-10 21:26:28 0 d-------- C:\Documents and Settings\Sherrill Widdig\Download
2008-03-10 12:13:05 93760 --a------ C:\WINDOWS\System32\jrqllvdw.dll
2008-03-10 12:07:05 89152 --a------ C:\WINDOWS\System32\lxoydowc.dll
2008-03-09 12:11:30 91200 --a------ C:\WINDOWS\System32\tpedlpkp.dll
2008-03-08 12:11:24 92224 --a------ C:\WINDOWS\System32\scogcirx.dll
2008-03-08 12:05:36 88640 --a------ C:\WINDOWS\System32\bqhoswor.dll
2008-03-07 12:07:41 90688 --a------ C:\WINDOWS\System32\oookbvlb.dll
2008-03-07 12:05:15 87104 --a------ C:\WINDOWS\System32\kyrswafq.dll
2008-03-07 12:05:01 88640 --a------ C:\WINDOWS\System32\ssiabukn.dll


-- Find3M Report ---------------------------------------------------------------

2008-04-06 11:00:09 0 d-------- C:\Program Files\Common Files\SystemErrorFixer
2008-04-06 11:00:08 0 d-------- C:\Program Files\Common Files\PrivacyConductor
2008-04-05 19:50:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-05 13:54:54 0 d-------- C:\Program Files\Viewpoint
2008-04-04 08:35:09 0 d-------- C:\Program Files\Common Files
2008-04-03 22:39:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-03 22:39:21 0 d-------- C:\Program Files\Dell
2008-03-31 09:32:12 0 d-------- C:\Program Files\??crosoft
2008-03-16 12:31:33 0 d-------- C:\Program Files\Common Files\?ymbols
2008-03-16 12:29:58 0 d-------- C:\Program Files\Common Files\s?stem32
2008-03-13 09:54:46 253002 --ahs---- C:\WINDOWS\System32\qtvwa.ini2
2008-03-06 12:11:38 96320 --a------ C:\WINDOWS\System32\ycqklnpd.dll
2008-03-06 12:05:37 92736 --a------ C:\WINDOWS\System32\hqekqxxg.dll
2008-03-05 12:08:22 96832 --a------ C:\WINDOWS\System32\xtjcmilv.dll
2008-03-04 14:32:27 105984 --a------ C:\WINDOWS\b152.exe
2008-03-04 12:08:22 97344 --a------ C:\WINDOWS\System32\qbbdkqbm.dll
2008-03-03 12:08:22 90176 --a------ C:\WINDOWS\System32\qjcwrnak.dll
2008-03-02 12:10:36 84544 --a------ C:\WINDOWS\System32\ioxbqfgj.dll
2008-03-02 12:07:36 89664 --a------ C:\WINDOWS\System32\ywhwrwcm.dll
2008-03-01 12:06:08 89664 --a------ C:\WINDOWS\System32\yeoddvkj.dll
2008-02-29 12:09:08 88640 --a------ C:\WINDOWS\System32\ktmamdph.dll
2008-02-28 12:02:48 89664 --a------ C:\WINDOWS\System32\jtbdcqhq.dll
2008-02-27 23:17:22 90176 --a------ C:\WINDOWS\System32\lakrinby.dll
2008-02-26 23:20:32 89152 --a------ C:\WINDOWS\System32\pwxicrrq.dll
2008-02-25 23:21:04 85056 --a------ C:\WINDOWS\System32\wiekdshv.dll
2008-02-25 23:18:04 90688 --a------ C:\WINDOWS\System32\gyhkoxyt.dll
2008-02-25 07:19:18 140800 --a------ C:\WINDOWS\b149.exe
2008-02-24 23:14:42 90176 --a------ C:\WINDOWS\System32\vpiubdpe.dll
2008-02-23 23:12:15 89152 --a------ C:\WINDOWS\System32\jmdmtotw.dll
2008-02-22 23:01:25 258119 --ahs---- C:\WINDOWS\System32\bbeeg.ini2
2008-02-22 14:10:04 89664 --a------ C:\WINDOWS\System32\bjxaickg.dll
2008-02-21 14:14:33 93760 --a------ C:\WINDOWS\System32\pnifuvcl.dll
2008-02-20 14:12:51 94784 --a------ C:\WINDOWS\System32\rmnihtye.dll
2008-02-20 14:09:51 87616 --a------ C:\WINDOWS\System32\kilinbur.dll
2008-02-19 14:09:50 89152 --a------ C:\WINDOWS\System32\xboqybrq.dll
2008-02-19 14:06:50 74304 --a------ C:\WINDOWS\System32\juunooxw.dll
2008-02-18 14:06:16 74304 --a------ C:\WINDOWS\System32\kwkyxlow.dll
2008-02-17 14:06:15 74304 --a------ C:\WINDOWS\System32\cppvhpvi.dll
2008-02-16 14:03:53 74304 --a------ C:\WINDOWS\System32\erepfubq.dll
2008-02-15 14:03:53 74304 --a------ C:\WINDOWS\System32\lxwpkdti.dll
2008-02-14 14:07:00 91200 --a------ C:\WINDOWS\System32\xjahphnm.dll
2008-02-13 14:02:13 98368 --a------ C:\WINDOWS\System32\abfgiawt.dll
2008-02-12 14:04:47 93248 --a------ C:\WINDOWS\System32\llvihrai.dll
2008-02-11 14:01:46 93248 --a------ C:\WINDOWS\System32\jvtvsygw.dll
2008-02-10 02:02:12 93760 --a------ C:\WINDOWS\System32\uatvkrnj.dll
2008-02-09 02:02:12 94784 --a------ C:\WINDOWS\System32\bdkpeupm.dll
2008-02-07 14:05:29 95808 --a------ C:\WINDOWS\System32\ngkhffao.dll
2008-02-05 14:03:10 94272 --a------ C:\WINDOWS\System32\tepmdvha.dll
2008-02-04 02:06:02 92736 --a------ C:\WINDOWS\System32\yqoohemg.dll
2008-02-04 02:03:02 88640 --a------ C:\WINDOWS\System32\qtiglwah.dll
2008-02-03 02:00:06 96832 --a------ C:\WINDOWS\System32\lfotguou.dll
