WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer Infected With No Idea What It Is

Started by Dj DHoLa , Aug 19 2007 02:08 AM

Please log in to reply

10 replies to this topic

#1 Dj DHoLa

Authentic Member

Authentic Member
24 posts

Posted 19 August 2007 - 02:08 AM

Hey guys,
first of all i want to thank you guys in advance for what you do...this forum has helped me solve many problems with my computer. I have run into a slump and have no idea what has infected my computer....It keeps installing some programs for Go To Casino, Free Online Dating, and Find Spyware Remover. Also something for Ultimate Drive Cleaner comes up and installs itself. I have attached my HiJackThis Log and would once again like to Thank you guys in advance for helping me out with this.

Gautam Singh

P.S. If this is a repost of a previous problem i truly apologize.

Logfile of HijackThis v1.99.1
Scan saved at 1:06:50 AM, on 8/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: it_pl.itunes_pl - {7F916321-2E01-4127-B6A9-28EF4B177475} - C:\WINDOWS\system32\it_pl.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvun.dll,startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\ASEMBL~1\dexplore.exe" -vt yazb
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winexz32 - C:\WINDOWS\SYSTEM32\winexz32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Advertisements

Register to Remove

#2 Markka

Advanced Member

Banned
784 posts

Posted 19 August 2007 - 02:33 AM

Hi and welcome to the forums.

I'm Markka and I will be helping you with your malware issues. I'll check your HijackThis log. Right now I'm MRU Undergrad, everything that I post to you must be checked by teachers of Malware Removal University. Please be patient.

#3 Dj DHoLa

Authentic Member

Authentic Member
24 posts

Posted 19 August 2007 - 02:50 AM

thank you so much

#4 Markka

Advanced Member

Banned
784 posts

Posted 20 August 2007 - 06:20 AM

Hello

I see you're using McAfee and Norton. Why you have two antiviruses running a same time?

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall!
____________________

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
___________________

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Posted Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
____________________
Post:
- A fresh HijackThis log
- Contents of C:\ComboFix.txt
- Contents of C:\rapport.txt
- Uninstall list

#5 Dj DHoLa

Authentic Member

Authentic Member
24 posts

Posted 20 August 2007 - 02:19 PM

hey thank you for the response
i have both norton and mcafee unfortunately neither works due to registration over and repurchasing needed
here are the logs you requested

Combo Fix Log
"DJ DHoLa" - 2007-08-20 12:15:48 Service Pack 2
ComboFix 07-05.26.3.V - Running from: "C:\Documents and Settings\DJ DHoLa\Desktop\MP3\Unsorted\"

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\winexz32.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"C:\Program Files\Common Files\Yazzle1162OinAdmin.exe"
"C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe"
"C:\DOCUME~1\DJDHOL~1\APPLIC~1\Install.dat"
"C:\windows\xpupdate.exe"
"C:\WINDOWS\avp.exe"

Purity Folders:

C:\WINDOWS\ASEMBL~1
C:\DOCUME~1\DJDHOL~1\MYDOCU~1\SMBOLS~1

((((((((((((((((((((((((((((((( Files Created from 2007-07-20 to 2007-08-20 ))))))))))))))))))))))))))))))))))

2007-08-20 12:23 6,456 ---hs---- C:\WINDOWS\SYSTEM32\abadd.bak1
2007-08-20 12:22 266,336 --a------ C:\WINDOWS\SYSTEM32\ddaba.dll
2007-08-20 12:16 43,542 --a------ C:\WINDOWS\SYSTEM32\efcbyab.dll
2007-08-20 12:11 211,456 --a------ C:\Documents and Settings\DJDHOL~1\load.exe
2007-08-20 12:11 211,456 --a------ C:\DOCUME~1\DJDHOL~1\load.exe
2007-08-20 12:11 <DIR> d-------- C:\DOCUME~1\DJDHOL~1\APPLIC~1\Awola
2007-08-19 22:50 15,360 --a------ C:\DOCUME~1\DJDHOL~1\APPLIC~1\nekieefdm.exe
2007-08-19 00:51 94,720 --a------ C:\WINDOWS\SYSTEM32\drvvun.dll
2007-08-19 00:51 15,360 --a------ C:\WINDOWS\SYSTEM32\drvvunr.dll
2007-08-18 19:18 96,512 --a------ C:\Program Files\ucleaner_setup.exe
2007-08-18 19:18 <DIR> d-------- C:\Program Files\Ultimate Cleaner
2007-08-18 19:14 11,776 --a------ C:\WINDOWS\mgrs.exe
2007-08-18 19:14 10,240 --a------ C:\WINDOWS\SYSTEM32\hlpsrv.exe
2007-08-15 15:27 1,782,336 ---hs---- C:\WINDOWS\SYSTEM32\nqtss.bak1
2007-08-15 11:25 <DIR> d-------- C:\Program Files\Magicantispy
2007-08-15 11:21 43,542 --a------ C:\WINDOWS\SYSTEM32\fccbxvs.dll
2007-08-13 16:06 <DIR> d-------- C:\DOCUME~1\DJDHOL~1\APPLIC~1\Ultimate Cleaner
2007-08-13 00:00 22,016 --a------ C:\WINDOWS\SYSTEM32\winosz32(2).dll
2007-08-06 02:53 41,156,608 --a------ C:\Documents and Settings\DJDHOL~1\ntuser.dat
2007-08-06 02:53 41,156,608 --a------ C:\DOCUME~1\DJDHOL~1\ntuser.dat

