Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Url.cpvfeed/outerinferno


  • This topic is locked This topic is locked
30 replies to this topic

#1 JMICBLAZER

JMICBLAZER

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 03 June 2007 - 04:02 AM

IE keeps getting redirected to URL.CPVFEED.COM along with numerous other popups and popunders, Also theirs been a PROGRAM/FILE DOwnload itself onto my Computer Called OUTERINFERNO? over 700MB and I cant UNINSTALL IT! I have no idea how to Get rid of either one of these Obviously malicious Attackers. please help ive posted the FOllowing HIKACK this LOG and if you find anything else please let me know. Thanks in advance to anyone who will help


Logfile of HijackThis v1.99.1
Scan saved at 3:26:41 AM, on 6/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nwinsndt.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\windows\system32\mrdsregm.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\krkw\krkwm.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YServer.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Leteia D. Hughley\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myspace.com/index.cfm?fuseacti...586C6F417431630
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myspace.com/index.cfm?fuseacti...586C6F417431630
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124131373\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\nwinsndt.exe CHD003
O4 - HKLM\..\Run: [{C3-37-73-33-ZN}] C:\windows\system32\mrdsregm.exe CHD003
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\aenqboor.dll",realset
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [krkw] C:\PROGRA~1\COMMON~1\krkw\krkwm.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Leteia D. Hughley\Local Settings\Temp\TICHD003.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\nwinsndt.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office 2\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Attached Files



BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:57 PM

Posted 03 June 2007 - 11:35 AM

Hello JMICBLAZER,

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post the ComboFix log and a fresh Hijackthis log in your next reply. Please do not attach your Hijackthis log, as it is harder to read that way.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Disable script blocking if you have Norton Antivirus installed so it will not interfere with the fix.

To disable Norton AntiVirus Script Blocking
Start Norton AntiVirus. If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
Click Options. If you see a menu, click Norton AntiVirus.
In the left pane, click Script Blocking.
In the right pane, uncheck Enable Script Blocking (recommended).
Click OK

Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

Edited by SifuMike, 03 June 2007 - 11:37 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 JMICBLAZER

JMICBLAZER
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 03 June 2007 - 04:02 PM

Hello SIFUMIKE. thankyou For the Reply. I downloaded the file as instructed and tryed to run the Scan, First time i tryed it was unsuccesful. I clicked combo fix and it said, (The system cannot find the path specified) restarted the Pc. tryed again. it ran after about 10 mins then when it finished It produced no log from the Scan repeated this twice but the scans are not producing any logs?

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:57 PM

Posted 03 June 2007 - 06:07 PM

Hi JMICBLAZER,

I need to know the exact error messages you are getting. This will help me determine why you are having a problem running it.

Lets try running it another way.

Download this file - combofix.exe

and save it to your desktop. Also save the below command in Notepad as a text file so that you can copy/paste in safe mode.

"%userprofile%\desktop\combofix.exe"

Boot into safe mode by tapping the F8 key just before Windows starts to load.

go to start --> run and copy/paste in the following:

"%userprofile%\desktop\combofix.exe"

When finished, it shall produce a log for you. Save it and post that log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

In your next post, please include
  • new hijackthis log
  • combofix log

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:57 PM

Posted 03 June 2007 - 06:24 PM

Hi JMICBLAZER,

You have some suspicious files we need to check.

Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'

Go to next site: http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\WINDOWS\system32\nwinsndt.exe


Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Save the results in notepad.

Perform the same for next files:

C:\windows\system32\mrdsregm.exe
C:\WINDOWS\system32\aenqboor.dll
C:\Documents and Settings\Leteia D. Hughley\Local Settings\Temp\TICHD003.exe


Once scanned, copy and paste the results also in your next reply.

I usually enter my email address at virus total so they can send me the scan results. They usually only take a couple minutes to a couple of hours to reply.
You can copy/paste the results of scan results here.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 JMICBLAZER

JMICBLAZER
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 03 June 2007 - 06:54 PM

