MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: HJT Log - Need Help!!
October 15, 2019, 09:12:16 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
October 15, 2019, 09:12:16 AM

Login with username, password and session length
 
News
New  Looking for cheap hardware and/or software?
Visit our new Online Store where you will be able to purchase from a reputable vendor by country.
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: HJT Log - Need Help!!  (Read 2353 times)
Dadu4you
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 8


Bookmark and Share

View Profile
« on: March 07, 2008, 02:39:18 PM »

I continue to get redirects every time I use IE and it seems to kill AVG scan for some things.

HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:39 PM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YVAB03UL\HiJackThis[2].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: {cf74615a-62b6-ceb8-5a34-d2eef8052556} - {6552508f-ee2d-43a5-8bec-6b26a51647fc} - C:\WINDOWS\system32\kjjrmhgj.dll
O2 - BHO: (no name) - {698D28B1-B542-4E45-83E5-6628BB79F111} - C:\WINDOWS\system32\ssqpp.dll
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {f04e5d5c-1dd1-11b2-bef9-d3f2cb4587c9} - C:\WINDOWS\irivkdcr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BMcf4703a8] Rundll32.exe "C:\WINDOWS\system32\fkcixmoq.dll",s
O4 - HKLM\..\Run: [mjwtqfct] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\mjwtqfct.dll"
O4 - HKLM\..\Run: [cc743034] rundll32.exe "C:\WINDOWS\system32\uwmajnux.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2392] command /c del "C:\Documents and Settings\All Users\Start Menu\Programs\NoAdware\NoAdware .lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9854] cmd /c del "C:\Documents and Settings\All Users\Start Menu\Programs\NoAdware\NoAdware .lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4294] command /c del "C:\Documents and Settings\All Users\Start Menu\Programs\NoAdware\Uninstall NoAdware .lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9914] cmd /c del "C:\Documents and Settings\All Users\Start Menu\Programs\NoAdware\Uninstall NoAdware .lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8225] command /c del "C:\PROGRAM FILES\NOADWARE5.0\NoAdware5.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD46] cmd /c del "C:\PROGRAM FILES\NOADWARE5.0\NoAdware5.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5510] command /c del "C:\PROGRAM FILES\NOADWARE5.0\nutils.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD611] cmd /c del "C:\PROGRAM FILES\NOADWARE5.0\nutils.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7475] command /c del "C:\PROGRAM FILES\NOADWARE5.0\unins000.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6685] cmd /c del "C:\PROGRAM FILES\NOADWARE5.0\unins000.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5559] command /c del "C:\WINDOWS\system32\tuvvsst.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1758] cmd /c del "C:\WINDOWS\system32\tuvvsst.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5246/mcfscan.cab
O20 - Winlogon Notify: tuvvsst - tuvvsst.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9639 bytes



Please post here with any help or write to me at Dadu4you@yahoo.com

Thanks a bunch.
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: March 08, 2008, 12:23:54 AM »

 Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.

=================================


Ok.We also need to download ComboFix.exe.

Please visit this webpage for download links, and instructions for running the tool


When the tool is finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a security analyst.

Logged

An Australian Member of

EDDY
Dadu4you
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 8


Bookmark and Share

View Profile
« Reply #2 on: March 09, 2008, 02:06:11 AM »

Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.

=================================


Ok.We also need to download ComboFix.exe.

Please visit this webpage for download links, and instructions for running the tool


When the tool is finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a security analyst.


Logged
Dadu4you
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 8


Bookmark and Share

View Profile
« Reply #3 on: March 09, 2008, 02:11:02 AM »