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-20 08:19:50 -------- d-----w C:\Program Files\DC++
2007-08-18 07:00:10 12 ----a-w C:\WINDOWS\system32\sl.bin
2007-08-15 22:16:37 -------- d-----w C:\Program Files\Steam
2007-07-30 19:08:12 -------- d-----w C:\Program Files\PokerStars
2007-07-19 17:10:56 -------- d-----w C:\Program Files\MSN Messenger
2007-06-29 08:37:00 -------- d-----w C:\Program Files\AV Music Morpher Gold
2007-06-06 07:01:04 12,800 ----a-w C:\WINDOWS\system32\it_pl.dll
2007-06-06 07:01:03 24,576 ----a-w C:\WINDOWS\system32\it_reg.exe
2007-05-26 07:43:30 18,432 ----a-w C:\WINDOWS\sysrlb32.exe
2007-05-26 07:19:44 1,412 ----a-w C:\WINDOWS\system32\tmp.reg
2007-05-23 23:03:08 106,368 ----a-w C:\WINDOWS\opqopo.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2005-11-04 19:29]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 13:17]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2004-05-12 01:03]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2005-08-17 10:40]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}=C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2005-06-27 09:49]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 00:05]
{63C097F6-388A-4813-A938-C68E5D4C7852}=C:\WINDOWS\system32\ddaba.dll [2007-08-20 12:22]
{7F916321-2E01-4127-B6A9-28EF4B177475}=C:\WINDOWS\system32\it_pl.dll [2007-06-06 00:01]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}=C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [2005-03-09 09:55]
{BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2004-08-18 08:44]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 12:33]
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 12:30]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2004-10-25 12:08]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [2004-08-17 19:26]
"2wSysTray"="C:\Program Files\2Wire\2PortalMon.exe" [2004-09-15 01:52]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-20 20:04]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-05 15:14]
"smgr"="mgrs.exe" []
"avp"="C:\WINDOWS\TEMP\win4D.tmp.exe" [2007-08-20 12:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2003-08-01 08:31]
"Steam"="" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-01 16:11]
"Sen"="C:\WINDOWS\ASEMBL~1\dexplore.exe" []
"Microsft Windows Adapter 5.1.3013"="C:\Documents and Settings\DJ DHoLa\Application Data\nekieefdm.exe" [2007-08-19 22:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8DC13F33-719B-46C9-A590-6FA097E0570F}"="C:\WINDOWS\system32\efcbyab.dll" [2007-08-20 12:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddaba]
C:\WINDOWS\system32\ddaba.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbyab]
efcbyab.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bw45Rjc9W]
C:\Program Files\asdfe57\SPBS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
"C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6]
C:\WINDOWS\system32\gah95on6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"C:\Program Files\Internet Optimizer\optimize.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\joyping]
C:\DOCUME~1\DJDHOL~1\APPLIC~1\PLAYNU~1\ErrorRemoteFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogCashDrvSkip]
C:\Documents and Settings\All Users\Application Data\corn link log cash\user start.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Pass]
C:\Program Files\Media Pass\MediaPass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
"C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
rundll32.exe "C:\WINDOWS\opqopo.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McShield"=2 (0x2)
"iPodService"=3 (0x3)
"ColdFusion Management Service"=2 (0x2)
"ColdFusion Management Repository"=2 (0x2)
"ColdFusion Graphing Server"=2 (0x2)
"Cold Fusion RDS"=2 (0x2)
"Cold Fusion Executive"=2 (0x2)
"Cold Fusion Application Server"=2 (0x2)
"ClusterCATS Service"=2 (0x2)

Contents of the 'Scheduled Tasks' folder
2007-08-18 05:51:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-08-20 19:27:00 C:\WINDOWS\tasks\McAfee.com Update Check (DGM5G461-Owner).job
2007-08-20 19:29:00 C:\WINDOWS\tasks\McAfee.com Update Check (DJ-DHOLA-DJ DHoLa).job
2007-08-20 19:29:00 C:\WINDOWS\tasks\McAfee.com Update Check (DJ-DHOLA-Nirmal).job
2007-08-20 19:30:00 C:\WINDOWS\tasks\McAfee.com Update Check (DJ-DHOLA-oTHaZ).job
2005-05-27 05:50:49 C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-20 12:29:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ColdFusion Graphing Server]
"ImagePath"="C:\CFusion\JRun\bin\JRun.exe -jrundir \"C:\CFusion\JRun\" -nt \"JRun default\" \"default\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ColdFusion Management Repository]
"ImagePath"="\"C:\CFusion\jrun\bin\jrun.exe\" -jrundir \"C:\CFusion\jrun\" -nt \"ColdFusion Management Repository\" \"cfam\""

Completion time: 2007-08-20 12:31:34
C:\ComboFix-quarantined-files.txt ... 2007-08-20 12:31
C:\ComboFix2.txt ... 2007-05-26 01:17
C:\ComboFix3.txt ... 2007-05-26 01:04

--- E O F ---

SmitFraud Log
SmitFraudFix v2.188

Scan done at 12:42:26.92, Mon 08/20/2007
Run from C:\Documents and Settings\DJ DHoLa\Desktop\MP3\Unsorted\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\susp.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DJ DHoLa

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DJ DHoLa\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32-xpdt

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Uninstall Manager Log
I did what you asked here and it would not work when i clicked Save List....nothing happened.
So i took screenshots of the list and have posted it below
Posted Image

There ya are hope this helps

#6 Dj DHoLa

Authentic Member

Authentic Member
24 posts

Posted 20 August 2007 - 04:22 PM

a new problem ive also had now is Awola Antispyware installs to my computer automatically and an annoying pop up from my taskbar comes up saying Your computer is infected.