Hi SIFUMIKE. OK I DID AS YOU ASKED... I FINNALY GOT THE COMBOFIX LOG AND HERE It is

ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Leteia D. Hughley\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2005-05-03 to 2005-06-03 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-03-22 00:54:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
2007-03-22 00:54:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
2007-03-22 00:54:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
2007-02-25 16:10:48 5,376 --s-a-w C:\WINDOWS\system32\drivers\dsunidrv.sys
2007-02-19 11:01:20 252,356 ----a-w C:\WINDOWS\b128.exe
2006-12-02 13:09:35 391,519 ----a-w C:\WINDOWS\b129.exe
2006-11-16 16:44:29 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll
2006-11-16 16:44:22 33,592 ----a-w C:\WINDOWS\system32\drivers\atwpkt264.sys
2006-11-16 16:44:08 25,136 ----a-w C:\WINDOWS\system32\drivers\atwpkt2.sys
2006-11-09 06:09:00 1,895,936 ----a-w C:\WINDOWS\system32\kconvert.dll
2006-11-08 05:06:13 679,424 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-11-04 19:14:00 1,245,696 ----a-w C:\WINDOWS\system32\msxml4.dll
2006-10-19 13:56:32 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
2006-10-13 12:35:12 142,336 ----a-w C:\WINDOWS\system32\nwprovau.dll
2006-10-09 03:49:51 503,808 ----a-w C:\WINDOWS\Tranquil - Waterfalls.scr
2006-10-09 03:49:43 606,848 ----a-w C:\WINDOWS\flashax.exe
2006-10-09 03:49:43 12,288 ----a-w C:\WINDOWS\impborl.dll
2006-10-06 14:35:00 90,112 ----a-w C:\WINDOWS\system32\lfjbg13n.dll
2006-10-06 14:35:00 73,728 ----a-w C:\WINDOWS\system32\lffax13n.dll
2006-10-06 14:35:00 453,120 ----a-w C:\WINDOWS\system32\ltkrn13n.dll
2006-10-06 14:35:00 445,440 ----a-w C:\WINDOWS\system32\ltimg13n.dll
2006-10-06 14:35:00 388,608 ----a-w C:\WINDOWS\system32\lfcmp13n.dll
2006-10-06 14:35:00 265,216 ----a-w C:\WINDOWS\system32\ltdis13n.dll
2006-10-06 14:35:00 246,272 ----a-w C:\WINDOWS\system32\lfj2k13n.dll
2006-10-06 14:35:00 206,848 ----a-w C:\WINDOWS\system32\ltefx13n.dll
2006-10-06 14:35:00 154,112 ----a-w C:\WINDOWS\system32\ltfil13n.dll
2006-10-06 14:35:00 142,848 ----a-w C:\WINDOWS\system32\lftif13n.dll
2006-10-06 14:35:00 1,693,696 ----a-w C:\WINDOWS\system32\ltclr13n.dll
2006-09-19 20:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2006-09-19 20:43:58 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2006-09-13 05:01:56 1,084,416 ----a-w C:\WINDOWS\system32\msxml3.dll
2006-09-05 19:27:38 1,716,297 ------w C:\WINDOWS\system32\InetClnt.dll
2006-09-05 16:03:16 3,968 ----a-w C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-09-01 09:32:37 84,697 ----a-w C:\WINDOWS\b104.exe
2006-09-01 09:32:35 72,094 ----a-w C:\WINDOWS\b103.exe
2006-08-25 15:45:58 617,472 ----a-w C:\WINDOWS\system32\comctl32.dll
2006-08-22 09:05:26 498,742 ----a-w C:\WINDOWS\system32\dxmasf.dll
2006-08-21 14:52:08 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll
2006-08-21 12:21:06 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
2006-08-21 09:14:58 23,040 ----a-w C:\WINDOWS\system32\fltmc.exe
2006-08-21 09:14:58 128,896 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2006-08-17 12:28:27 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
2006-08-16 11:58:05 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2006-07-24 05:38:26 49,152 ----a-w C:\WINDOWS\nircmd.exe
2006-07-21 08:24:43 72,704 ----a-w C:\WINDOWS\system32\hlink.dll
2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2006-06-22 05:06:30 1,435,648 ----a-w C:\WINDOWS\system32\query.dll
2006-06-22 05:06:29 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
