Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Most likely infected with a number of things


  • This topic is locked This topic is locked
2 replies to this topic

#1 baouong

baouong

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 27 March 2009 - 04:25 AM

Please help my computer is falling apart!
Currently running XP SP2
There are a number of things that make life hell when working with my pc
Cannot access msconfig (when executed the window opens for a fraction of a second then closes suddenly.. this applies to system restore and ms dos prompt)
Whenever imputing file name *ixyaosk.exe* to find a way rid of this in any internet browser the internet browser suddenly closes
** Cannot boot windows in safe mode!! ** Just constantly restarts as i press F8 on start up

These are just a few things that have been annoying me, hopefully someone can help me out

Thank you in advance

Following are DDS log and HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:43 AM, on 3/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\System\wngbaqu.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Common Files\Microsoft Shared\ixyaosk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {c5a2d46b-adef-403e-a4be-3e77db4eb9e0} - C:\WINDOWS\system32\vovimada.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [dbyitxf] C:\Program Files\Common Files\System\wngbaqu.exe
O4 - HKLM\..\Run: [e48fff03] rundll32.exe "C:\WINDOWS\system32\mawibusi.dll",b
O4 - HKLM\..\Run: [CPMe7bccc9f] Rundll32.exe "c:\windows\system32\fotovise.dll",a
O4 - HKLM\..\Run: [fusudibawe] Rundll32.exe "C:\WINDOWS\system32\doyajada.dll",s
O4 - HKLM\..\Run: [vcspaiu] C:\Program Files\Common Files\Microsoft Shared\ixyaosk.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [fusudibawe] Rundll32.exe "C:\WINDOWS\system32\doyajada.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [fusudibawe] Rundll32.exe "C:\WINDOWS\system32\doyajada.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: jjxlsc.dll qoizlb.dll kwggms.dll cnsnjk.dll lyropb.dll ltabho.dll rbbcpd.dll frmnju.dll ,C:\WINDOWS\system32\gavanile.dll c:\windows\system32\fotovise.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fotovise.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fotovise.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10915 bytes


DDS (Ver_09-03-16.01) - NTFSx86
Run by User at 5:20:44.53 on Fri 03/27/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1350 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\System\wngbaqu.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Common Files\Microsoft Shared\ixyaosk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {c5a2d46b-adef-403e-a4be-3e77db4eb9e0} - c:\windows\system32\vovimada.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [NWEReboot]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [dbyitxf] c:\program files\common files\system\wngbaqu.exe
mRun: [e48fff03] rundll32.exe "c:\windows\system32\mawibusi.dll",b
mRun: [CPMe7bccc9f] Rundll32.exe "c:\windows\system32\fotovise.dll",a
mRun: [fusudibawe] Rundll32.exe "c:\windows\system32\doyajada.dll",s
mRun: [vcspaiu] c:\program files\common files\microsoft shared\ixyaosk.exe
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: jjxlsc.dll qoizlb.dll kwggms.dll cnsnjk.dll lyropb.dll ltabho.dll rbbcpd.dll frmnju.dll ,c:\windows\system32\gavanile.dll c:\windows\system32\fotovise.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fotovise.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\fotovise.dll
LSA: Notification Packages = scecli c:\windows\system32\gavanile.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\2r21n6tu.default\
FF - prefs.js: browser.startup.homepage - finance.yahoo.ca

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-6 64160]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-6 55152]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-1-23 38656]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]

=============== Created Last 30 ================

2009-03-27 05:09 28,850 ---sh--- c:\program files\meex.exe
2009-03-27 05:07 42,496 a------- c:\windows\system32\sexit.dat
2009-03-27 05:07 61,440 a------- c:\windows\system32\drivers\xisfsabj.sys
2009-03-27 02:07 189,472 a------- c:\windows\system32\PnkBstrB.xtr
2009-03-26 23:25 3,282,926 ---sh--- c:\windows\system32\isubiwam.ini
2009-03-19 13:23 <DIR> --d----- c:\program files\Trend Micro
2009-03-19 13:17 <DIR> --d----- c:\program files\GHostOne1.2.168
2009-03-15 13:49 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-03-15 13:49 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-15 13:49 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-15 13:49 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-15 13:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-14 14:40 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-14 11:56 141,312 a--sh--- c:\windows\system32\ltabho.dll
2009-03-13 23:56 1,703,008 ---sh--- c:\windows\system32\ubarijoz.ini
2009-03-13 11:56 141,312 a--sh--- c:\windows\system32\lurrdr.dll
2009-03-12 23:58 121 ---sh--- c:\windows\system32\uhukumap.ini
2009-03-12 23:58 142,336 a--sh--- c:\windows\system32\wffoxi.dll
2009-03-12 03:07 256 a------- c:\windows\system32\pool.bin
2009-03-12 01:27 1,835,095 ---sh--- c:\windows\system32\uzewasuk.ini
2009-03-12 01:27 142,336 a--sh--- c:\windows\system32\cnsnjk.dll
2009-03-11 02:45 141,312 a--sh--- c:\windows\system32\kwggms.dll
2009-03-10 14:47 142,848 a--sh--- c:\windows\system32\qoizlb.dll
2009-03-10 02:33 142,336 a--sh--- c:\windows\system32\jjxlsc.dll
2009-03-09 14:36 2,713 ---sh--- c:\windows\system32\heziraki.dll
2009-03-09 14:34 2,713 ---sh--- c:\windows\system32\vilojesa.dll
2009-03-09 14:34 2,713 ---sh--- c:\windows\system32\wavijaga.dll
2009-03-06 16:52 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-06 16:48 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-06 16:48 <DIR> --d----- c:\program files\Lavasoft
2009-03-06 16:48 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-06 16:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-06 16:29 <DIR> --d----- c:\documents and settings\user\Tracing
2009-03-06 16:25 55,152 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-03-06 16:24 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-03-06 16:23 <DIR> --d----- c:\program files\Microsoft
2009-03-06 16:23 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-06 16:20 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-05 16:18 156 a------- c:\windows\Twunk001.MTX
2009-03-05 16:18 3 a------- c:\windows\Twain001.Mtx
2009-03-05 16:18 0 a------- c:\windows\Twunk002.MTX
2009-03-04 15:50 <DIR> --d----- c:\program files\CCleaner
2009-03-03 06:10 <DIR> --d----- c:\docume~1\user\applic~1\Research In Motion
2009-03-03 06:10 256 a------- c:\documents and settings\user\pool.bin
2009-03-03 06:06 <DIR> --d----- c:\program files\Roxio
2009-03-03 06:06 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-03-03 06:03 26,496 a----r-- c:\windows\system32\drivers\RimSerial.sys
2009-03-03 06:03 <DIR> --d----- c:\program files\common files\Research In Motion
2009-03-03 06:03 <DIR> --d----- c:\program files\Research In Motion
2009-03-03 06:02 <DIR> --d----- c:\program files\MSXML 6.0
2009-02-26 21:49 <DIR> --d----- c:\program files\EA GAMES