#7 Markka

Advanced Member

Banned
784 posts

Posted 22 August 2007 - 12:26 PM

Hello

i have both norton and mcafee unfortunately neither works due to registration over and repurchasing needed

Go to control panel -> add/remove programs -> Uninstall these:
Norton
McAfee
________________________

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
____________________________

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
___________________

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\SYSTEM32\abadd.bak1
C:\WINDOWS\SYSTEM32\ddaba.dll
C:\WINDOWS\SYSTEM32\efcbyab.dll
C:\Documents and Settings\DJDHOL~1\load.exe
C:\DOCUME~1\DJDHOL~1\APPLIC~1\nekieefdm.exe
C:\WINDOWS\SYSTEM32\drvvun.dll
C:\WINDOWS\SYSTEM32\drvvunr.dll
C:\Program Files\ucleaner_setup.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\SYSTEM32\hlpsrv.exe
C:\WINDOWS\SYSTEM32\nqtss.bak1
C:\WINDOWS\SYSTEM32\fccbxvs.dll
C:\WINDOWS\SYSTEM32\winosz32(2).dll
C:\WINDOWS\system32\it_pl.dll
C:\WINDOWS\system32\it_reg.exe
C:\WINDOWS\sysrlb32.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\opqopo.dll

Folder::
C:\DOCUME~1\DJDHOL~1\APPLIC~1\Awola
C:\Program Files\Ultimate Cleaner
C:\DOCUME~1\DJDHOL~1\APPLIC~1\Ultimate Cleaner

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
___________________

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
__________________

Post:
- A fresh HijackThis log
- Contents of C:\vundofix.txt
- Contents of C:\rapport.txt
- Logfile of ComboFix.txt

#8 Dj DHoLa

Authentic Member

Authentic Member
24 posts

Posted 06 September 2007 - 07:09 PM

hey sorry for th elate reply....i was out of twon for a wedding and just got back today
here are the reports u asked for

HIJACKTHIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 6:04:31 PM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {55048488-93DA-44EC-8AF0-AD510AA443DA} - C:\WINDOWS\system32\ddaba.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: it_pl.itunes_pl - {7F916321-2E01-4127-B6A9-28EF4B177475} - C:\WINDOWS\system32\it_pl.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {E64F0381-0053-4842-B3E5-08F6C4A0AEB6} - C:\WINDOWS\system32\jquidfmp.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\ioowslai.dll",sitypnow
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Vundo Fix

VundoFix V6.5.8

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 2:11:30 PM 9/6/2007

Listing files found while scanning....

C:\WINDOWS\system32\abadd.bak1
C:\WINDOWS\system32\abadd.bak2
C:\WINDOWS\system32\abadd.ini
C:\WINDOWS\system32\abadd.ini2
C:\WINDOWS\system32\abadd.tmp
C:\WINDOWS\system32\ddaba.dll
C:\windows\system32\drvvun.dll
C:\windows\system32\drvvunr.dll
C:\WINDOWS\system32\efcbyab.dll
C:\windows\system32\fccbxvs.dll
C:\WINDOWS\system32\pokcusol.dll
C:\WINDOWS\system32\vqdcnbrb.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\abadd.bak1
C:\WINDOWS\system32\abadd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\abadd.bak2
C:\WINDOWS\system32\abadd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\abadd.ini
C:\WINDOWS\system32\abadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\abadd.ini2
C:\WINDOWS\system32\abadd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\abadd.tmp
C:\WINDOWS\system32\abadd.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\ddaba.dll Has been deleted!

Attempting to delete C:\windows\system32\drvvun.dll
C:\windows\system32\drvvun.dll Has been deleted!

Attempting to delete C:\windows\system32\drvvunr.dll
C:\windows\system32\drvvunr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcbyab.dll
C:\WINDOWS\system32\efcbyab.dll Has been deleted!

Attempting to delete C:\windows\system32\fccbxvs.dll
C:\windows\system32\fccbxvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pokcusol.dll
C:\WINDOWS\system32\pokcusol.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vqdcnbrb.dll
C:\WINDOWS\system32\vqdcnbrb.dll Has been deleted!

Performing Repairs to the registry.
Done!

SmitFraud Log
SmitFraudFix v2.188

Scan done at 17:59:33.71, Thu 09/06/2007
Run from C:\Documents and Settings\DJ DHoLa\Desktop\MP3\Unsorted\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\susp.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4247A2CC-7EF8-469D-A8A6-DCEF7B9B4018}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8E8C10E6-03DC-45D0-B1F9-D383EB563266}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EFA5066E-0E2F-46EF-BC74-85C75EC07DF2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4247A2CC-7EF8-469D-A8A6-DCEF7B9B4018}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8E8C10E6-03DC-45D0-B1F9-D383EB563266}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EFA5066E-0E2F-46EF-BC74-85C75EC07DF2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8E8C10E6-03DC-45D0-B1F9-D383EB563266}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{EFA5066E-0E2F-46EF-BC74-85C75EC07DF2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

ComboFix Log
"DJ DHoLa" - 2007-09-06 17:45:12 Service Pack 2
ComboFix 07-05.26.3.V - Running from: "C:\Documents and Settings\DJ DHoLa\"
Command switches used :: ""C:\Documents and Settings\DJ DHoLa\Desktop\MP3\Unsorted\CFScript.txt""

((((((((((((((((((((((((((((((( Files Created from 2007-08-06 to 2007-09-06 ))))))))))))))))))))))))))))))))))