ComboFix 08-03-08.1 - Bennett Davis 2008-03-08 20:52:40.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.521 [GMT -5:00]
Running from: C:\Documents and Settings\Bennett Davis\Local Settings\Temporary Internet Files\Content.IE5\WX2B0TQ3\ComboFix[1].exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin4.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin5.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin6.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin7.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin8.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin9.zip
C:\Documents and Settings\Bennett Davis\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\Bennett Davis\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\WINDOWS\BMcf4703a8.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bdaqyrsd.ini
C:\WINDOWS\system32\cahprmkq.dll
C:\WINDOWS\system32\dfhttvks.dll
C:\WINDOWS\system32\fkcixmoq.dll
C:\WINDOWS\system32\jaonrqbs.ini
C:\WINDOWS\system32\jtkelucv.ini
C:\WINDOWS\system32\kreaexoe.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ppqss.ini2
C:\WINDOWS\system32\rbadhayv.ini
C:\WINDOWS\system32\sxcadtfk.ini
C:\WINDOWS\system32\tkfipjrn.ini
C:\WINDOWS\system32\ugdovqyq.dll
C:\WINDOWS\system32\wcqrkffx.dll
C:\WINDOWS\system32\yhqyfhmj.dll

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
(((((((((((((((((((((((((   Files Created from 2008-02-09 to 2008-03-09  )))))))))))))))))))))))))))))))
.

2008-03-08 20:28 . 2008-03-08 20:28   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-03-08 20:23 . 2008-03-08 20:43   1,307,621   --ahs----   C:\WINDOWS\system32\jdfommvm.ini
2008-03-08 20:22 . 2008-03-08 20:45   <DIR>   d--------   C:\SDFix
2008-03-07 18:43 . 2008-03-08 08:41   1,305,535   --ahs----   C:\WINDOWS\system32\fswxvubp.ini
2008-03-06 20:48 . 2008-03-06 20:48   <DIR>   d--------   C:\WINDOWS\McAfee.com
2008-03-06 18:43 . 2008-03-07 16:13   1,305,415   --ahs----   C:\WINDOWS\system32\xunjamwu.ini
2008-03-05 14:52 . 2008-03-05 14:47   691,545   --a------   C:\WINDOWS\unins000.exe
2008-03-05 14:52 . 2008-03-05 14:52   2,551   --a------   C:\WINDOWS\unins000.dat
2008-03-05 14:00 . 2008-03-05 14:01   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-05 09:17 . 2008-03-06 18:37   1,305,295   --ahs----   C:\WINDOWS\system32\cequjpaq.ini
2008-03-03 20:52 . 2008-03-05 09:13   1,304,806   --ahs----   C:\WINDOWS\system32\gjfvpbqy.ini
2008-03-02 22:40 . 2008-03-02 22:40   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-03-02 21:02 . 2008-03-02 21:02   <DIR>   d---s----   C:\Documents and Settings\Administrator\UserData
2008-03-02 20:51 . 2008-03-03 20:04   1,302,622   --ahs----   C:\WINDOWS\system32\juregkxb.ini
2008-03-02 13:08 . 2008-03-02 13:08   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-03-02 13:00 . 2008-03-02 14:42   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\AVG7
2008-03-01 18:25 . 2008-03-02 15:30   3,626,923   --ahs----   C:\WINDOWS\system32\tmjdtdag.ini
2008-03-01 17:38 . 2008-03-01 17:38   89,107   --a------   C:\WINDOWS\xgrwdyxw.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 01:49   ---------   d-----w   C:\Documents and Settings\Bennett Davis\Application Data\OpenOffice.org2
2008-03-09 01:43   ---------   d-----w   C:\Documents and Settings\Bennett Davis\Application Data\AVG7
2008-03-06 00:06   ---------   d-----w   C:\Program Files\Eusing Free Registry Cleaner
2008-03-05 19:59   ---------   d-----w   C:\Program Files\Spybot - Search & Destroy
2008-03-05 19:01   ---------   d-----w   C:\Program Files\Lavasoft
2008-03-05 19:01   ---------   d-----w   C:\Documents and Settings\Bennett Davis\Application Data\Lavasoft
2008-03-02 12:44   ---------   d-----w   C:\Program Files\Windows Plus
2008-01-15 02:45   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-03-04 21:35   56   --sh--r   C:\WINDOWS\system32\DB981014BB.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFB491AE-22A0-402F-9B97-DE83231CFF7A}]
         C:\WINDOWS\system32\ssqpp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba809d75-3aff-4109-9902-37edc765e433}]
         C:\WINDOWS\system32\upajblkv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f04e5d5c-1dd1-11b2-bef9-d3f2cb4587c9}]
         C:\WINDOWS\irivkdcr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2006-11-16 16:42 1327104]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 10:29 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 23:20 339968 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-18 13:48 26112]
"MMTray"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe" [2005-09-08 19:20 110592]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 17:34 106496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-06 18:38 579072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-23 17:57 155648]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280]
"cc743034"="C:\WINDOWS\system32\mvmmofdj.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 14:05 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 05:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Bennett Davis\Start Menu\Programs\Startup\
IMVU.lnk - C:\Program Files\IMVU\IMVUQualityAgent.exe [2007-06-26 12:08:14 18176]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 17:42:22 61440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2006-04-18 13:47:40 156784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-18 13:45:34 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvsst]
tuvvsst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2007-09-25 12:40:40 C:\WINDOWS\Tasks\Registry Repair4.job"
- C:\Program Files\StompSoft\RegistryRepair4\Registry Repair.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 20:57:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-03-08 21:00:20 - machine was rebooted
ComboFix-quarantined-files.txt  2008-03-09 02:00:17
.
2008-02-13 03:12:24   --- E O F --- 



