Skip to main content

Bugbatter

3 Apprentice

 • 

20.5K Posts

October 15th, 2007 04:00

Welcome. Thank you for using Dell Community Forums. :)

* Please let me know if you have posted this log on another forum.

* I will not handle your log if you are using any cracked software, so if you are, either remove it, or repost your log in a New Message so that someone else will have the option of continuing with it.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.
Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple, file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.
Since I find the nature of P2P programs counter productive to restoring your PC to a healthy state, please remove all P2P file sharing programs prior to my providing you with malware removal assistance.

* Please let me know if you are an employee and this system is owned by your employer. If so, do you have permission to make changes to it?

* Please print or copy all instructions to Notepad in order to assist you when carrying out procedures.
In some cases you may be working in Safemode and you will not have the internet available to read information. Please follow all instructions in sequence.

* If your reply does not fit in one post, please reply to yourself until all text is submitted. It may take several posts.

Please go to Add/Remove Programs ad remove Internet Speed Monitor (or ISM/ISMPack6 -- however listed). Then delete the folder here:
C:\Program Files\ ISM2\
If not listed, continue with the rest of the instructions anyway.
Please download Combofix from here:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
** Take note that the link is case sensitive

Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new HijackThis log.

Note:
Do not mouseclick Combofix's window while it is running. That may cause your system to stall/hang.
Do not proceed with the rest of the fix if you fail to run ComboFix.

Note: The above instructions have been created specifically for this user. If you are not this user, do NOT follow these directions.

bherron87

5 Posts

October 19th, 2007 05:00

I am not an employee, this is my personal computer.

ComboFix 07-10-12.4 - Brian Herron 2007-10-19 2:15:45.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.842 [GMT -4:00]
Running from: C:\Documents and Settings\Brian Herron\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.protected
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\Brian Herron\Application Data.\Ultimate Defender
C:\Documents and Settings\Brian Herron\Application Data.\Ultimate Defender\logs\1158712443.log
C:\Documents and Settings\Brian Herron\Application Data\macromedia\Flash Player\#SharedObjects\HLNNHSP6\www.broadcaster.com
C:\Documents and Settings\Brian Herron\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Brian Herron\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Brian Herron\Application Data\searchtoolbarcorp
C:\Documents and Settings\Brian Herron\Application Data\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
C:\Documents and Settings\Brian Herron\Application Data\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
C:\Documents and Settings\Brian Herron\Application Data\Ultimate Defender\logs\1158712443.log
C:\Documents and Settings\Brian Herron\Application Data\Ultimate Defender\logs\1158712443.log
C:\Documents and Settings\Brian Herron\ResErrors.log
C:\Documents and Settings\Brian Herron\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\Brian Herron\Start Menu\Programs\Startup\.protected
C:\Program Files\Common Files\{34EB6~1
C:\Program Files\Common Files\{34EB6~1\services.dll
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Hammer.dll
C:\Program Files\inetget2
C:\Program Files\safety bar
C:\Program Files\safety bar\Uninstall.bat
C:\Program Files\Seekmo Programs
C:\Program Files\Ultimate Defender
C:\Program Files\Ultimate Defender\Uninstall.exe
C:\Program Files\web buying
C:\Program Files\web buying\v1.8.5\wbuninst.exe
C:\Program Files\web buying\v1.8.5\webbuying.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\.protected
C:\WINDOWS\b103.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\system32\awknuajo.exe
C:\WINDOWS\system32\bcgkqbqk.dll
C:\WINDOWS\system32\cbxwttu.dll
C:\WINDOWS\system32\cdhjfyde.ini
C:\WINDOWS\system32\components
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32\edyfjhdc.dll
C:\WINDOWS\system32\eokxmyuf.exe
C:\WINDOWS\system32\fwoolhbp.exe
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\gijtdwwh.dll
C:\WINDOWS\system32\heflsnlk.exe
C:\WINDOWS\system32\iifghff.dll
C:\WINDOWS\system32\jogweul.dll
C:\WINDOWS\system32\jwdvshkh.exe
C:\WINDOWS\system32\kcfkerfp.exe
C:\WINDOWS\system32\kqbqkgcb.ini
C:\WINDOWS\system32\ktkmqbew.exe
C:\WINDOWS\system32\mattfxvy.exe
C:\WINDOWS\system32\mroeftli.exe
C:\WINDOWS\system32\msngrlqq.ini
C:\WINDOWS\system32\mtwwdymo.dll
C:\WINDOWS\system32\omydwwtm.ini
C:\WINDOWS\system32\oxpbaoyf.exe
C:\WINDOWS\system32\pmnmjkk.dll
C:\WINDOWS\system32\pxkxaowg.dll
C:\WINDOWS\system32\q21
C:\WINDOWS\system32\qjooceyk.exe
C:\WINDOWS\system32\qqlrgnsm.dll
C:\WINDOWS\system32\sydlwcod.exe
C:\WINDOWS\system32\tbitypxx.exe
C:\WINDOWS\system32\tjhvhfsc.exe
C:\WINDOWS\system32\tuhimkwp.exe
C:\WINDOWS\system32\xybeg.bak1
C:\WINDOWS\system32\xybeg.bak1
C:\WINDOWS\system32\xybeg.bak1
C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\xybeg.ini2
C:\WINDOWS\system32\xybeg.ini2
C:\WINDOWS\system32\xybeg.ini2
C:\WINDOWS\system32\xybeg.tmp
C:\WINDOWS\system32\xybeg.tmp
C:\WINDOWS\system32\xybeg.tmp
C:\WINDOWS\tsitra572.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-09-19 to 2007-10-19 )))))))))))))))))))))))))))))))
.