2007-09-06 14:11 <DIR> d-------- C:\VundoFix Backups
2007-09-06 14:01 <DIR> d-------- C:\Program Files\Common Files\Agnitum Shared
2007-09-06 14:01 <DIR> d-------- C:\Program Files\Agnitum
2007-09-06 13:15 70,208 --a------ C:\WINDOWS\SYSTEM32\jquidfmp.dll
2007-09-06 13:10 90,176 --a------ C:\WINDOWS\SYSTEM32\ioowslai.dll
2007-09-06 11:45 70,208 --a------ C:\WINDOWS\SYSTEM32\ymtwavcn.dll
2007-09-04 23:33 70,208 --a------ C:\WINDOWS\SYSTEM32\xxhjrtcj.dll
2007-09-03 23:23 70,208 --a------ C:\WINDOWS\SYSTEM32\vmqfrvba.dll
2007-09-03 17:48 70,208 --a------ C:\WINDOWS\SYSTEM32\xllfhmgv.dll
2007-09-02 17:51 70,208 --a------ C:\WINDOWS\SYSTEM32\rwbcxtog.dll
2007-09-02 14:46 70,208 --a------ C:\WINDOWS\SYSTEM32\cuwsnfmd.dll
2007-09-01 22:07 70,208 --a------ C:\WINDOWS\SYSTEM32\otiwyuae.dll
2007-08-31 19:12 70,208 --a------ C:\WINDOWS\SYSTEM32\hngoeqei.dll
2007-08-30 12:00 70,208 --a------ C:\WINDOWS\SYSTEM32\byvrydon.dll
2007-08-30 01:34 70,208 --a------ C:\WINDOWS\SYSTEM32\kkpulchl.dll
2007-08-29 18:35 70,208 --a------ C:\WINDOWS\SYSTEM32\ypjuteko.dll
2007-08-28 18:38 70,208 --a------ C:\WINDOWS\SYSTEM32\jjuafcsg.dll
2007-08-28 14:04 70,208 --a------ C:\WINDOWS\SYSTEM32\xxpexfwc.dll
2007-08-26 13:58 70,208 --a------ C:\WINDOWS\SYSTEM32\qflannpc.dll
2007-08-25 13:42 70,208 --a------ C:\WINDOWS\SYSTEM32\ggjslkoa.dll
2007-08-24 17:48 70,208 --a------ C:\WINDOWS\SYSTEM32\coogaxtm.dll
2007-08-24 13:59 70,208 --a------ C:\WINDOWS\SYSTEM32\ajepapdp.dll
2007-08-24 12:57 70,208 --a------ C:\WINDOWS\SYSTEM32\liecdqti.dll
2007-08-23 14:46 70,208 --a------ C:\WINDOWS\SYSTEM32\subegnto.dll
2007-08-23 13:43 70,208 --a------ C:\WINDOWS\SYSTEM32\notgkyas.dll
2007-08-23 00:53 70,208 --a------ C:\WINDOWS\SYSTEM32\vpxpcbpi.dll
2007-08-22 12:29 76,021 --a------ C:\Program Files\setup.exe
2007-08-21 00:47 70,208 --a------ C:\WINDOWS\SYSTEM32\fpvnougb.dll
2007-08-20 12:41 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-08-20 12:41 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-08-20 12:41 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-08-20 12:11 211,456 --a------ C:\Documents and Settings\DJDHOL~1\load.exe
2007-08-20 12:11 211,456 --a------ C:\DOCUME~1\DJDHOL~1\load.exe
2007-08-19 22:50 15,360 --a------ C:\DOCUME~1\DJDHOL~1\APPLIC~1\nekieefdm.exe
2007-08-18 19:18 96,512 --a------ C:\Program Files\ucleaner_setup.exe
2007-08-18 19:18 <DIR> d-------- C:\Program Files\Ultimate Cleaner
2007-08-18 19:14 11,776 --a------ C:\WINDOWS\mgrs.exe
2007-08-18 19:14 10,240 --a------ C:\WINDOWS\SYSTEM32\hlpsrv.exe
2007-08-15 15:27 1,782,336 ---hs---- C:\WINDOWS\SYSTEM32\nqtss.bak1
2007-08-15 11:25 <DIR> d-------- C:\Program Files\Magicantispy
2007-08-13 16:06 <DIR> d-------- C:\DOCUME~1\DJDHOL~1\APPLIC~1\Ultimate Cleaner
2007-08-13 00:00 22,016 --a------ C:\WINDOWS\SYSTEM32\winosz32(2).dll
2007-08-06 02:53 41,156,608 --a------ C:\Documents and Settings\DJDHOL~1\ntuser.dat
2007-08-06 02:53 41,156,608 --a------ C:\DOCUME~1\DJDHOL~1\ntuser.dat