2006-06-16 18:34:44 48,936 ----a-w C:\WINDOWS\system32\sirenacm.dll
2006-06-14 09:00:45 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2006-06-14 08:47:46 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
2006-06-14 08:47:45 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
2006-05-22 16:32:04 225,280 ----a-w C:\WINDOWS\system32\cpwsave.exe
2006-05-05 09:47:57 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2006-05-05 09:41:45 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2006-04-27 02:32:34 49,152 ----a-w C:\WINDOWS\system32\uninscpw.exe
2006-04-27 02:32:28 81,920 ----a-w C:\WINDOWS\system32\cpwmon2k.dll
2006-04-26 22:37:45 73,728 ----a-w C:\WINDOWS\system32\HCPS98Tool.dll
2006-04-26 22:37:45 49,152 ----a-w C:\WINDOWS\system32\HCPSST.dll
2006-04-26 22:37:45 217,088 ----a-w C:\WINDOWS\system32\HCPSTool.dll
2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2006-03-17 00:38:01 28,672 ------w C:\WINDOWS\system32\verclsid.exe
2006-03-17 00:33:10 262,784 ----a-w C:\WINDOWS\system32\drivers\http.sys
2006-03-01 19:42:42 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll
2006-03-01 19:42:42 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll
2006-03-01 19:42:42 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
2006-03-01 19:42:42 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll
2006-03-01 19:42:42 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
2006-03-01 19:42:42 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
2006-02-28 16:41:34 61,440 ----a-w C:\WINDOWS\system32\dns-sd.exe
2006-02-28 16:41:22 53,248 ----a-w C:\WINDOWS\system32\dnssd.dll
2006-02-15 00:22:26 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
2006-02-03 07:57:04 407,680 ----a-w C:\Install_AIM.exe
2006-01-26 18:00:12 524,288 ----a-w C:\WINDOWS\system32\HCPSMng.exe
2006-01-20 01:41:52 10,368 ----a-r C:\WINDOWS\system32\drivers\pfc.sys
2006-01-04 03:35:05 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll
2005-12-29 02:54:35 280,064 ----a-w C:\WINDOWS\system32\gdi32.dll
2005-12-28 14:32:00 53,248 ----a-w C:\WINDOWS\PalmDevC.dll
2005-12-28 14:31:59 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2005-12-06 01:44:04 10,920 ----a-w C:\aolconnfix.exe
2005-11-11 21:43:52 80,640 ----a-w C:\WINDOWS\system32\drivers\MpFirewall.sys
2005-11-11 21:38:50 9,216 ----a-w C:\WINDOWS\system32\MpfApi.dll
2005-11-08 02:41:02 281 ----a-w C:\WINDOWS\EReg072.dat
2005-10-20 22:20:03 1,082,368 ----a-w C:\WINDOWS\system32\esent.dll
2005-10-18 15:08:04 349,760 ----a-w C:\WINDOWS\system32\mcinsctl.dll
2005-10-17 21:14:46 118,272 ----a-w C:\WINDOWS\system32\t2embed.dll
2005-10-17 21:14:45 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll
2005-10-06 00:05:59 1,839,488 ----a-w C:\WINDOWS\system32\win32k.sys
2005-09-20 15:00:54 1,302,332 ----a-w C:\WINDOWS\system32\drivers\ialmnt5.sys
2005-09-20 14:59:56 900,218 ----a-w C:\WINDOWS\system32\ialmdd5.dll
2005-09-20 14:52:38 36,990 ----a-w C:\WINDOWS\system32\ialmrnt5.dll
2005-09-20 14:52:36 49,152 ----a-w C:\WINDOWS\system32\ialmrem.dll
2005-09-20 14:52:34 61,440 ----a-w C:\WINDOWS\system32\iAlmCoIn_v4396.dll
2005-09-20 14:52:32 118,395 ----a-w C:\WINDOWS\system32\ialmdnt5.dll
2005-09-20 14:52:22 213,274 ----a-w C:\WINDOWS\system32\ialmdev5.dll
2005-09-20 14:44:50 524,288 ----a-w C:\WINDOWS\system32\igldev32.dll
2005-09-20 14:43:00 2,310,144 ----a-w C:\WINDOWS\system32\iglicd32.dll
2005-09-20 14:37:06 40,960 ----a-w C:\WINDOWS\system32\ialmuTRK.dll
2005-09-20 14:37:06 40,960 ----a-w C:\WINDOWS\system32\ialmuTHA.dll
2005-09-20 14:37:06 40,960 ----a-w C:\WINDOWS\system32\ialmuSVE.dll
2005-09-20 14:37:06 40,960 ----a-w C:\WINDOWS\system32\ialmuRUS.dll
