Your hijackthis log is incomplete. Rerun Hijackthis and post a fresh Hijackthis log. If the log is to long to put in one reply then divide it into 2 parts and post it in 2 replies
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:54 PM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Please download Combofix and save to your desktop:
Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the contents of the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang.
ComboFix 08-01-21.3 - Brenda 2008-01-21 21:44:50.1 - NTFSx86
Running from: C:\Documents and Settings\Brenda\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! .
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
1. Open
NotePad (not wordpad). Copy and paste the following into Notepad
File:: C:\WINDOWS\system32\545956585E5B5B.exe C:\WINDOWS\system32\mmjtbald.ini C:\WINDOWS\system32\yqrwonvx.ini C:\WINDOWS\system32\evroinfp.ini C:\WINDOWS\system32\chnpssvr.ini C:\WINDOWS\system32\fmceabfp.ini C:\WINDOWS\system32\nekonbbf.ini C:\WINDOWS\mrofinu11.exe.tmp
Save the File as
CFScript(exactly as shown no spaces) ->> Save it to your
Desktop
Using the Image as a reference, drag
CFScript into
ComboFix.exe
You will be prompted to run Combofix again, Do so Following the same rules as indicated in my first post Then post the contents of the C:\ComboFix.txt log in your reply
ComboFix 08-01-21.3 - Brenda 2008-01-22 11:07:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.163 [GMT -8:00]
Running from: C:\Documents and Settings\Brenda\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brenda\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
ComboFix 08-01-21.3 - Brenda 2008-01-22 12:45:24.3 - NTFSx86
Running from: C:\Documents and Settings\Brenda\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brenda\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\WINDOWS\system32\gjjlm.bak2
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\gjjlm.bak2
.
((((((((((((((((((((((((( Files Created from 2007-12-22 to 2008-01-22 )))))))))))))))))))))))))))))))
.
Save the File as
CFScript(exactly as shown no spaces) ->> Save it to your
Desktop
Using the Image as a reference, drag
CFScript into
ComboFix.exe
You will be prompted to run Combofix again, Do so Following the same rules as indicated in my first post Then post the contents of the C:\ComboFix.txt log in your reply
bamajim - Here's the newest hijackthis log. I cannot tell for sure how my computer is now because I cannot get online with it right now (at work :)). I will post another update when I get home tonight :) Thank you!!!! :) Funny thing, I believe you were the one that helped me out last time my computer got infected (a year ago, almost to the day...weird). Anyways...you ROCK! :)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:32 PM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
You may now remove/delete/uninstall the tools we used to clean your PC
Now that your log is clean
There are some final notes: Disable and Enable System Restore
Lets create a clean System Restore point the instructions are here
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6.u4. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the " Download" button to the right. Check the box that says: " Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u4-windowsi586-p.exe to install the newest version.
Update your Anti Virus Software
Use and maintain a Firewall Download and install SiteHound by Firetrust for protection against malicious websites.
Pick the version that matches your browser
Visit Microsoft's Windows Update Site Frequently for critical updates
Backup your Important Documents and Files on a regular basis
bamajim
10.4K Posts
0
January 18th, 2008 12:00
"The world is what you make of it"
Caligirl816
25 Posts
0
January 19th, 2008 04:00
Scan saved at 10:49:54 PM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\mrofinu11.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\545956585E5B5B.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\mrofinu11 .exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Apoint\Apoint .exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Router\Router.exe
C:\Program Files\Words\Words.exe
C:\Program Files\Router\Router .exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\Program Files\kernel\kernel .exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Words\Words .exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Dot1XCfg\Dot1XCfg .exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A284662EA4EBF968951185EFC412806867680AEDE604D64C2661373F80FB68AD6
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [393E3B3D43404043] 545956585E5B5B.exe
O4 - HKLM\..\Run: [b838ccce] rundll32.exe "C:\WINDOWS\system32\fklaeqoe.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
End of file - 12280 bytes
bamajim
10.4K Posts
0
January 21st, 2008 12:00
Please download Combofix and save to your desktop:
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.
"The world is what you make of it"
Caligirl816
25 Posts
0
January 22nd, 2008 04:00
Running from: C:\Documents and Settings\Brenda\Desktop\ComboFix.exe
* Created a new restore point
.