2007-10-18 17:20 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-17 20:53 389,184 --a------ C:\WINDOWS\system32\pfydqpcv.exe
2007-10-17 20:53 339,968 --a------ C:\WINDOWS\system32\mnmiysiw.dll
2007-10-16 23:19 389,184 --a------ C:\WINDOWS\system32\iqhtiahn.exe
2007-10-16 23:19 339,968 --a------ C:\WINDOWS\system32\cxeldtww.dll
2007-10-16 17:54 339,968 --a------ C:\WINDOWS\system32\xyilrdrb.dll
2007-10-16 17:53 389,184 --a------ C:\WINDOWS\system32\byepqjxu.exe
2007-10-16 16:01 389,184 --a------ C:\WINDOWS\system32\olurlusd.exe
2007-10-16 16:01 339,968 --a------ C:\WINDOWS\system32\srwvausx.dll
2007-10-16 15:58 d-------- C:\Program Files\Temporary
2007-10-16 01:27 389,184 --a------ C:\WINDOWS\system32\gaxatrrj.exe
2007-10-16 01:27 339,968 --a------ C:\WINDOWS\system32\wqxcjdmp.dll
2007-10-15 00:25 389,184 --a------ C:\WINDOWS\system32\utuwtate.exe
2007-10-15 00:25 339,968 --a------ C:\WINDOWS\system32\shoacphc.dll
2007-10-14 23:53 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-14 23:52 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-14 23:46 339,968 --a------ C:\WINDOWS\system32\fqgekxoe.dll
2007-10-14 23:45 389,184 --a------ C:\WINDOWS\system32\umimaanu.exe
2007-10-13 17:38 389,184 --a------ C:\WINDOWS\system32\frpktbcl.exe
2007-10-13 17:38 339,968 --a------ C:\WINDOWS\system32\vaovtjun.dll
2007-10-11 20:09 d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2007-10-11 20:07 d-------- C:\Program Files\Citrix
2007-10-11 20:07 60,968 --a------ C:\Documents and Settings\Brian Herron\GoToAssistDownloadHelper.exe
2007-10-09 15:52 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 05:57 879,784 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-10-09 05:57 108,312 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-10-09 05:57 75,016 --a------ C:\WINDOWS\system32\isafprod.dll
2007-10-09 05:57 32,264 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-10-09 05:57 26,376 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2007-10-09 05:57 21,512 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-10-09 05:57 21,128 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2007-10-09 05:53 d-------- C:\Documents and Settings\Brian Herron\Application Data\GetRightToGo
2007-10-09 05:24 46,592 --a------ C:\WINDOWS\system32\drivers\FMTR.sys
2007-10-09 05:24 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-09 05:19 d-------- C:\WINDOWS\system32\zp1
2007-10-09 05:19 d-------- C:\WINDOWS\system32\yw1
2007-10-09 05:19 d-------- C:\WINDOWS\system32\vMW02a
2007-10-09 05:19 d-------- C:\WINDOWS\system32\sim7
2007-10-09 05:19 d-------- C:\WINDOWS\system32\ipz2
2007-10-09 05:19 d-------- C:\temp\xOe
2007-10-09 05:19 294,668 --a------ C:\WINDOWS\frexup2.exe
2007-10-09 05:19 13,824 --a------ C:\WINDOWS\plite731.exe
2007-10-09 05:19 41 --a------ C:\WINDOWS\plite731_uninstaller_.bat
2007-09-24 00:37 d-------- C:\Jeppesen