Logged
Dadu4you
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 8


Bookmark and Share

View Profile
« Reply #4 on: March 09, 2008, 02:16:48 AM »

New HJT log after SD fix and Combo fix were run


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:51 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AFB491AE-22A0-402F-9B97-DE83231CFF7A} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O2 - BHO: {334e567c-de73-2099-9014-ffa357d908ab} - {ba809d75-3aff-4109-9902-37edc765e433} - C:\WINDOWS\system32\upajblkv.dll (file missing)
O2 - BHO: (no name) - {f04e5d5c-1dd1-11b2-bef9-d3f2cb4587c9} - C:\WINDOWS\irivkdcr.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [cc743034] rundll32.exe "C:\WINDOWS\system32\mvmmofdj.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUQualityAgent.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZCxdm869YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5246/mcfscan.cab
O20 - Winlogon Notify: tuvvsst - tuvvsst.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://us.js2.yimg.com/us.js.yimg.com/lib/pim/r/medici/13_15/mail/mailcommonlib.js

--
End of file - 9609 bytes
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #5 on: March 09, 2008, 05:45:32 AM »

Before we continue any further........


We need to install your Recovery Console first.
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System





Download the file  & save it as its originally named, next to ComboFix.exe. 






Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log. 







Logged

An Australian Member of

EDDY
Dadu4you
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 8


Bookmark and Share

View Profile
« Reply #6 on: March 09, 2008, 08:36:21 PM »

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #7 on: March 09, 2008, 10:21:25 PM »

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.


O2 - BHO: (no name) - {AFB491AE-22A0-402F-9B97-DE83231CFF7A} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O2 - BHO: {334e567c-de73-2099-9014-ffa357d908ab} - {ba809d75-3aff-4109-9902-37edc765e433} - C:\WINDOWS\system32\upajblkv.dll (file missing)
O2 - BHO: (no name) - {f04e5d5c-1dd1-11b2-bef9-d3f2cb4587c9} - C:\WINDOWS\irivkdcr.dll (file missing)
O4 - HKLM\..\Run: [cc743034] rundll32.exe "C:\WINDOWS\system32\mvmmofdj.dll",b
O8 - Extra context menu item: &Search - ?p=ZCxdm869YYUS
O20 - Winlogon Notify: tuvvsst - tuvvsst.dll (file missing)
O24 - Desktop Component 0: (no name) - http://us.js2.yimg.com/us.js.yimg.com/lib/pim/r/medici/13_15/mail/mailcommonlib.js

Reboot...............