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Brenda\Application Data\searchtoolbarcorp
C:\Documents and Settings\Brenda\Application Data\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
C:\Documents and Settings\Brenda\Application Data\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
C:\Documents and Settings\Brenda\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Brenda\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Brenda\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\inetget2
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\kernel
C:\Program Files\kernel\kernel .exe
C:\Program Files\kernel\kernel.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive9.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\kwd.gz
C:\Program Files\QdrModule\QdrModule11 .exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack11 .exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\Router
C:\Program Files\Router\Router .exe
C:\Program Files\Router\Router.exe
C:\Program Files\Router\UnInstall.exe
C:\Program Files\Temporary
C:\Program Files\Words
C:\Program Files\Words\list.txt
C:\Program Files\Words\UnInstall.exe
C:\Program Files\Words\Words .exe
C:\Program Files\Words\Words.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b149.exe
C:\WINDOWS\b151.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\mrofinu11.exe
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awtsr.exe
C:\WINDOWS\system32\bkbinefm.dll
C:\WINDOWS\system32\bqydsqki.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\eoqealkf.ini
C:\WINDOWS\system32\fklaeqoe.dll
C:\WINDOWS\system32\gbbkvwqt.dll
C:\WINDOWS\system32\ikqsdyqb.ini
C:\WINDOWS\system32\kcitpeda.dll
C:\WINDOWS\system32\kgmlmnfx.dll
C:\WINDOWS\system32\lennfbmm.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mfenibkb.ini
C:\WINDOWS\system32\ngwpuxmg.dll
C:\WINDOWS\system32\ourshjsg.dll
C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\rstwa.ini2
C:\WINDOWS\system32\sxxidxxy.ini
C:\WINDOWS\system32\ttxenufj.dll
C:\WINDOWS\system32\upktvgvs.dll
C:\WINDOWS\system32\xxyxxyy.dll
C:\WINDOWS\system32\yxfbifqp.dll
C:\WINDOWS\system32\yxxdixxs.dll
.
((((((((((((((((((((((((( Files Created from 2007-12-22 to 2008-01-22 )))))))))))))))))))))))))))))))
.
2008-01-18 22:49 . 2008-01-18 22:49
2008-01-17 22:43 . 2008-01-17 22:43
2008-01-17 22:42 . 2007-12-14 04:40 120,832 --a------ C:\WINDOWS\system32\545956585E5B5B.exe
2008-01-17 22:35 . 2008-01-17 22:35 1,075,250 --ahs---- C:\WINDOWS\system32\mmjtbald.ini
2008-01-16 22:26 . 2008-01-17 22:28 1,064,463 --ahs---- C:\WINDOWS\system32\yqrwonvx.ini
2008-01-12 21:20 . 2008-01-21 21:46
2008-01-11 22:40 . 2008-01-21 21:47
2008-01-11 22:08 . 2008-01-16 22:09 1,060,982 --ahs---- C:\WINDOWS\system32\evroinfp.ini
2008-01-11 21:59 . 2008-01-11 22:00 1,060,562 --ahs---- C:\WINDOWS\system32\chnpssvr.ini
2008-01-08 20:03 . 2008-01-11 21:48 1,054,980 --ahs---- C:\WINDOWS\system32\fmceabfp.ini
2008-01-08 20:01 . 2008-01-08 20:01 1,054,842 --ahs---- C:\WINDOWS\system32\nekonbbf.ini
2008-01-02 21:03 . 2008-01-21 21:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-02 21:03 . 2008-01-02 21:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-01 23:36 . 2008-01-21 21:05 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-31 06:16 . 2007-12-31 06:16
2007-12-31 06:15 . 2007-03-29 04:56 409,600 --------- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-12-31 06:15 . 2007-03-29 04:56 18,944 --------- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-12-31 06:15 . 2007-03-29 04:56 8,192 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-12-31 06:15 . 2007-03-29 04:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2007-12-31 06:15 . 2007-03-29 04:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-12-31 06:15 . 2007-03-29 04:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2007-12-30 22:12 . 2007-12-31 05:29
2007-12-29 12:22 . 2008-01-21 21:05 377,856 --a------ C:\WINDOWS\mrofinu11.exe.tmp
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 05:46 --------- d-----w C:\Program Files\MSN Messenger
2008-01-22 05:46 --------- d-----w C:\Program Files\iTunes
2008-01-12 06:54 --------- d-----w C:\Program Files\AIM
2008-01-12 06:36 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-01-07 04:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-06 18:31 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-31 13:28 --------- d-----w C:\Program Files\QuickTime
2007-12-31 13:28 --------- d-----w C:\Program Files\DellSupport
2007-12-29 22:51 --------- d-----w C:\Program Files\Norton 360
2007-12-13 02:46 --------- d-----w C:\Program Files\Yahoo!
