Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Just Ran Combo Fix, is there anything it missed?


  • This topic is locked This topic is locked
2 replies to this topic

#1 phoenixrage

phoenixrage

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 21 November 2007 - 09:16 PM

I was having some pop-up issues and explorer would keep crashing w/o bringing up a dialog box and just restart on its own.

Ran Hijack this and Combofix and seems to have fixed it, I just want to make sure its completely clean, so here are the logs for both. TIA!!

btw... hijack this log was done after combofix finished its thing

---------- COMBOFIX LOG ----------------
ComboFix 07-11-19.3 - Edward 2007-11-21 21:58:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.407 [GMT -5:00]
Running from: C:\Documents and Settings\Edward\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Edward\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Edward\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Edward\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\{F0E32~1
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\WINDOWS\system32\f1
C:\WINDOWS\system32\fsjwsohg.dll
C:\WINDOWS\system32\h2
C:\WINDOWS\system32\h2\jumper83122.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rqrsr.dll
C:\WINDOWS\SYSTEM32\rsrqr.ini
C:\WINDOWS\SYSTEM32\rsrqr.ini2

.
((((((((((((((((((((((((( Files Created from 2007-10-22 to 2007-11-22 )))))))))))))))))))))))))))))))
.

2007-11-20 01:04 15,086 --a------ C:\WINDOWS\SYSTEM32\FreePokerBonus.ico
2007-11-14 18:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\rc2
2007-11-09 17:50 <DIR> d-------- C:\Program Files\Full Tilt Poker.Net
2007-11-09 07:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-22 01:47 --------- d-----w C:\Documents and Settings\Edward\Application Data\AVG7
2007-11-21 12:36 --------- d-----w C:\Documents and Settings\Edward\Application Data\Azureus
2007-11-20 13:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-09 22:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 12:32 --------- d-----w C:\Program Files\Apple Software Update
2007-11-02 03:57 --------- d-----w C:\Program Files\Azureus
2007-10-02 04:54 --------- d-----w C:\Program Files\Handmark
2007-09-27 02:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-08-02 13:43 282,624 ----a-w C:\Program Files\Common Files\holes83122.dll
2007-08-02 13:43 282,624 ----a-w C:\Program Files\Common Files\holes4444.dll
2007-07-28 09:06 135 ----a-w C:\Program Files\page.html
2005-02-12 02:03 457 ----a-w C:\Program Files\INSTALL.LOG
2001-10-05 16:53 21,866 ----a-w C:\Program Files\Common Files\tppupd2k.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B7F6FAF-6696-4BD3-81BC-540C7589197E}]
2007-08-02 08:43 282624 --a------ C:\Program Files\Common Files\holes83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2373D5E8-271B-4808-96AE-061C6DFC67E2}]
2007-08-02 08:43 282624 --a------ C:\Program Files\Common Files\holes4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89EB6020-D58C-4A3A-BFAD-63E7B4C6DFF5}]
C:\WINDOWS\system32\ppcp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED203331-9C33-49D8-8714-D24A366A04EC}]
C:\WINDOWS\system32\cbxvuvu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 12:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" []
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-25 17:03]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" []
"PNAgent"="C:\Program Files\PhatNoise Media Manager\PNAgent.exe" [2005-03-03 05:18]
"HostManager"="C:\Program Files\Common Files\AOL\1141550731\ee\AOLSoftware.exe" []
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 18:26]
"TPP Auto Loader"="C:\WINDOWS\TPPALDR.EXE" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 17:03]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Schedule TV.lnk - C:\Program Files\honestech\TV Plus 3.0\TVR 2.0\scheduleTV.exe [2006-12-07 21:02:55]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\cbxvuvu.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvuvu]
cbxvuvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqrsr.dll