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 20:43 --------- d-----w C:\Program Files\Common Files\oquf
2007-10-09 20:29 --------- d-----w C:\Documents and Settings\Brian Herron\Application Data\Lavasoft
2007-10-09 20:28 --------- d-----w C:\Program Files\Lavasoft
2007-10-02 16:14 --------- d-----w C:\Documents and Settings\Brian Herron\Application Data\AdobeUM
2007-09-29 02:14 --------- d-----w C:\Documents and Settings\Brian Herron\Application Data\uTorrent
2007-08-22 12:55 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 12:55 665,600 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:55 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 12:55 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 12:55 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 12:55 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:55 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 12:55 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 12:55 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 12:55 3,064,832 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 12:55 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 12:55 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 12:55 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 12:55 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:55 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 12:55 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:55 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:55 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:19 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-07-31 16:50 99,592 ----a-w C:\WINDOWS\system32\isafeif.dll
2007-07-31 16:50 79,424 ----a-w C:\WINDOWS\system32\vetredir.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2006-10-12 03:25:09 918,963 --sh--w C:\WINDOWS\system32\qtvwa.bak1
2006-10-25 04:50:25 935,998 --sh--w C:\WINDOWS\system32\qtvwa.bak2
2006-10-25 04:52:33 933,349 --sh--w C:\WINDOWS\system32\qtvwa.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41AC15CB-5A25-40DC-A1AF-8003027756CE}]
C:\WINDOWS\system32\awvtq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FB5B012-E8CB-46cd-B6D2-ED428FAE9043}]
C:\Program Files\ISM\BndDrive5.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971D5B7B-F7DF-43ee-B771-6B7FA09975C3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-17 20:53 339968 --a------ C:\WINDOWS\system32\mnmiysiw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\mnmiysiw.dll [2007-10-17 20:53 339968]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\mnmiysiw.dll [2007-10-17 20:53 339968]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 08:36]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 12:09]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 12:06]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 12:10]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 01:19 C:\WINDOWS\stsystra.exe]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 19:24]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 21:20]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-11 19:26]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-10-09 15:50]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-07-31 12:50]
"VideoraiPodConverter"="C:\Program Files\VideoraiPodConverter\VideoraConverter.exe" []
"plite731"="C:\WINDOWS\plite731.exe" [2007-10-09 05:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 04:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"Aim6"="" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"oquf"="C:\Program Files\Common Files\oquf\oqufm.exe" []
"ISMPack6"="C:\Program Files\ISM2\ISMPack6.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-12-21 02:22:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtq]
C:\WINDOWS\system32\awvtq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2007-10-11 20:07 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mnmiysiw]
mnmiysiw.dll 2007-10-17 20:53 339968 C:\WINDOWS\system32\mnmiysiw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingdm32]
wingdm32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebyx.dll

S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM;C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM

*Newly Created Service* - HTTPFILTER
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-19 02:30:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-19 2:34:39 - machine was rebooted
.
--- E O F ---

Bugbatter

3 Apprentice

 • 

20.5K Posts

October 19th, 2007 11:00

As requested, please post a fresh Hijackthis log. Thanks.

bherron87

5 Posts

October 19th, 2007 22:00

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:24:21 PM, on 10/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\plite731.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brian Herron\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.philadelphiaeagles.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {41AC15CB-5A25-40DC-A1AF-8003027756CE} - C:\WINDOWS\system32\awvtq.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - C:\Program Files\ISM\BndDrive5.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\mnmiysiw.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\mnmiysiw.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraConverter.exe -t
O4 - HKLM\..\Run: [plite731] C:\WINDOWS\plite731.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [oquf] C:\Program Files\Common Files\oquf\oqufm.exe
O4 - HKCU\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: awvtq - C:\WINDOWS\system32\awvtq.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O20 - Winlogon Notify: mnmiysiw - C:\WINDOWS\SYSTEM32\mnmiysiw.dll
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8613 bytes

Bugbatter

3 Apprentice

 • 

20.5K Posts

October 20th, 2007 00:00

Please delete the BETA version of HijackThis from your Desktop.

Please download HJT Installer for version 2.02 from Here to your desktop.
If not available use this alternate link: Here
  • Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.
  • It will be installed by default here: C:\Program Files\Trend Micro\HijackThis.
  • A shortcut to the application will also be placed on your Desktop.
  • The program will open automatically after installation.
  • You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.
  • The first time you open HijackThis, check the Main Menu button at the bottom center. When the main menu appears check the box "Show this window when I start HijackThis".
  • Click on "Do a system scan and save logfile." When the log pops up in Notepad, copy and paste that file back here.
  • DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
  • Before closing HJT, please click on the AnalyzeThis button. "Analyze This" DOES NOT mean "Analyze My Log". You will need to post your log on the forum.
  • Close the web page that appears and then close the program


  • After your new log is posted, we can continue.

bherron87

5 Posts

October 20th, 2007 08:00

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:45 AM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\plite731.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.philadelphiaeagles.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {41AC15CB-5A25-40DC-A1AF-8003027756CE} - C:\WINDOWS\system32\awvtq.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - C:\Program Files\ISM\BndDrive5.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\mnmiysiw.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\mnmiysiw.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraConverter.exe -t
O4 - HKLM\..\Run: [plite731] C:\WINDOWS\plite731.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [oquf] C:\Program Files\Common Files\oquf\oqufm.exe
O4 - HKCU\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: awvtq - C:\WINDOWS\system32\awvtq.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O20 - Winlogon Notify: mnmiysiw - C:\WINDOWS\SYSTEM32\mnmiysiw.dll
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8382 bytes