2005-09-20 14:37:06 40,960 ----a-w C:\WINDOWS\system32\ialmuPTG.dll
2005-09-20 14:37:06 40,960 ----a-w C:\WINDOWS\system32\ialmuPTB.dll
2005-09-20 14:37:06 40,960 ----a-w C:\WINDOWS\system32\ialmuHUN.dll
2005-09-20 14:37:06 40,960 ----a-w C:\WINDOWS\system32\ialmuELL.dll
2005-09-20 14:37:06 40,960 ----a-w C:\WINDOWS\system32\ialmuCSY.dll
2005-09-20 14:37:04 40,960 ----a-w C:\WINDOWS\system32\ialmuPLK.dll
2005-09-20 14:37:04 40,960 ----a-w C:\WINDOWS\system32\ialmuNOR.dll
2005-09-20 14:37:04 40,960 ----a-w C:\WINDOWS\system32\ialmuNLD.dll
2005-09-20 14:37:04 40,960 ----a-w C:\WINDOWS\system32\ialmuKOR.dll
2005-09-20 14:37:04 40,960 ----a-w C:\WINDOWS\system32\ialmuJPN.dll
2005-09-20 14:37:04 40,960 ----a-w C:\WINDOWS\system32\ialmuITA.dll
2005-09-20 14:37:04 40,960 ----a-w C:\WINDOWS\system32\ialmuHEB.dll
2005-09-20 14:37:04 40,960 ----a-w C:\WINDOWS\system32\ialmuFRC.dll
2005-09-20 14:37:04 40,960 ----a-w C:\WINDOWS\system32\ialmuFRA.dll
2005-09-20 14:37:02 40,960 ----a-w C:\WINDOWS\system32\ialmuFIN.dll
2005-09-20 14:37:02 40,960 ----a-w C:\WINDOWS\system32\ialmuESP.dll
2005-09-20 14:37:02 40,960 ----a-w C:\WINDOWS\system32\ialmuENG.dll
2005-09-20 14:37:02 40,960 ----a-w C:\WINDOWS\system32\ialmuDEU.dll
2005-09-20 14:37:02 40,960 ----a-w C:\WINDOWS\system32\ialmuDAN.dll
2005-09-20 14:37:02 40,960 ----a-w C:\WINDOWS\system32\ialmuCHT.dll
2005-09-20 14:37:02 40,960 ----a-w C:\WINDOWS\system32\ialmuCHS.dll
2005-09-20 14:37:02 40,960 ----a-w C:\WINDOWS\system32\ialmuARB.dll
2005-09-20 14:37:00 40,960 ----a-w C:\WINDOWS\system32\ialmuARA.dll
2005-09-20 14:37:00 114,688 ----a-w C:\WINDOWS\system32\ialmudlg.exe
2005-09-20 14:36:20 114,688 ----a-w C:\WINDOWS\system32\igfxpers.exe
2005-09-20 14:36:14 94,208 ----a-w C:\WINDOWS\system32\igfxext.exe
2005-09-20 14:36:14 40,960 ----a-w C:\WINDOWS\system32\igfxexps.dll
2005-09-20 14:36:08 114,688 ----a-w C:\WINDOWS\system32\igfxzoom.exe
2005-09-20 14:35:40 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
2005-09-20 14:35:28 1,503,232 ----a-w C:\WINDOWS\system32\igfxress.dll
2005-09-20 14:35:24 147,456 ----a-w C:\WINDOWS\system32\igfxpph.dll
2005-09-20 14:35:02 446,464 ----a-w C:\WINDOWS\system32\igfxcfg.exe
2005-09-20 14:32:30 86,016 ----a-w C:\WINDOWS\system32\igfxdo.dll
2005-09-20 14:32:24 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
2005-09-20 14:32:16 57,344 ----a-w C:\WINDOWS\system32\igfxsrvc.dll
2005-09-20 14:32:16 159,744 ----a-w C:\WINDOWS\system32\igfxsrvc.exe
2005-09-20 14:31:32 135,168 ----a-w C:\WINDOWS\system32\igfxres.dll
2005-09-20 14:31:28 135,168 ----a-w C:\WINDOWS\system32\igfxdev.dll
2005-09-20 14:31:12 73,728 ----a-w C:\WINDOWS\system32\hccutils.dll
2005-09-10 01:53:41 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
2005-09-01 01:41:54 291,840 ----a-w C:\WINDOWS\system32\winsrv.dll
2005-09-01 01:41:53 19,968 ----a-w C:\WINDOWS\system32\linkinfo.dll
2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
2005-08-24 02:44:19 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-08-23 03:35:42 123,392 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
2005-08-22 18:29:46 197,632 ----a-w C:\WINDOWS\system32\netman.dll
2005-08-10 15:22:10 114,464 ----a-w C:\WINDOWS\system32\drivers\naiavf5x.sys
2005-07-26 04:39:49 397,824 ----a-w C:\WINDOWS\system32\rpcss.dll
2005-07-26 04:39:49 37,888 ----a-w C:\WINDOWS\system32\olecnv32.dll
2005-07-26 04:39:49 101,376 ----a-w C:\WINDOWS\system32\txflog.dll
2005-07-26 04:39:48 74,752 ----a-w C:\WINDOWS\system32\olecli32.dll
2005-07-26 04:39:48 1,285,120 ----a-w C:\WINDOWS\system32\ole32.dll
2005-07-26 04:39:45 540,160 ----a-w C:\WINDOWS\system32\comuid.dll