==========================

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Quote

Killall::

File::
C:\WINDOWS\system32\jdfommvm.ini
C:\WINDOWS\system32\fswxvubp.ini
C:\WINDOWS\system32\xunjamwu.ini
C:\WINDOWS\system32\cequjpaq.ini
C:\WINDOWS\system32\gjfvpbqy.ini
C:\WINDOWS\system32\juregkxb.ini
C:\WINDOWS\system32\tmjdtdag.ini
C:\WINDOWS\xgrwdyxw.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFB491AE-22A0-402F-9B97-DE83231CFF7A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba809d75-3aff-4109-9902-37edc765e433}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f04e5d5c-1dd1-11b2-bef9-d3f2cb4587c9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cc743034"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvsst]


 

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply  please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Logged

An Australian Member of

EDDY
Dadu4you
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 8


Bookmark and Share

View Profile
« Reply #8 on: March 14, 2008, 12:37:44 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:34 AM, on 3/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUQualityAgent.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5246/mcfscan.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8892 bytes
Logged
Dadu4you
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 8


Bookmark and Share

View Profile
« Reply #9 on: March 14, 2008, 12:38:35 PM »

ComboFix 08-03-09.1 - Bennett Davis 2008-03-14  8:27:17.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.561 [GMT -4:00]
Running from: C:\Documents and Settings\Bennett Davis\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bennett Davis\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
C:\WINDOWS\system32\cequjpaq.ini
C:\WINDOWS\system32\fswxvubp.ini
C:\WINDOWS\system32\gjfvpbqy.ini
C:\WINDOWS\system32\jdfommvm.ini
C:\WINDOWS\system32\juregkxb.ini
C:\WINDOWS\system32\tmjdtdag.ini
C:\WINDOWS\system32\xunjamwu.ini
C:\WINDOWS\xgrwdyxw.exe
.

(((((((((((((((((((((((((   Files Created from 2008-02-14 to 2008-03-14  )))))))))))))))))))))))))))))))
.

2008-03-08 22:15 . 2008-03-08 22:15   <DIR>   d--------   C:\Program Files\Trend Micro
2008-03-08 21:28 . 2008-03-08 21:28   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-03-08 21:22 . 2008-03-08 21:45   <DIR>   d--------   C:\SDFix
2008-03-06 21:48 . 2008-03-06 21:48   <DIR>   d--------   C:\WINDOWS\McAfee.com
2008-03-05 15:52 . 2008-03-05 15:47   691,545   --a------   C:\WINDOWS\unins000.exe
2008-03-05 15:52 . 2008-03-05 15:52   2,551   --a------   C:\WINDOWS\unins000.dat
2008-03-05 15:00 . 2008-03-05 15:01   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-02 23:40 . 2008-03-02 23:40   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-03-02 22:02 . 2008-03-02 22:02   <DIR>   d---s----   C:\Documents and Settings\Administrator\UserData
2008-03-02 14:08 . 2008-03-02 14:08   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-03-02 14:00 . 2008-03-02 15:42   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\AVG7