Bugbatter

3 Apprentice

 • 

20.5K Posts

October 20th, 2007 11:00

Thanks for posting that.
Please open HijackThis and click on the "Open the Misc Tools section" button.
Click on the "Open Uninstall Manager" button.
Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Select a place to save it. The list should open in notepad.
Copy and paste that list here.

bherron87

5 Posts

October 22nd, 2007 05:00

Ad-Aware 2007
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe Photoshop CS2
Adobe Reader 6.0.1
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
AIM 6.0
AOL Instant Messenger
AOLIcon
AviSynth 2.5
Broadcom Management Programs
Business Contact Manager for Outlook 2003
CA Anti-Virus
CA Anti-Virus
Conexant HDA D110 MDC V.92 Modem
CopyPod Suite (remove only)
CuteFTP 8 Home
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Wireless WLAN Card
DellSupport
Digital Content Portal
Digital Line Detect
DivX Web Player
EarthLink setup files
EducateU
FileZilla Client 3.0.0-beta2
Get High Speed Internet!
Google AFE
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.480
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Intel(R) Graphics Media Accelerator Driver for Mobile
Internal Network Card Power Management
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Jeppesen SIMCharts 4.0
Learn2 Player (Uninstall Only)
Magic ISO Maker v5.3 (build 0229)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Helper
Move Networks Player for Firefox
Mozilla Firefox (1.5.0.12)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
NetWaiting
NetZeroInstallers
PowerDVD 5.5
Qualxserve Service Agreement
QuickSet
QuickTime
RealPlayer
Safety Bar
SecondLife (remove only)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Synaptics Pointing Device Driver
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Videora iPod Converter 0.91
Viewpoint Media Player
virtual pet Creature v4.2 beta 2
virtual pet Creature v4.2 beta 2 (C:\Program Files\virtual pet Creature\)
WebCyberCoach 3.2 Dell
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinRAR archiver

Bugbatter

3 Apprentice

 • 

20.5K Posts

October 23rd, 2007 00:00

Open Notepad and copy/paste the following text between the dotted lines into it. Do not copy the dotted lines.
** Make sure you copy/paste ALL the text at once.
----------------------------------------------------------------------------------------------- 

Folder::
C:\WINDOWS\system32\zp1
C:\WINDOWS\system32\yw1
C:\WINDOWS\system32\vMW02a
C:\WINDOWS\system32\sim7
C:\WINDOWS\system32\ipz2
C:\Program Files\ISM
C:\temp\xOe


File::
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\pfydqpcv.exe
C:\WINDOWS\system32\mnmiysiw.dll
C:\WINDOWS\system32\iqhtiahn.exe
C:\WINDOWS\system32\cxeldtww.dll
C:\WINDOWS\system32\xyilrdrb.dll
C:\WINDOWS\system32\byepqjxu.exe
C:\WINDOWS\system32\olurlusd.exe
C:\WINDOWS\system32\srwvausx.dll
C:\WINDOWS\system32\gaxatrrj.exe
C:\WINDOWS\system32\wqxcjdmp.dll
C:\WINDOWS\system32\utuwtate.exe
C:\WINDOWS\system32\shoacphc.dll
C:\WINDOWS\system32\fqgekxoe.dll
C:\WINDOWS\system32\umimaanu.exe
C:\WINDOWS\system32\frpktbcl.exe
C:\WINDOWS\system32\vaovtjun.dll
C:\WINDOWS\frexup2.exe
C:\WINDOWS\plite731.exe
C:\WINDOWS\system32\qtvwa.bak1
C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.ini2
C:\WINDOWS\plite731_uninstaller_.bat
C:\WINDOWS\system32\awvtq.dll


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41AC15CB-5A25-40DC-A1AF-8003027756CE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FB5B012-E8CB-46cd-B6D2-ED428FAE9043}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971D5B7B-F7DF-43ee-B771-6B7FA09975C3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"plite731"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"oquf"=-
"ISMPack6"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtq]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mnmiysiw]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingdm32]


--------------------------------------------------------------------------------------------------

Save this as CFScript.txt

Photo Sharing and Video Hosting at Photobucket

Referring to the picture above, drag CFScript into ComboFix.exe
You will be prompted to run Combofix again. Follow the same instructions you did before for running ComboFix.
CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

When finished, a log is produced here: C:\ComboFix.txt

Please provide the contents of the new ComboFix log in your next reply along with a new HijackThis log, and let me know how things are running.

Was this post helpful?

View All

No Events found!

Top