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-06 21:04:01 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-09-05 07:14:12 -------- d-----w C:\Program Files\DC++
2007-08-30 00:42:13 -------- d-----w C:\Program Files\AV Music Morpher Gold
2007-08-20 19:42:53 1,392 ----a-w C:\WINDOWS\system32\tmp.reg
2007-08-18 07:00:10 12 ----a-w C:\WINDOWS\system32\sl.bin
2007-08-15 22:16:37 -------- d-----w C:\Program Files\Steam
2007-07-31 02:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 02:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 02:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 02:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 02:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 02:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 02:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 02:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 19:08:12 -------- d-----w C:\Program Files\PokerStars
2007-07-19 17:10:56 -------- d-----w C:\Program Files\MSN Messenger
2007-06-26 06:08:16 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\explorer.exe
2007-06-06 07:01:04 12,800 ----a-w C:\WINDOWS\system32\it_pl.dll
2007-06-06 07:01:03 24,576 ----a-w C:\WINDOWS\system32\it_reg.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2005-11-04 19:29]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 13:17]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2004-05-12 01:03]
{55048488-93DA-44EC-8AF0-AD510AA443DA}=C:\WINDOWS\system32\ddaba.dll []
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2005-08-17 10:40]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}=C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2005-06-27 09:49]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 00:05]
{7F916321-2E01-4127-B6A9-28EF4B177475}=C:\WINDOWS\system32\it_pl.dll [2007-06-06 00:01]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}=C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [2005-03-09 09:55]
{E64F0381-0053-4842-B3E5-08F6C4A0AEB6}=C:\WINDOWS\system32\jquidfmp.dll [2007-09-06 13:15]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 12:33]
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 12:30]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2004-10-25 12:08]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [2004-08-17 19:26]
"2wSysTray"="C:\Program Files\2Wire\2PortalMon.exe" [2004-09-15 01:52]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-20 20:04]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-05 15:14]
"smgr"="mgrs.exe" []
"FolderView"="C:\WINDOWS\system32\ioowslai.dll" [2007-09-06 13:10]
"Outpost Firewall"="C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe" [2002-06-14 16:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2003-08-01 08:31]
"Steam"="" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-01 16:11]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\TEMP\win4D.tmp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bw45Rjc9W]
C:\Program Files\asdfe57\SPBS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
"C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6]
C:\WINDOWS\system32\gah95on6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"C:\Program Files\Internet Optimizer\optimize.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\joyping]
C:\DOCUME~1\DJDHOL~1\APPLIC~1\PLAYNU~1\ErrorRemoteFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogCashDrvSkip]
C:\Documents and Settings\All Users\Application Data\corn link log cash\user start.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Pass]
C:\Program Files\Media Pass\MediaPass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsft Windows Adapter 5.1.3013]
C:\Documents and Settings\DJ DHoLa\Application Data\nekieefdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
"C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sen]
"C:\WINDOWS\ASEMBL~1\dexplore.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
rundll32.exe "C:\WINDOWS\opqopo.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McShield"=2 (0x2)
"iPodService"=3 (0x3)
"ColdFusion Management Service"=2 (0x2)
"ColdFusion Management Repository"=2 (0x2)
"ColdFusion Graphing Server"=2 (0x2)
"Cold Fusion RDS"=2 (0x2)
"Cold Fusion Executive"=2 (0x2)
"Cold Fusion Application Server"=2 (0x2)
"ClusterCATS Service"=2 (0x2)

Contents of the 'Scheduled Tasks' folder
2007-09-01 05:51:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-09-07 00:52:00 C:\WINDOWS\tasks\McAfee.com Update Check (DGM5G461-Owner).job
2007-09-07 00:51:00 C:\WINDOWS\tasks\McAfee.com Update Check (DJ-DHOLA-DJ DHoLa).job
2007-09-07 00:51:00 C:\WINDOWS\tasks\McAfee.com Update Check (DJ-DHOLA-Nirmal).job
2007-09-07 00:50:00 C:\WINDOWS\tasks\McAfee.com Update Check (DJ-DHOLA-oTHaZ).job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-06 17:53:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ColdFusion Graphing Server]
"ImagePath"="C:\CFusion\JRun\bin\JRun.exe -jrundir \"C:\CFusion\JRun\" -nt \"JRun default\" \"default\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ColdFusion Management Repository]
"ImagePath"="\"C:\CFusion\jrun\bin\jrun.exe\" -jrundir \"C:\CFusion\jrun\" -nt \"ColdFusion Management Repository\" \"cfam\""

Completion time: 2007-09-06 17:54:23
C:\ComboFix-quarantined-files.txt ... 2007-09-06 17:54
C:\ComboFix2.txt ... 2007-08-20 12:31
C:\ComboFix3.txt ... 2007-05-26 01:17

--- E O F ---

#9 Markka

Advanced Member

Banned
784 posts

Posted 08 September 2007 - 02:03 PM

Hello

Your version of ComboFix is outdated, so remove it from your desktop and then download it again. Then double-click on ComboFix.exe to run it.

combofix.exe
________________________

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
_____________

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows except HijackThis and press fix checked.

O2 - BHO: (no name) - {55048488-93DA-44EC-8AF0-AD510AA443DA} - C:\WINDOWS\system32\ddaba.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: it_pl.itunes_pl - {7F916321-2E01-4127-B6A9-28EF4B177475} - C:\WINDOWS\system32\it_pl.dll
O2 - BHO: (no name) - {E64F0381-0053-4842-B3E5-08F6C4A0AEB6} - C:\WINDOWS\system32\jquidfmp.dll
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\ioowslai.dll",sitypnow
_______________

Use the Windows "search" tool
Start->Search
-> All files and folders
Click More advanced options

Checkmark these options:
"Search system folders"
"Search hidden files and folders"
"Search subfolders"