==================== Find3M ====================

2009-03-27 02:04 138,168 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-03-27 02:04 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-03-27 02:04 189,472 a------- c:\windows\system32\PnkBstrB.exe
2009-03-26 23:25 95,232 -------- c:\windows\system32\fotovise.dll
2009-03-26 23:25 89,088 -------- c:\windows\system32\mawibusi.dll
2009-03-26 23:25 61,440 a--sh--- c:\windows\system32\hamegiwa.exe
2009-03-19 20:57 78,597 a------- c:\windows\War3Unin.dat
2009-03-15 00:55 105,472 a--sh--- c:\windows\system32\kibemole.dll
2009-03-14 11:56 141,312 a--sh--- c:\windows\system32\kifepoha.dll
2009-03-14 11:56 106,496 a--sh--- c:\windows\system32\mozowiyu.dll
2009-03-13 11:56 108,544 a--sh--- c:\windows\system32\ladibiru.dll
2009-03-13 11:56 141,312 a--sh--- c:\windows\system32\neresodi.dll
2009-03-12 23:58 142,336 a--sh--- c:\windows\system32\kosuyapu.dll
2009-03-12 23:58 107,520 a--sh--- c:\windows\system32\petolahu.dll
2009-03-12 01:27 106,496 a--sh--- c:\windows\system32\wubefivu.dll
2009-03-12 01:27 142,336 a--sh--- c:\windows\system32\gayuhiyu.dll
2009-03-11 02:45 141,312 a--sh--- c:\windows\system32\kuzefosi.dll
2009-03-11 02:45 107,520 a--sh--- c:\windows\system32\fipovage.dll
2009-03-10 14:47 142,848 a--sh--- c:\windows\system32\mafuyiha.dll
2009-03-10 14:47 107,520 a--sh--- c:\windows\system32\tahuhabu.dll
2009-03-10 02:33 142,336 a--sh--- c:\windows\system32\sapiduzo.dll
2009-03-10 02:33 107,008 a--sh--- c:\windows\system32\ramehasu.dll
2009-02-06 20:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2008-03-03 22:43 92,064 a------- c:\documents and settings\user\mqdmmdm.sys
2008-03-03 22:43 79,328 a------- c:\documents and settings\user\mqdmserd.sys
2008-03-03 22:43 66,656 a------- c:\documents and settings\user\mqdmbus.sys
2008-03-03 22:43 25,600 a------- c:\documents and settings\user\usbsermptxp.sys
2008-03-03 22:43 22,768 a------- c:\documents and settings\user\usbsermpt.sys
2008-03-03 22:43 9,232 a------- c:\documents and settings\user\mqdmmdfl.sys
2008-03-03 22:43 6,208 a------- c:\documents and settings\user\mqdmcmnt.sys
2008-03-03 22:43 5,936 a------- c:\documents and settings\user\mqdmwhnt.sys
2008-03-03 22:43 4,048 a------- c:\documents and settings\user\mqdmcr.sys
2008-03-03 22:43 0 a------- c:\program files\DBS.TXT
2008-02-09 04:44 22,328 a------- c:\docume~1\user\applic~1\PnkBstrK.sys
2006-06-23 02:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe

============= FINISH: 5:28:25.54 ===============

Attached Files


Edited by baouong, 27 March 2009 - 04:31 AM.


BC AdBot (Login to Remove)

 


#2 baouong

baouong
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 29 March 2009 - 11:34 PM

bump

#3 baouong

baouong
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 02 April 2009 - 02:27 AM

.....ended up formating my computer seeing as though this forum isn't helpful for sh1t. I followed the rules by not looking elsewhere for help and refrained from posting my HJT logs on other forums for assistance. I understand at times there isn't enough help to go around but I don't see how people can work around annoying malwares viruses etc and at the same time log into these damn forums day in and day out never getting any solutions ... Though the help provided in these forums i understand are free, It's become clear to me (the average everyday user with little to no computer knowledge) that to get it done right away is to just burn it and rebuild it. This community is Bleeping pointless...


So long everyone I will never be back


*laugh* works for both of us no??

Edited by baouong, 02 April 2009 - 02:28 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users