2007-12-13 02:46 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-12-05 05:54 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 05:54 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 05:54 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-05 05:54 --------- d-----w C:\Program Files\Symantec
2007-12-01 07:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 07:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 07:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 07:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 07:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 07:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 07:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2005-10-09 03:29 338,919 --sha-w C:\WINDOWS\system32\gjjlm.bak2
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
2008-01-21 22:11 336384 --a------ C:\WINDOWS\system32\awtsr.dll
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .exe" [2008-01-21 21:45 5037056]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-01-21 21:04 6045696]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"kernel"="C:\Program Files\kernel\kernel.exe" [ ]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [2008-01-21 21:05 401408]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-21 21:05 702976]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2008-01-21 21:05 505344]
"393E3B3D43404043"="545956585E5B5B.exe" [2007-12-14 04:40 120832 C:\WINDOWS\system32\545956585E5B5B.exe]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-06-28 18:00:18 24576]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-05 23:37:10 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56 65588]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 08:59:36 806912]
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2006-08-22 10:03:52 6144]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-17 13:20:06 54512]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 13:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
"load"=C:\WINDOWS\system32\awtsr.exe
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\awtsr
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
S2 CWMonitor;Symantec Crimeware Protection Driver;C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys []
S3 ADM8511;PA090 USB ETHERNET 10/100 ;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2002-01-16 15:02]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-14 11:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert.BrendaWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs.
"2007-10-05 13:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-05-16 16:26:51 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1126911016.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
Rootkit scan 2008-01-21 22:10:38
Windows 5.1.2600 Service Pack 2 NTFS
hidden files: 1
.
--------------------- DLLs Loaded Under Running Processes ---------------------
-> C:\WINDOWS\system32\awtsr.dll
.
Completion time: 2008-01-21 22:23:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-22 06:23:04
.
2008-01-09 06:08:39 --- E O F ---
bamajim
10.4K Posts
0
January 22nd, 2008 14:00
Good work so far
1. Open NotePad (not wordpad). Copy and paste the following into Notepad
File::
C:\WINDOWS\system32\545956585E5B5B.exe
C:\WINDOWS\system32\mmjtbald.ini
C:\WINDOWS\system32\yqrwonvx.ini
C:\WINDOWS\system32\evroinfp.ini
C:\WINDOWS\system32\chnpssvr.ini
C:\WINDOWS\system32\fmceabfp.ini
C:\WINDOWS\system32\nekonbbf.ini
C:\WINDOWS\mrofinu11.exe.tmp
Folder::
C:\WINDOWS\system32\F2F7F4F6FCF9F9
RENV::
C:\Program Files\Apoint\Apoint .exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
C:\Program Files\Dell\Media Experience\PCMService .exe
C:\Program Files\Dell\QuickSet\quickset .exe
C:\Program Files\Dell Support Center\bin\sprtcmd .exe
C:\Program Files\Dell Support Center\gs_agent\custom\dsca .exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\Program Files\Dot1XCfg\Dot1XCfg .exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask .exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray .exe
C:\Program Files\MySpace\IM\MySpaceIM .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Real\RealPlayer\RealPlay .exe
C:\Program Files\Yahoo!\browser\ybrwicon .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\YOP\yop .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\dla\tfswctrl .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07 .exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6A2250B-5966-4A7D-A474-65D50BB8B9C1}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Router"=-
"kernel"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"393E3B3D43404043"=-
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=-
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop
Using the Image as a reference, drag CFScript into ComboFix.exe
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
"The world is what you make of it"
Caligirl816
25 Posts
0
January 22nd, 2008 17:00
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.163 [GMT -8:00]
Running from: C:\Documents and Settings\Brenda\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brenda\Desktop\CFScript.txt
* Created a new restore point
C:\WINDOWS\mrofinu11.exe.tmp
C:\WINDOWS\system32\545956585E5B5B.exe
C:\WINDOWS\system32\chnpssvr.ini
C:\WINDOWS\system32\evroinfp.ini
C:\WINDOWS\system32\fmceabfp.ini
C:\WINDOWS\system32\mmjtbald.ini
C:\WINDOWS\system32\nekonbbf.ini
C:\WINDOWS\system32\yqrwonvx.ini
.
.
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\WINDOWS\mrofinu11.exe.tmp
C:\WINDOWS\system32\545956585E5B5B.exe
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awtsr.exe
C:\WINDOWS\system32\chnpssvr.ini
C:\WINDOWS\system32\evroinfp.ini
C:\WINDOWS\system32\F2F7F4F6FCF9F9
C:\WINDOWS\system32\F2F7F4F6FCF9F9\343936383E3B3B
C:\WINDOWS\system32\fmceabfp.ini
C:\WINDOWS\system32\mmjtbald.ini
C:\WINDOWS\system32\nekonbbf.ini
C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\rstwa.ini2
C:\WINDOWS\system32\yqrwonvx.ini
.