2005-07-26 04:39:45 243,200 ----a-w C:\WINDOWS\system32\es.dll
2005-07-26 04:39:44 97,792 ----a-w C:\WINDOWS\system32\comrepl.dll
2005-07-26 04:39:44 1,267,200 ----a-w C:\WINDOWS\system32\comsvcs.dll
2005-07-26 04:39:43 625,152 ----a-w C:\WINDOWS\system32\catsrvut.dll
2005-07-26 04:39:43 60,416 ----a-w C:\WINDOWS\system32\colbact.dll
2005-07-26 04:39:43 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll
2005-07-26 04:39:43 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
2005-07-26 04:39:42 225,792 ----a-w C:\WINDOWS\system32\catsrv.dll
2005-07-08 16:27:56 249,344 ----a-w C:\WINDOWS\system32\tapisrv.dll
2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2005-06-29 01:46:00 254,976 ----a-w C:\WINDOWS\system32\icm32.dll
2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
2005-06-15 17:49:30 295,936 ----a-w C:\WINDOWS\system32\kerberos.dll
2005-06-10 23:53:32 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
2005-06-10 04:09:46 139,528 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2005-06-03 19:38:05 50,740 ----a-w C:\WINDOWS\system32\xgedsjlr.dll
2005-06-03 19:34:53 263,220 --sh--w C:\WINDOWS\system32\geeda.dll
2005-06-03 19:34:45 263,220 ------w C:\WINDOWS\system32\mljge.dll
2005-06-03 19:14:10 2,580 ----a-w C:\WINDOWS\system32\grocilya.exe
2005-06-03 18:54:18 2,580 ----a-w C:\WINDOWS\system32\tlmeflsf.exe
2005-06-03 17:20:28 2,580 ----a-w C:\WINDOWS\system32\uyhoexjx.exe
2005-06-03 15:07:10 2,580 ----a-w C:\WINDOWS\system32\udiebylk.exe
2005-06-03 08:44:26 2,580 ----a-w C:\WINDOWS\system32\trswspde.exe
2005-06-03 08:43:25 131,124 ----a-w C:\WINDOWS\system32\kvuwfcnj.dll
2005-06-03 08:40:16 1,584,905 --sh--w C:\WINDOWS\system32\adeeg.bak1
2005-06-03 06:00:41 2,580 ----a-w C:\WINDOWS\system32\uuydnrbq.exe
2005-06-03 05:03:05 2,580 ----a-w C:\WINDOWS\system32\fkocnamv.exe
2005-06-03 04:52:57 931 ----a-w C:\WINDOWS\system32\winpfz32.sys
2005-06-03 02:07:17 2,580 ----a-w C:\WINDOWS\system32\jkgbaqvk.exe
2005-06-03 00:52:31 2,580 ----a-w C:\WINDOWS\system32\plngsllu.exe
2005-06-03 00:40:30 2,580 ----a-w C:\WINDOWS\system32\xsxerteb.exe
2005-06-03 00:01:04 2,580 ----a-w C:\WINDOWS\system32\gdinsffm.exe
2005-06-02 23:00:26 2,580 ----a-w C:\WINDOWS\system32\vurdqkuf.exe
2005-06-02 22:19:34 2,580 ----a-w C:\WINDOWS\system32\pesdslba.exe
2005-06-02 20:46:47 2,580 ----a-w C:\WINDOWS\system32\wvugrrqa.exe
2005-06-02 02:08:03 131,124 ----a-w C:\WINDOWS\system32\aenqboor.dll
2005-06-02 00:54:18 2,580 ----a-w C:\WINDOWS\system32\ctammwli.exe
2005-06-01 22:13:04 39,986 ----a-w C:\DOCUME~1\LETEIA~1.HUG\APPLIC~1\wklnhst.dat
2005-06-01 06:18:43 29,206 ----a-w C:\WINDOWS\system32\ssqppnk.dll
2005-05-31 23:35:17 49,161 ----a-w C:\WINDOWS\system32\mrdsregm.exe
2005-05-31 03:39:12 192,627 ----a-w C:\WINDOWS\system32\nwinsndt.exe
2005-05-31 03:38:51 29,206 ----a-w C:\WINDOWS\system32\rqrsqnl.dll
2005-05-28 05:26:08 29,206 ----a-w C:\WINDOWS\system32\byxvwts.dll
2005-05-28 01:57:56 124,436 ----a-w C:\WINDOWS\system32\dbpqqcls.dll
2005-05-28 01:46:48 29,206 ----a-w C:\WINDOWS\system32\gebcayw.dll
2005-05-27 22:53:43 11,376 ----a-w C:\WINDOWS\system32\drivers\SECDRV.SYS
2005-05-27 22:51:36 577 ----a-w C:\WINDOWS\eReg.dat
2005-05-27 02:04:27 41,472 ----a-w C:\WINDOWS\system32\hhsetup.dll
2005-05-27 02:04:27 155,136 ----a-w C:\WINDOWS\system32\itircl.dll
2005-05-27 02:04:27 137,216 ----a-w C:\WINDOWS\system32\itss.dll
2005-05-26 23:22:01 10,752 -c--a-w C:\WINDOWS\hh.exe
2005-05-26 08:16:30 465,176 ----a-w C:\WINDOWS\system32\wuapi.dll
2005-05-26 08:16:30 41,240 ----a-w C:\WINDOWS\system32\wups.dll
2005-05-26 08:16:30 194,328 ----a-w C:\WINDOWS\system32\wuaueng1.dll