->Search for this and delete if found: mgrs.exe
________________

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\SYSTEM32\jquidfmp.dll
C:\WINDOWS\SYSTEM32\ioowslai.dll
C:\WINDOWS\SYSTEM32\ymtwavcn.dll
C:\WINDOWS\SYSTEM32\xxhjrtcj.dll
C:\WINDOWS\SYSTEM32\vmqfrvba.dll
C:\WINDOWS\SYSTEM32\xllfhmgv.dll
C:\WINDOWS\SYSTEM32\rwbcxtog.dll
C:\WINDOWS\SYSTEM32\cuwsnfmd.dll
C:\WINDOWS\SYSTEM32\otiwyuae.dll
C:\WINDOWS\SYSTEM32\hngoeqei.dll
C:\WINDOWS\SYSTEM32\byvrydon.dll
C:\WINDOWS\SYSTEM32\kkpulchl.dll
C:\WINDOWS\SYSTEM32\ypjuteko.dll
C:\WINDOWS\SYSTEM32\jjuafcsg.dll
C:\WINDOWS\SYSTEM32\xxpexfwc.dll
C:\WINDOWS\SYSTEM32\qflannpc.dll
C:\WINDOWS\SYSTEM32\ggjslkoa.dll
C:\WINDOWS\SYSTEM32\coogaxtm.dll
C:\WINDOWS\SYSTEM32\ajepapdp.dll
C:\WINDOWS\SYSTEM32\liecdqti.dll
C:\WINDOWS\SYSTEM32\subegnto.dll
C:\WINDOWS\SYSTEM32\notgkyas.dll
C:\WINDOWS\SYSTEM32\vpxpcbpi.dll
C:\Program Files\setup.exe
C:\WINDOWS\SYSTEM32\fpvnougb.dll
C:\Documents and Settings\DJDHOL~1\load.exe
C:\DOCUME~1\DJDHOL~1\load.exe
C:\DOCUME~1\DJDHOL~1\APPLIC~1\nekieefdm.exe
C:\Program Files\ucleaner_setup.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\SYSTEM32\nqtss.bak1
C:\WINDOWS\SYSTEM32\winosz32(2).dll
C:\WINDOWS\system32\it_pl.dll
C:\WINDOWS\system32\it_reg.exe
C:\WINDOWS\system32\it_pl.dll
C:\WINDOWS\system32\jquidfmp.dll
C:\WINDOWS\system32\ioowslai.dll

Folder::
C:\VundoFix Backups
C:\Program Files\Ultimate Cleaner
C:\DOCUME~1\DJDHOL~1\APPLIC~1\Ultimate Cleaner

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
________________

Please download ATF-cleaner and save it to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

____________________

Please then reboot your computer in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

__________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

Click on Scanner on the toolbar.
Click on the Settings tab.
- Under How to act?
  - Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
  - All checkboxes should be ticked.
- Under Possibly unwanted software:
  - All checkboxes should be ticked.
- Under Reports:
  - Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
  - Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot in Normal Mode.
______________

Post:
- A fresh HijackThis log
- AVG Anti-Spyware's log
- ComboFix's log

#10 Dj DHoLa

Authentic Member

Authentic Member
24 posts

Posted 08 September 2007 - 09:39 PM

Before i post the logs....everything has seemed to gone really basic in view and im not able to see any graphics on my computer....its like text only on some websites and i dont kno the cause of it....this only happens when im on the internet and don't know hot fix it if you could help that would be great...thanks

here are the logs

HiJackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 8:28:58 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

AVG Anti-Spyware Log
The program didnt allow me to save this report and when i went to the report section no report was saved.