.
((((((((((((((((((((((((( Files Created from 2007-12-22 to 2008-01-22 )))))))))))))))))))))))))))))))
.
2008-01-18 22:49 . 2008-01-18 22:49
2008-01-12 21:20 . 2008-01-22 11:15
2008-01-11 22:40 . 2008-01-22 11:15
2008-01-02 21:03 . 2008-01-22 10:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-02 21:03 . 2008-01-02 21:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-01 23:36 . 2008-01-21 21:05 15,360 --a------ C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-01 23:36 . 2008-01-21 21:05 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-12-31 06:16 . 2007-12-31 06:16
2007-12-31 06:15 . 2007-03-29 04:56 409,600 --------- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-12-31 06:15 . 2007-03-29 04:56 18,944 --------- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-12-31 06:15 . 2007-03-29 04:56 8,192 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-12-31 06:15 . 2007-03-29 04:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2007-12-31 06:15 . 2007-03-29 04:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-12-31 06:15 . 2007-03-29 04:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2007-12-30 22:12 . 2007-12-31 05:29
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 19:15 --------- d-----w C:\Program Files\MSN Messenger
2008-01-22 19:15 --------- d-----w C:\Program Files\iTunes
2008-01-22 19:07 --------- d-----w C:\Program Files\DellSupport
2008-01-12 06:54 --------- d-----w C:\Program Files\AIM
2008-01-12 06:36 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-01-07 04:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-06 18:31 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-31 13:28 --------- d-----w C:\Program Files\QuickTime
2007-12-29 22:51 --------- d-----w C:\Program Files\Norton 360
2007-12-13 02:46 --------- d-----w C:\Program Files\Yahoo!
2007-12-13 02:46 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-12-05 05:54 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 05:54 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 05:54 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-05 05:54 --------- d-----w C:\Program Files\Symantec
2007-12-01 07:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 07:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 07:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 07:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 07:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 07:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 07:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2005-10-09 03:29 338,919 --sha-w C:\WINDOWS\system32\gjjlm.bak2
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-21 21:05 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [ ]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-06-28 18:00:18 24576]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-05 23:37:10 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56 65588]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 08:59:36 806912]
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2006-08-22 10:03:52 6144]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-17 13:20:06 54512]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 13:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
S2 CWMonitor;Symantec Crimeware Protection Driver;C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys []
S3 ADM8511;PA090 USB ETHERNET 10/100 ;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2002-01-16 15:02]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-14 11:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert.BrendaWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs.
"2007-10-05 13:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-05-16 16:26:51 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1126911016.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
Rootkit scan 2008-01-22 11:26:12
Windows 5.1.2600 Service Pack 2 NTFS
hidden files: 0
.
Completion time: 2008-01-22 11:32:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-22 19:32:30
ComboFix2.txt 2008-01-22 06:23:18
.
2008-01-09 06:08:39 --- E O F ---
Caligirl816
25 Posts
0
January 22nd, 2008 18:00
Running from: C:\Documents and Settings\Brenda\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brenda\Desktop\CFScript.txt
* Created a new restore point
C:\WINDOWS\system32\gjjlm.bak2
.
.
((((((((((((((((((((((((( Files Created from 2007-12-22 to 2008-01-22 )))))))))))))))))))))))))))))))
.
2008-01-18 22:49 . 2008-01-18 22:49
2008-01-12 21:20 . 2008-01-22 11:15
2008-01-11 22:40 . 2008-01-22 11:15
2008-01-02 21:03 . 2008-01-22 11:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-02 21:03 . 2008-01-22 11:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-01 23:36 . 2008-01-21 21:05 15,360 --a------ C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-01 23:36 . 2008-01-21 21:05 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-12-31 06:16 . 2007-12-31 06:16
2007-12-31 06:15 . 2007-03-29 04:56 409,600 --------- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-12-31 06:15 . 2007-03-29 04:56 18,944 --------- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-12-31 06:15 . 2007-03-29 04:56 8,192 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-12-31 06:15 . 2007-03-29 04:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2007-12-31 06:15 . 2007-03-29 04:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-12-31 06:15 . 2007-03-29 04:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2007-12-30 22:12 . 2007-12-31 05:29
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 20:45 --------- d-----w C:\Program Files\QuickTime
2008-01-22 19:44 --------- d-----w C:\Program Files\iTunes
2008-01-22 19:15 --------- d-----w C:\Program Files\MSN Messenger
2008-01-22 19:07 --------- d-----w C:\Program Files\DellSupport
2008-01-12 06:54 --------- d-----w C:\Program Files\AIM
2008-01-12 06:36 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-01-07 04:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-06 18:31 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-29 22:51 --------- d-----w C:\Program Files\Norton 360
2007-12-13 02:46 --------- d-----w C:\Program Files\Yahoo!