2005-05-26 08:16:30 18,200 ----a-w C:\WINDOWS\system32\wups2.dll
2005-05-26 08:16:30 173,536 ----a-w C:\WINDOWS\system32\wuweb.dll
2005-05-26 08:16:30 172,312 ----a-w C:\WINDOWS\system32\wuauclt1.exe
2005-05-26 08:16:30 127,256 ----a-w C:\WINDOWS\system32\wucltui.dll
2005-05-26 08:16:30 124,184 ----a-w C:\WINDOWS\system32\wuauclt.exe
2005-05-26 08:16:30 1,343,768 ----a-w C:\WINDOWS\system32\wuaueng.dll
2005-05-26 08:16:24 75,544 ----a-w C:\WINDOWS\system32\cdm.dll
2005-05-26 08:16:24 198,424 ----a-w C:\WINDOWS\system32\iuengine.dll
2005-05-26 03:03:53 3,665,442 --sh--r C:\AVG7DB_F.DAT
2005-05-26 03:01:49 4 ----a-w C:\WINDOWS\system32\stfv.bin
2005-05-25 21:41:03 12 ----a-w C:\WINDOWS\system32\sl.bin
2005-05-25 21:40:14 12 ----a-w C:\WINDOWS\system32\gtv_sd.bin
2005-05-24 23:23:32 288,320 ----a-w C:\WINDOWS\system32\mcgdmgr.dll
2005-05-15 02:29:18 73 ----a-w C:\WINDOWS\system32\ssprs.dll
2005-05-15 02:29:17 205 ----a-w C:\WINDOWS\system32\lsprst7.dll
2005-05-10 23:45:48 75,776 ----a-w C:\WINDOWS\system32\telnet.exe
2005-05-04 18:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
2005-04-27 23:24:28 64,072 ----a-w C:\DOCUME~1\LETEIA~1.HUG\APPLIC~1\GDIPFONTCACHEV1.DAT
2005-04-25 12:16:03 253,952 ------w C:\WINDOWS\SBCDSL.exe
2005-03-21 19:00:22 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2005-03-21 19:00:22 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
2005-03-21 19:00:22 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
2005-03-21 19:00:22 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
2005-03-09 03:39:45 335 ----a-w C:\WINDOWS\nsreg.dat
2005-03-04 09:45:19 1,025 ----a-w C:\WINDOWS\system32\sysprs7.dll
2005-03-04 09:45:19 1,025 ----a-w C:\WINDOWS\system32\clauth2.dll
2005-03-04 09:45:19 1,025 ----a-w C:\WINDOWS\system32\clauth1.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 16:42]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 09:50]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 09:50]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-08 22:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 11:49]
"Dell Photo AIO Printer 942"="C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2004-08-31 15:18]
"DellMCM"="C:\Program Files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 15:08]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 01:52]
"tgcmd"="C:\Program Files\support.com\bin\tgcmd.exe" [2002-04-24 20:37]
"HostManager"="C:\Program Files\Common Files\AOL\1124131373\ee\AOLSoftware.exe" [2006-09-25 19:52]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-05 23:08]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02]
"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe" [2004-07-29 15:55]
"_AntiSpyware"="C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe" [2004-11-15 00:00]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"Genuine"="C:\WINDOWS\system32\kvuwfcnj.dll" [2005-06-03 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-06-16 13:38]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-09-25 19:52]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-03-18 17:18]
"krkw"="C:\PROGRA~1\COMMON~1\krkw\krkwm.exe" [2006-07-19 13:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcayw]
gebcayw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeda]
C:\WINDOWS\system32\geeda.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2005-06-03 17:16:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2006-12-16 02:00:00 C:\WINDOWS\tasks\McAfee AntiSpyware.job
2005-06-03 19:28:58 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DANELL80-Leteia D. Hughley).job