ComboFix Log
ComboFix 07-09-08.7 - "DJ DHoLa" 2007-09-08 14:28:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.125 [GMT -7:00]
Command switches used :: C:\Documents and Settings\DJ DHoLa\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\SYSTEM32\jquidfmp.dll
C:\WINDOWS\SYSTEM32\ioowslai.dll
C:\WINDOWS\SYSTEM32\ymtwavcn.dll
C:\WINDOWS\SYSTEM32\xxhjrtcj.dll
C:\WINDOWS\SYSTEM32\vmqfrvba.dll
C:\WINDOWS\SYSTEM32\xllfhmgv.dll
C:\WINDOWS\SYSTEM32\rwbcxtog.dll
C:\WINDOWS\SYSTEM32\cuwsnfmd.dll
C:\WINDOWS\SYSTEM32\otiwyuae.dll
C:\WINDOWS\SYSTEM32\hngoeqei.dll
C:\WINDOWS\SYSTEM32\byvrydon.dll
C:\WINDOWS\SYSTEM32\kkpulchl.dll
C:\WINDOWS\SYSTEM32\ypjuteko.dll
C:\WINDOWS\SYSTEM32\jjuafcsg.dll
C:\WINDOWS\SYSTEM32\xxpexfwc.dll
C:\WINDOWS\SYSTEM32\qflannpc.dll
C:\WINDOWS\SYSTEM32\ggjslkoa.dll
C:\WINDOWS\SYSTEM32\coogaxtm.dll
C:\WINDOWS\SYSTEM32\ajepapdp.dll
C:\WINDOWS\SYSTEM32\liecdqti.dll
C:\WINDOWS\SYSTEM32\subegnto.dll
C:\WINDOWS\SYSTEM32\notgkyas.dll
C:\WINDOWS\SYSTEM32\vpxpcbpi.dll
C:\Program Files\setup.exe
C:\WINDOWS\SYSTEM32\fpvnougb.dll
C:\Documents and Settings\DJDHOL~1\load.exe
C:\DOCUME~1\DJDHOL~1\load.exe
C:\DOCUME~1\DJDHOL~1\APPLIC~1\nekieefdm.exe
C:\Program Files\ucleaner_setup.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\SYSTEM32\nqtss.bak1
C:\WINDOWS\SYSTEM32\winosz32(2).dll
C:\WINDOWS\system32\it_pl.dll
C:\WINDOWS\system32\it_reg.exe
C:\WINDOWS\system32\jquidfmp.dll
C:\WINDOWS\system32\ioowslai.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\DJDHOL~1\APPLIC~1.\Ultimate Cleaner
C:\DOCUME~1\DJDHOL~1\APPLIC~1.\Ultimate Cleaner\settings.dat
C:\DOCUME~1\DJDHOL~1\APPLIC~1\macromedia\Flash Player\#SharedObjects\33VQB3NW\www.broadcaster.com
C:\DOCUME~1\DJDHOL~1\APPLIC~1\macromedia\Flash Player\#SharedObjects\33VQB3NW\www.broadcaster.com\played_list.sol
C:\DOCUME~1\DJDHOL~1\APPLIC~1\macromedia\Flash Player\#SharedObjects\33VQB3NW\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\DJDHOL~1\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\DJDHOL~1\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\DJDHOL~1\APPLIC~1\nekieefdm.exe
C:\DOCUME~1\DJDHOL~1\APPLIC~1\Ultimate Cleaner\settings.dat
C:\DOCUME~1\DJDHOL~1\Desktop\Find Spyware Remover.lnk
C:\DOCUME~1\DJDHOL~1\Desktop\Free Online Dating.lnk
C:\DOCUME~1\DJDHOL~1\Desktop\Go to Casino.lnk
C:\DOCUME~1\DJDHOL~1\load.exe
C:\DOCUME~1\Nirmal\Desktop\Find Spyware Remover.lnk
C:\DOCUME~1\Nirmal\Desktop\Free Online Dating.lnk
C:\DOCUME~1\Nirmal\Desktop\Go to Casino.lnk
C:\Documents and Settings\DJDHOL~1\load.exe
C:\Program Files\Magicantispy
C:\Program Files\Magicantispy\Magicantispy.exe
C:\Program Files\Magicantispy\Magicantispy0.my
C:\Program Files\Magicantispy\Magicantispy1.my
C:\Program Files\setup.exe
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\VundoFix Backups
C:\VundoFix Backups\abadd.bak1.bad
C:\VundoFix Backups\abadd.bak2.bad
C:\VundoFix Backups\abadd.ini.bad
C:\VundoFix Backups\abadd.ini2.bad
C:\VundoFix Backups\abadd.tmp.bad
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\ddaba.dll.bad
C:\VundoFix Backups\drvvun.dll.bad
C:\VundoFix Backups\drvvunr.dll.bad
C:\VundoFix Backups\efcbyab.dll.bad
C:\VundoFix Backups\fccbxvs.dll.bad
C:\VundoFix Backups\pokcusol.dll.bad
C:\VundoFix Backups\vqdcnbrb.dll.bad
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\7search.dll
C:\WINDOWS\bacffe.ini
C:\WINDOWS\bi.dll
C:\WINDOWS\biprep.exe
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\effcab.dll
C:\WINDOWS\flt.dll
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\opoqpo.ini
C:\WINDOWS\opqopo.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\satmat.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\sysrlb32.exe
C:\WINDOWS\SYSTEM32\ajepapdp.dll
C:\WINDOWS\system32\ajepapdp.dll
C:\WINDOWS\SYSTEM32\byvrydon.dll
C:\WINDOWS\system32\byvrydon.dll
C:\WINDOWS\system32\coogaxtm.dll
C:\WINDOWS\SYSTEM32\coogaxtm.dll
C:\WINDOWS\system32\cuwsnfmd.dll
C:\WINDOWS\SYSTEM32\cuwsnfmd.dll
C:\WINDOWS\system32\drivers\alert_icon.gif
C:\WINDOWS\system32\drivers\close_icon.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\header_bg.gif
C:\WINDOWS\system32\drivers\icon_warning.gif
C:\WINDOWS\system32\drivers\remove_spyware_button.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\secuity_center_logo.gif
C:\WINDOWS\SYSTEM32\fpvnougb.dll
C:\WINDOWS\system32\fpvnougb.dll
C:\WINDOWS\system32\ggjslkoa.dll
C:\WINDOWS\SYSTEM32\ggjslkoa.dll
C:\WINDOWS\system32\hlpsrv.exe
C:\WINDOWS\system32\hngoeqei.dll
C:\WINDOWS\SYSTEM32\hngoeqei.dll
C:\WINDOWS\SYSTEM32\ialswooi.ini
C:\WINDOWS\system32\ioowslai.dll
C:\WINDOWS\SYSTEM32\ioowslai.dll
C:\WINDOWS\system32\it_pl.dll
C:\WINDOWS\system32\it_reg.exe
C:\WINDOWS\system32\jjuafcsg.dll
C:\WINDOWS\SYSTEM32\jjuafcsg.dll
C:\WINDOWS\system32\jquidfmp.dll
C:\WINDOWS\SYSTEM32\jquidfmp.dll
C:\WINDOWS\system32\kkpulchl.dll
C:\WINDOWS\SYSTEM32\kkpulchl.dll
C:\WINDOWS\system32\lfd32.ini
C:\WINDOWS\system32\liecdqti.dll
C:\WINDOWS\SYSTEM32\liecdqti.dll
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\notgkyas.dll
C:\WINDOWS\SYSTEM32\notgkyas.dll
C:\WINDOWS\SYSTEM32\nqtss.bak1
C:\WINDOWS\SYSTEM32\otiwyuae.dll
C:\WINDOWS\system32\otiwyuae.dll
C:\WINDOWS\SYSTEM32\qflannpc.dll
C:\WINDOWS\system32\qflannpc.dll
C:\WINDOWS\SYSTEM32\rwbcxtog.dll
C:\WINDOWS\system32\rwbcxtog.dll
C:\WINDOWS\system32\sl.bin
C:\WINDOWS\system32\subegnto.dll
C:\WINDOWS\SYSTEM32\subegnto.dll
C:\WINDOWS\SYSTEM32\vmqfrvba.dll
C:\WINDOWS\system32\vmqfrvba.dll
C:\WINDOWS\SYSTEM32\vpxpcbpi.dll
C:\WINDOWS\system32\vpxpcbpi.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\SYSTEM32\winosz32(2).dll
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\xllfhmgv.dll
C:\WINDOWS\SYSTEM32\xllfhmgv.dll
C:\WINDOWS\system32\xxhjrtcj.dll
C:\WINDOWS\SYSTEM32\xxhjrtcj.dll
C:\WINDOWS\SYSTEM32\xxpexfwc.dll
C:\WINDOWS\system32\xxpexfwc.dll
C:\WINDOWS\system32\ymtwavcn.dll
C:\WINDOWS\SYSTEM32\ymtwavcn.dll
C:\WINDOWS\SYSTEM32\ypjuteko.dll
C:\WINDOWS\system32\ypjuteko.dll
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wml.exe

((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 )))))))))))))))))))))))))))))))
.