2008-02-02 13:21:02 96832 --a------ C:\WINDOWS\System32\ajcjgtli.dll
2008-02-01 13:18:02 92736 --a------ C:\WINDOWS\System32\fisdgcbr.dll
2008-01-31 01:19:00 92736 --a------ C:\WINDOWS\System32\oavglrmo.dll
2008-01-31 01:16:13 87616 --a------ C:\WINDOWS\System32\itwdhjgy.dll
2008-01-09 22:56:47 78400 --a------ C:\WINDOWS\System32\nurykbcn.dll
2008-01-08 22:56:30 78400 --a------ C:\WINDOWS\System32\dcbyhehx.dll
2008-01-07 22:56:21 78400 --a------ C:\WINDOWS\System32\gcdomqfa.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{396599ED-7554-69DA-0616-2B00CDB58ABC}]
01/28/2008 11:29 AM 60928 --a------ C:\WINDOWS\System32\yhencj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54B0010C-67B7-4619-B68C-9AC5E1A8EAAB}]
C:\WINDOWS\System32\awvtq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B611109-8CF3-4C03-9427-9A8884FC60F2}]
03/16/2008 12:34 PM 317440 --a------ C:\WINDOWS\System32\awvts.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e31b53eb-5a82-4c02-81f6-487572d1e806}]
03/31/2008 09:33 AM 90688 --a------ C:\WINDOWS\System32\dosjugjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9383002-FC55-4330-B9C9-67E03BC5C840}]
03/16/2008 12:29 PM 37376 --a------ C:\WINDOWS\System32\opnoppq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/19/2005 08:59 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/19/2005 08:59 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/19/2002 11:22 PM]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [08/19/2002 11:23 PM]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [08/26/2002 11:35 PM]
"BM0f07b2e8"="C:\WINDOWS\System32\cxgwewhw.dll" [03/24/2008 09:32 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [11/15/2004 02:45 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\Sherrill Widdig\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E9383002-FC55-4330-B9C9-67E03BC5C840}"= C:\WINDOWS\System32\opnoppq.dll [03/16/2008 12:29 PM 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnoppq]
opnoppq.dll 03/16/2008 12:29 PM 37376 C:\WINDOWS\SYSTEM32\opnoppq.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\awvts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sherrill Widdig^Start Menu^Programs^Startup^RABCO - Auto Update.lnk]
path=C:\Documents and Settings\Sherrill Widdig\Start Menu\Programs\Startup\RABCO - Auto Update.lnk
backup=C:\WINDOWS\pss\RABCO - Auto Update.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0c348174]
rundll32.exe "C:\WINDOWS\System32\btxgpemn.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
"C:\PROGRA~1\COMMON~1\SSTEM3~1\wuauboot.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM0f07b2e8]
Rundll32.exe "C:\WINDOWS\System32\cxgwewhw.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JavaCore]
C:\Program Files\\JavaCore\\JavaCore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jwyecrvd]
"C:\Program Files\Common Files\?ymbols\d?xplore.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoDNS]
C:\Program Files\\NoDNS\\NoDNS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcoi]
C:\Program Files\nvcoi\nvcoi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PV92TRAY]
PV92Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
"C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe" dm=http://systemerrorfixer.com; ad=http://systemerrorfixer.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart(1)]
"C:\Program Files\Common Files\PrivacyConductor\mc.exe" dm=http://privacyconductor.com; ad=http://privacyconductor.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
C:\Documents and Settings\Sherrill Widdig\Application Data\Microsoft\Windows\gfkfyn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
C:\Documents and Settings\Sherrill Widdig\Application Data\WinTouch\WinTouch.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{552795c8-01f9-11dd-8ab8-000d565abeb9}]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-04-07 23:26:04 ------------

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:45 AM

Posted 13 April 2008 - 04:43 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:45 AM

Posted 20 April 2008 - 12:20 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users