2007-12-13 02:46 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-12-05 05:54 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 05:54 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-05 05:54 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 05:54 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-05 05:54 --------- d-----w C:\Program Files\Symantec
2007-12-01 07:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 07:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 07:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 07:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 07:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 07:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 07:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-28 01:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-28 01:40 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
.
.
- 2008-01-22 19:04:48 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\ 00000001\NTUSER.DAT
+ 2008-01-22 20:44:42 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\ 00000001\NTUSER.DAT
- 2008-01-22 19:04:48 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\ 00000002\UsrClass.dat
+ 2008-01-22 20:44:42 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\ 00000002\UsrClass.dat
- 2008-01-22 19:04:48 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\ 00000003\NTUSER.DAT
+ 2008-01-22 20:44:43 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\ 00000003\NTUSER.DAT
- 2008-01-22 19:04:48 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\ 00000004\UsrClass.dat
+ 2008-01-22 20:44:43 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\ 00000004\UsrClass.dat
- 2008-01-22 19:04:49 3,932,160 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\ 00000005\NTUSER.DAT
+ 2008-01-22 20:44:43 3,932,160 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\ 00000005\NTUSER.DAT
- 2008-01-22 19:04:49 24,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\ 00000006\UsrClass.dat
+ 2008-01-22 20:44:43 24,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\ 00000006\UsrClass.dat
- 2008-01-03 05:02:33 102,400 ----a-r C:\WINDOWS\Installer\{974C05A0-C76C-4724-A9A2-11D5D1355729}\iTunesIco.exe
+ 2008-01-22 19:44:45 102,400 ----a-r C:\WINDOWS\Installer\{974C05A0-C76C-4724-A9A2-11D5D1355729}\iTunesIco.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-21 21:05 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [ ]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-06-28 18:00:18 24576]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-05 23:37:10 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56 65588]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 08:59:36 806912]
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2006-08-22 10:03:52 6144]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-17 13:20:06 54512]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 13:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
S2 CWMonitor;Symantec Crimeware Protection Driver;C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys []
S3 ADM8511;PA090 USB ETHERNET 10/100 ;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2002-01-16 15:02]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-14 11:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert.BrendaWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs.
"2007-10-05 13:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-05-16 16:26:51 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1126911016.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
Rootkit scan 2008-01-22 12:49:24
Windows 5.1.2600 Service Pack 2 NTFS
hidden files: 0
.
Completion time: 2008-01-22 12:50:18
ComboFix-quarantined-files.txt 2008-01-22 20:50:03
ComboFix2.txt 2008-01-22 19:32:36
ComboFix3.txt 2008-01-22 06:23:18
.
2008-01-09 06:08:39 --- E O F ---
bamajim
10.4K Posts
0
January 22nd, 2008 18:00
Nicely done. A couple more to go
If the CFScript file is still on your desktop, delete it we are going to make another one.
1. Open NotePad (not wordpad). Copy and paste the following into Notepad
File::
C:\WINDOWS\system32\gjjlm.bak2
RENV::
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop
Using the Image as a reference, drag CFScript into ComboFix.exe
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
"The world is what you make of it"
Caligirl816
25 Posts
0
January 22nd, 2008 19:00
Scan saved at 1:24:32 PM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
End of file - 10566 bytes
bamajim
10.4K Posts
0
January 22nd, 2008 19:00
"The world is what you make of it"
bamajim
10.4K Posts
0
January 23rd, 2008 11:00
You are most welcome
You may now remove/delete/uninstall the tools we used to clean your PC
Now that your log is clean
There are some final notes:
Disable and Enable System Restore
the instructions are here
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
Java Runtime Environment (JRE) 6.u4.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the " Download" button to the right.
Check the box that says: " Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u4-windowsi586-p.exe to install the newest version.
Update your Anti Virus Software
Use and maintain a Firewall
Download and install SiteHound by Firetrust for protection against malicious websites.
Pick the version that matches your browser
Visit Microsoft's Windows Update Site Frequently for critical updates
Backup your Important Documents and Files on a regular basis
You may want to read this article" So how did I get infected in the first place" by Tony Klein
surf safe
"The world is what you make of it"