R3 tifm;tifm;C:\WINDOWS\system32\drivers\tifm.sys
S3 TPP200;USB Storage Adapter V2 (TPP);C:\WINDOWS\system32\DRIVERS\TPP200.SYS
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbf66ac0-7c97-11d9-b8ca-000e35c8e66f}]
\Shell\AutoRun\command - chuj.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-09 12:32:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-20 05:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-20 14:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-20 15:00:03 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-20 16:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-20 17:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-20 17:59:59 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-20 19:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-20 20:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-20 20:59:59 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-20 22:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-20 23:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-21 06:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-21 00:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-21 01:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-22 02:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-22 03:00:03 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-21 04:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-21 04:27:18 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 06:01:46 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 07:00:46 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 08:00:45 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 09:00:45 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 07:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-21 10:00:45 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 11:00:45 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 12:00:45 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 04:27:21 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 04:27:21 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 04:27:21 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 04:27:21 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 04:27:22 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 04:27:23 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 04:27:23 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 08:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-21 04:27:23 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 04:27:23 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 04:27:23 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 04:27:23 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 04:27:23 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 04:27:24 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-22 02:00:00 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-22 03:00:05 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\dv1jj51I.exe
"2007-11-21 04:27:25 C:\WINDOWS\Tasks\At48.job"
"2007-11-21 09:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-21 10:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-21 11:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-21 12:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
"2007-11-20 13:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\oVnH3fbd.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-21 22:11:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-21 22:12:11 - machine was rebooted
.
--- E O F ---
----------------------------------- HIJACK THIS LOG ------------------------------ (this was ran after combofix completed its run.)

Logfile of HijackThis v1.99.1
Scan saved at 10:20:52 PM, on 11/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\PhatNoise Media Manager\PNAgent.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\honestech\TV Plus 3.0\TVR 2.0\scheduleTV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Edward\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1B7F6FAF-6696-4BD3-81BC-540C7589197E} - C:\Program Files\Common Files\holes83122.dll
O2 - BHO: (no name) - {2373D5E8-271B-4808-96AE-061C6DFC67E2} - C:\Program Files\Common Files\holes4444.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89EB6020-D58C-4A3A-BFAD-63E7B4C6DFF5} - C:\WINDOWS\system32\ppcp.dll (file missing)
O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - C:\WINDOWS\system32\cbxvuvu.dll (file missing)
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [PNAgent] "C:\Program Files\PhatNoise Media Manager\PNAgent.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141550731\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Schedule TV.lnk = C:\Program Files\honestech\TV Plus 3.0\TVR 2.0\scheduleTV.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10....es/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://cayyz.dimerco.com/dwa7W.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10854B12-A78F-42D9-964B-10C47ED178B7}: NameServer = 142.77.2.101,142.77.2.85
O17 - HKLM\System\CS1\Services\Tcpip\..\{10854B12-A78F-42D9-964B-10C47ED178B7}: NameServer = 142.77.2.101,142.77.2.85
O17 - HKLM\System\CS3\Services\Tcpip\..\{10854B12-A78F-42D9-964B-10C47ED178B7}: NameServer = 142.77.2.101,142.77.2.85
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxvuvu - cbxvuvu.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O23 - Service: .netupdst - - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 23 November 2007 - 08:14 AM

download & run this file
http://www.techsuppo...Disinfector.exe
Insert any memory sticks / flashdrives.


Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Program Files\Common Files\holes83122.dll
C:\Program Files\Common Files\holes4444.dll
C:\WINDOWS\system32\ppcp.dll
C:\WINDOWS\system32\cbxvuvu.dll
C:\WINDOWS\system32\rqrsr.dll
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\system32\oVnH3fbd.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\system32\dv1jj51I.exe
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B7F6FAF-6696-4BD3-81BC-540C7589197E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2373D5E8-271B-4808-96AE-061C6DFC67E2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89EB6020-D58C-4A3A-BFAD-63E7B4C6DFF5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED203331-9C33-49D8-8714-D24A366A04EC}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{ED203331-9C33-49D8-8714-D24A366A04EC}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvuvu]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbf66ac0-7c97-11d9-b8ca-000e35c8e66f}]


Save this as Save this as "CFScript"


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 28 November 2007 - 04:19 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users