********************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...


********************************************************************

Completion time: 2005-06-03 3:48:20

--- E O F ---




And here is the NEW HIJACK THIS LOG



Logfile of HijackThis v1.99.1
Scan saved at 6:46:13 AM, on 6/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\COMMON~1\krkw\krkwm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Leteia D. Hughley\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myspace.com/index.cfm?fuseacti...586C6F417431630
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124131373\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\jfvvjorc.dll",realset
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [krkw] C:\PROGRA~1\COMMON~1\krkw\krkwm.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office 2\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:57 PM

Posted 03 June 2007 - 06:58 PM

Hi,

Great, :thumbsup: now do the Virus Total online scans in my previous post.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 JMICBLAZER

JMICBLAZER
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 03 June 2007 - 07:07 PM

Hi SIFUMIKE , thankyou for your help so far. right now im in the process of doing the scans as instructed

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:57 PM

Posted 03 June 2007 - 07:28 PM

Looking over your lastest log, I notice that these files are gone and several items are missing from your Hijackthis log. :thumbsup:

C\WINDOWS\system32\nwinsndt.exe
C:\windows\system32\mrdsregm.exe
C:\WINDOWS\system32\aenqboor.dll
C:\Documents and Settings\Leteia D. Hughley\Local Settings\Temp\TICHD003.exe



I dont see where ComboFix removed these files.
Have you been fixing these yourself?
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 JMICBLAZER

JMICBLAZER
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 03 June 2007 - 07:39 PM

I WAS JUST NOTICING THE SAME THING... NO WAY THE LAST THING ID DO IS MOVE AROUND SOME SYSTEM FILES... I HAVE NO IDEA?

I did a search on
TICHD003.exe

and it showed up in a diffrent folder? is this the file or is it something diffrent seacrch results as follows TICHD003.EXE3B6B195E.pf ?????


also nwinsndt.exe and aenqboor.dll arent missing on my end i have logs for both of those.. just not the other 2

#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:57 PM

Posted 03 June 2007 - 07:43 PM

For some strange reason they did not appear on the last Hijackthis log you posted, so please post a fresh Hijackthis log. Hopefully they are there.

TICHD003.exe is in a temp file. When we delete the temp files it should be deleted.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 JMICBLAZER

JMICBLAZER
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 03 June 2007 - 07:50 PM

STATUS: FINISHEDComplete scanning result of "aenqboor.dll", received in VirusTotal at 06.04.2007, 02:14:49 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.31.2 06.01.2007 no virus found
AntiVir 7.4.0.29 06.03.2007 ADSPY/Virtumonde.KG
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 06.04.2007 no virus found
AVG 7.5.0.467 06.03.2007 no virus found
BitDefender 7.2 06.04.2007 no virus found
CAT-QuickHeal 9.00 06.02.2007 no virus found
ClamAV devel-20070416 06.04.2007 Trojan.Packed-7
DrWeb 4.33 06.04.2007 Trojan.Virtumod
eSafe 7.0.15.0 06.03.2007 no virus found
eTrust-Vet 30.7.3688 06.03.2007 no virus found
Ewido 4.0 06.03.2007 no virus found
FileAdvisor 1 06.04.2007 no virus found
Fortinet 2.85.0.0 06.02.2007 suspicious
F-Prot 4.3.2.48 06.01.2007 no virus found
F-Secure 6.70.13030.0 06.04.2007 no virus found
Ikarus T3.1.1.8 06.03.2007 no virus found
Kaspersky 4.0.2.24 06.04.2007 not-a-virus:AdWare.Win32.Virtumonde.kg
McAfee 5044 06.01.2007 no virus found
Microsoft 1.2503 06.03.2007 no virus found
NOD32v2 2305 06.01.2007 no virus found
Norman 5.80.02 06.01.2007 Vundo.gen25
Panda 9.0.0.4 06.03.2007 no virus found
Prevx1 V2 06.04.2007 no virus found
Sophos 4.18.0 06.01.2007 Virtumundo
Sunbelt 2.2.907.0 05.30.2007 VIPRE.Suspicious
Symantec 10 06.04.2007 no virus found
TheHacker 6.1.6.128 05.31.2007 no virus found
VBA32 3.12.0 06.03.2007 no virus found
VirusBuster 4.3.23:9 06.03.2007 Adware.Vundo.Gen!Pac.14
Webwasher-Gateway 6.0.1 06.03.2007 Ad-Spyware.Virtumonde.KG


Aditional Information
File size: 131124 bytes
MD5: 797a3520710f73ddc21dcc9f3bab4b30
SHA1: 263fc94c95065502e0d5ccd68d9ae6ee1c874e03
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.






STATUS: FINISHEDComplete scanning result of "nwinsndt.exe", received in VirusTotal at 06.04.2007, 02:41:12 (CET).