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 12:00   ---------   d-----w   C:\Documents and Settings\Bennett Davis\Application Data\AVG7
2008-03-14 10:25   ---------   d-----w   C:\Documents and Settings\Bennett Davis\Application Data\OpenOffice.org2
2008-03-06 00:06   ---------   d-----w   C:\Program Files\Eusing Free Registry Cleaner
2008-03-05 19:59   ---------   d-----w   C:\Program Files\Spybot - Search & Destroy
2008-03-05 19:01   ---------   d-----w   C:\Program Files\Lavasoft
2008-03-05 19:01   ---------   d-----w   C:\Documents and Settings\Bennett Davis\Application Data\Lavasoft
2008-03-04 21:54   3,233,280   ----a-w   C:\WINDOWS\Internet Logs\xDBD.tmp
2008-03-02 12:44   ---------   d-----w   C:\Program Files\Windows Plus
2008-01-15 02:45   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-17 22:11   6,744,208   ----a-w   C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-16 18:59   2,694,656   ----a-w   C:\WINDOWS\Internet Logs\xDBB.tmp
2007-12-16 18:59   1,933,824   ----a-w   C:\WINDOWS\Internet Logs\xDBC.tmp
2007-11-27 21:33   2,719,232   ----a-w   C:\WINDOWS\Internet Logs\xDB9.tmp
2007-11-27 21:33   1,911,808   ----a-w   C:\WINDOWS\Internet Logs\xDBA.tmp
2007-11-08 01:59   2,753,536   ----a-w   C:\WINDOWS\Internet Logs\xDB7.tmp
2007-11-08 01:59   1,889,280   ----a-w   C:\WINDOWS\Internet Logs\xDB8.tmp
2007-09-05 00:37   2,930,176   ----a-w   C:\WINDOWS\Internet Logs\xDB6.tmp
2007-07-06 18:11   2,756,096   ----a-w   C:\WINDOWS\Internet Logs\xDB4.tmp
2007-07-06 18:11   1,728,000   ----a-w   C:\WINDOWS\Internet Logs\xDB5.tmp
2007-02-21 03:11   1,614,848   ----a-w   C:\WINDOWS\Internet Logs\xDB3.tmp
2007-02-13 00:30   1,598,976   ----a-w   C:\WINDOWS\Internet Logs\xDB2.tmp
2007-02-11 04:17   2,765,824   ----a-w   C:\WINDOWS\Internet Logs\xDB1.tmp
2007-03-04 21:35   56   --sh--r   C:\WINDOWS\system32\DB981014BB.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-03-08_21.00.02.73   )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 13:00:00   163,328   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 12:00:00   163,328   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 13:00:00   28,160   ----a-w   C:\WINDOWS\Nircmd.exe
+ 2000-08-31 12:00:00   28,160   ----a-w   C:\WINDOWS\Nircmd.exe
- 2008-02-04 23:09:46   18,214,008   ----a-w   C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54   19,148,408   ----a-w   C:\WINDOWS\system32\MRT.exe
- 2007-11-04 12:12:29   53,436   ----a-w   C:\WINDOWS\system32\perfc009.dat
+ 2008-03-09 15:11:10   53,436   ----a-w   C:\WINDOWS\system32\perfc009.dat
- 2007-11-04 12:12:29   381,692   ----a-w   C:\WINDOWS\system32\perfh009.dat
+ 2008-03-09 15:11:10   381,692   ----a-w   C:\WINDOWS\system32\perfh009.dat
- 2000-08-31 13:00:00   161,792   ----a-w   C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 12:00:00   161,792   ----a-w   C:\WINDOWS\system32\swreg.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43 4670704]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2006-11-16 17:42 1327104]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 11:29 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-18 14:48 26112]
"MMTray"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe" [2005-09-08 20:20 110592]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 18:34 106496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-06 19:38 579072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-23 18:57 155648]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02 919280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 15:05 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 06:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Bennett Davis\Start Menu\Programs\Startup\
IMVU.lnk - C:\Program Files\IMVU\IMVUQualityAgent.exe [2007-06-26 13:08:14 18176]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 18:42:22 61440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2006-04-18 14:47:40 156784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-18 14:45:34 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2007-09-25 12:40:40 C:\WINDOWS\Tasks\Registry Repair4.job"
- C:\Program Files\StompSoft\RegistryRepair4\Registry Repair.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 08:32:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-03-14  8:34:52 - machine was rebooted [Bennett Davis]
ComboFix-quarantined-files.txt  2008-03-14 12:34:49
ComboFix2.txt  2008-03-11 12:21:02
.
2008-03-12 04:41:20   --- E O F --- 
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #10 on: March 14, 2008, 09:24:02 PM »

Ok.That looks good.You should be fine now...


This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below  and click OK.

Quote

ComboFix /u




Now that you are clean,and If you wish to do so, here are a few things that you can do that will help keep your computer a bit more clean and secure..they can be done at your leisure.

Download and scan with CCleaner from http://www.ccleaner.com/downloadbuilds.asp

1. Starting with v1.27.260, http://www.ccleaner.com/downloadbuilds.asp installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.

2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
Logged

An Australian Member of

EDDY
Dadu4you
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 8


Bookmark and Share

View Profile
« Reply #11 on: March 15, 2008, 10:34:11 PM »

Your help has been much apporeciated, I was ready to give up and reformat and don'teven know if that would have gotten rid of all the problems. (I've heard otherwise). I will apply all I have learned to another computer that the kids use as well.Thanks again - you provide a tremendous service.
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #12 on: March 15, 2008, 10:42:15 PM »

Your welcome.Glad to help.
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 28, 2018, 11:13:15 PM