2007-09-08 14:09 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-09-06 17:45 478 --a------ C:\CFCleanUp.bat
2007-09-06 14:01 <DIR> d-------- C:\Program Files\Common Files\Agnitum Shared
2007-09-06 14:01 <DIR> d-------- C:\Program Files\Agnitum
2007-08-20 12:41 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-08-20 12:41 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-08-20 12:41 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-07 02:00 --------- d-------- C:\Program Files\DC++
2007-09-07 01:23 --------- d-------- C:\Program Files\Steam
2007-09-06 14:04 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-06 13:54 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-29 17:42 --------- d-------- C:\Program Files\AV Music Morpher Gold
2007-07-30 12:08 --------- d-------- C:\Program Files\PokerStars
2007-07-19 10:10 --------- d-------- C:\Program Files\MSN Messenger
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 12:33]
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 12:30]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2004-10-25 12:08]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [2004-08-17 19:26]
"2wSysTray"="C:\Program Files\2Wire\2PortalMon.exe" [2004-09-15 01:52]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-20 20:04]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-05 15:14]
"Outpost Firewall"="C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe" [2002-06-14 16:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2003-08-01 08:31]
"Steam"="" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-01 16:11]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-10 12:04:12]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-10 12:04:12]

C:\DOCUME~1\DJDHOL~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-10 12:04:12]

C:\DOCUME~1\Nirmal\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-10 12:04:12]

C:\DOCUME~1\oTHaZ\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-10 12:04:12]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-10 12:04:12]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\TEMP\win4D.tmp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bw45Rjc9W]
C:\Program Files\asdfe57\SPBS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
"C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6]
C:\WINDOWS\system32\gah95on6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"C:\Program Files\Internet Optimizer\optimize.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\joyping]
C:\DOCUME~1\DJDHOL~1\APPLIC~1\PLAYNU~1\ErrorRemoteFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogCashDrvSkip]
C:\Documents and Settings\All Users\Application Data\corn link log cash\user start.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Pass]
C:\Program Files\Media Pass\MediaPass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsft Windows Adapter 5.1.3013]
C:\Documents and Settings\DJ DHoLa\Application Data\nekieefdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
"C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sen]
"C:\WINDOWS\ASEMBL~1\dexplore.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
rundll32.exe "C:\WINDOWS\opqopo.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McShield"=2 (0x2)
"iPodService"=3 (0x3)
"ColdFusion Management Service"=2 (0x2)
"ColdFusion Management Repository"=2 (0x2)
"ColdFusion Graphing Server"=2 (0x2)
"Cold Fusion RDS"=2 (0x2)
"Cold Fusion Executive"=2 (0x2)
"Cold Fusion Application Server"=2 (0x2)
"ClusterCATS Service"=2 (0x2)

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys
R1 VFILT;Outpost Firewall Kernel Driver;\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS
R3 2WIREPCP;2Wire USB;C:\WINDOWS\system32\DRIVERS\2WirePCP.sys
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL
S3 1d226aef-23ef-4b18-af46-5559c7b3b451;1d226aef-23ef-4b18-af46-5559c7b3b451;\??\D:\CDS300\cds300.dll
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys
S4 Cold Fusion Application Server;Cold Fusion Application Server;C:\CFusion\Bin\cfserver.exe
S4 Cold Fusion Executive;ColdFusion Executive;C:\CFusion\Bin\cfexec.exe
S4 Cold Fusion RDS;ColdFusion RDS;C:\CFusion\Bin\cfrdsservice.exe
S4 ColdFusion Management Repository;ColdFusion Management Repository Server;"C:\CFusion\jrun\bin\jrun.exe" -jrundir "C:\CFusion\jrun" -nt "ColdFusion Management Repository" "cfam"

*Newly Created Service* - AVGASCLN
.
Contents of the 'Scheduled Tasks' folder
"2007-09-08 05:51:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-08 21:32:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DGM5G461-Owner).job"
- c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-09-08 21:36:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DJ-DHOLA-DJ DHoLa).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-09-08 21:36:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DJ-DHOLA-Nirmal).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-09-08 21:35:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DJ-DHOLA-oTHaZ).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-08 14:38:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-08 14:40:16 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-08 14:39
C:\ComboFix2.txt ... 2007-09-06 17:54
C:\ComboFix3.txt ... 2007-08-20 12:31
.
--- E O F ---

#11 Markka

Advanced Member

Banned
784 posts

Posted 09 September 2007 - 11:57 AM

Hello

im not able to see any graphics on my computer....its like text only on some websites and i dont kno the cause of it....this only happens when im on the internet and don't know hot fix it if you could help that would be great

Have you installed drivers for video card?
_______________

Kaspersky online scanner works only with Internet Explorer!

Please run an online scanner with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.

_______________________

Post:
- A fresh HijackThis log
- Kaspersky's report

Body Background

skin color theme