Antivirus Version Update Result
AhnLab-V3 2007.5.31.2 06.01.2007 no virus found
AntiVir 7.4.0.29 06.03.2007 ADSPY/ZenoSearch.T
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 06.04.2007 no virus found
AVG 7.5.0.467 06.03.2007 Adware Generic2.CTC
BitDefender 7.2 06.04.2007 no virus found
CAT-QuickHeal 9.00 06.02.2007 no virus found
ClamAV devel-20070416 06.04.2007 Adware.ZenoSearch
DrWeb 4.33 06.04.2007 no virus found
eSafe 7.0.15.0 06.03.2007 no virus found
eTrust-Vet 30.7.3688 06.03.2007 no virus found
Ewido 4.0 06.03.2007 no virus found
FileAdvisor 1 06.04.2007 no virus found
Fortinet 2.85.0.0 06.02.2007 no virus found
F-Prot 4.3.2.48 06.01.2007 no virus found
F-Secure 6.70.13030.0 06.04.2007 no virus found
Ikarus T3.1.1.8 06.03.2007 no virus found
Kaspersky 4.0.2.24 06.04.2007 no virus found
McAfee 5044 06.01.2007 potentially unwanted program Adware-Zeno
Microsoft 1.2503 06.03.2007 Adware:Win32/ZenoSearch
NOD32v2 2305 06.01.2007 no virus found
Norman 5.80.02 06.01.2007 no virus found
Panda 9.0.0.4 06.03.2007 Suspicious file
Prevx1 V2 06.04.2007 no virus found
Sophos 4.18.0 06.01.2007 ZenoSearch
Sunbelt 2.2.907.0 05.30.2007 no virus found
Symantec 10 06.04.2007 Adware.ZenoSearch
TheHacker 6.1.6.128 05.31.2007 no virus found
VBA32 3.12.0 06.03.2007 no virus found
VirusBuster 4.3.23:9 06.03.2007 no virus found
Webwasher-Gateway 6.0.1 06.03.2007 Ad-Spyware.ZenoSearch.T


Aditional Information
File size: 192627 bytes
MD5: 8c062f9766916966e8993b729aa5fe78
SHA1: 773d4448569dedcb918b7c9ef86c07dafe03e508

#13 JMICBLAZER

JMICBLAZER
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 03 June 2007 - 07:52 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:43:44 AM, on 6/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\COMMON~1\krkw\krkwm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Leteia D. Hughley\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myspace.com/index.cfm?fuseacti...586C6F417431630
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124131373\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\jfvvjorc.dll",realset
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [krkw] C:\PROGRA~1\COMMON~1\krkw\krkwm.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office 2\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#14 JMICBLAZER

JMICBLAZER
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 03 June 2007 - 07:58 PM

The other 2 files seem to be missing.. i did a system search for the files

the only thing i found was TICHD003.EXE-3B6B195E.pf
but not as a temp as you instructed? not sure whats the problem, but i did post the other 2 results for you and the new HIJACK this LOG

#15 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:57 PM

Posted 03 June 2007 - 09:06 PM

Hi JMICBLAZER,

Disable AVG Antispyware guard while we use Hijackthis.

To disable disable AVG Antispyware guard:

Open AVG Antispyware and in the main window click "Resident Shield", then toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
When you reboot, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the guard?".
Reply 'No' and set it to 'inactive'


Download CCleaner and install it. (default location is best). Do not run it yet!

CCleaner Tutorial


*******************************************

How to Reboot into Safe Mode
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key. If that does not work this go to this site: http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/



Please boot into Safe Mode and select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix."

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\jfvvjorc.dll",realset


*******************************************

Next, we're going on a file hunt.
Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'

Don't use the windows start\search feature
Using Windows Explorer, find and delete each of the following. If you can't delete an item, right-click it and click properties. Make sure 'read-only' is unchecked.
If you still can't delete something, right-click it and rename it to a random word. Then drag the item to a different location. Try deleting it now. If you still can't, be sure to let me know.

Using Windows Explorer, delete the following files/folders in bold (Do not be concerned if they do not exist)

C\WINDOWS\system32\nwinsndt.exe <==file
C:\WINDOWS\system32\aenqboor.dll <==file
C:\WINDOWS\system32\jfvvjorc.dll <==file
C:\WINDOWS\b128.exe <==file
C:\WINDOWS\b129.exe <==file

*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

CAUTION: Please do NOT use the Issues button. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

Now we backup the registry.

Go to Start > Run
Type:regedit
Click OK.
  • On the leftside, click to highlight My Computer at the top.
  • Go up to "File > Export"
    • Make sure in that window there is a tick next to "All" under Export Branch.
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put backup
  • Choose to save it to C:\ or somewhere else safe so that you will remember where you put it (don't put it on the desktop!)
  • Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.
  • Click Start » Run » type: Notepad » OK
  • Copy (Ctrl+C) and paste (Ctrl+V) the following text inside the code box below (starting with REGEDIT4) to Notepad. (Be sure to use Notepad, not Wordpad, otherwise it won't work).

    REGEDIT4 
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcayw]
    
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeda]

  • Make sure there are no blank spaces before REGEDIT4 and there should be one blank line at the end.
  • Click File at the top and then choose Save As.
  • Change Save As Type to All Files.
  • Name it FixME.reg and save it on your desktop.
  • Its icon should look like this : Posted Image
  • Double click FixME.reg. It will ask you if you want to merge it to the registry, click Yes.
*******************************************


Reboot to the Normal Mode.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of  Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language  jre-6-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.
Run ComboFix again.

Post a new Hijackthis log, and the ComboFix log.

Edited by SifuMike, 03 June 2007 - 09:14 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users