tlemaster

86 Posts

7075

November 8th, 2007 15:00

Please HELP! My notebook boots slow and CD/DVD will not recognize disks.

I believe I have been infected. I have tried to run multiple adware/spyware programs to clean this mess up but have had no luck. I have Symantic Antivirus, Ad-Aware 2007 and Spybot S&D. I also ran SUPERAntiSpyware and SmitfraudFix. Each time they find problems but it never gets completly removed. My system is suffering with slow start ups, I get redirected messages for web pages, web pages pop up, and now my CD/DVD player will not recognize any disks. The light is on like it is reading the disk, but that is all it does. Please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:35 PM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\sdwork\issimsvc.exe
C:\program files\lotus\notes\ntmulti.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: 127.0.1.10 corpmeeting01c.ge.com
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [4876b629] rundll32.exe "C:\WINDOWS\system32\csqqicut.dll",b
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add Person to NotesBuddy... - C:\Program Files\IBM\NotesBuddy\AddPersonN.html
O8 - Extra context menu item: Add Picture to NotesBuddy... - C:\Program Files\IBM\NotesBuddy\AddImageN.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://www-1.ibm.com/qp2.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3.ibm.com/tools/print/plugin/gpwsx.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - Unknown owner - C:\Program Files\C4ebreg\c4ebreg.exe (file missing)
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\program files\lotus\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11180 bytes

Responses(103)

B

bamajim

10.4K Posts

0

November 9th, 2007 12:00

tlemaster

We have some stuff hiding.

Open the C:\Program Files\Trend Micro\HijackThis folder. Locate the Hijackthis.exe file ->> Rt Click ->> Select Rename.

Rename it H.exe Then Rerun H.exe (formerly Hijackthis.exe) and post a fresh log.

Microsoft MVP Windows-Security

CastleCops Instructor

"The world is what you make of it"

tlemaster

86 Posts

0

November 9th, 2007 23:00

bamajim, here is my new log. thanks for your attention.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:05 PM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\sdwork\issimsvc.exe
C:\program files\lotus\notes\ntmulti.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\Fonts\svchost.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\H.exe

O1 - Hosts: 127.0.1.10 corpmeeting01c.ge.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11D1ADBF-F2EA-4C22-A85A-EB4D12FB9F2A} - (no file)
O2 - BHO: (no name) - {40032E4E-359D-4B8B-9D62-9B09BB60D2CA} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {4A0BE8F5-F6F4-471E-97DC-E2556936FCAD} - (no file)
O2 - BHO: (no name) - {4DED6C14-CEB3-4453-A12D-9ABAF573D868} - C:\WINDOWS\system32\ssqrp.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {62A4FBB6-68EC-446E-9F3C-8DDDE95011D7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {75e62736-1143-d069-da04-9554cfc114b7} - {7b411cfc-4559-40ad-960d-341163726e57} - C:\WINDOWS\system32\ibrdbmmj.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B2C70EBC-0C82-4E37-BAD6-DF4184B37596} - (no file)
O2 - BHO: (no name) - {BCC73622-F72D-4277-803C-D65565A0947F} - C:\WINDOWS\system32\jkklmmj.dll
O2 - BHO: (no name) - {DA401A4A-B170-44D0-9E52-59DB910877B9} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [4876b629] rundll32.exe "C:\WINDOWS\system32\csqqicut.dll",b
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add Person to NotesBuddy... - C:\Program Files\IBM\NotesBuddy\AddPersonN.html
O8 - Extra context menu item: Add Picture to NotesBuddy... - C:\Program Files\IBM\NotesBuddy\AddImageN.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://www-1.ibm.com/qp2.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3.ibm.com/tools/print/plugin/gpwsx.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: jkklmmj - C:\WINDOWS\SYSTEM32\jkklmmj.dll
O20 - Winlogon Notify: ksisxovg - ksisxovg.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - Unknown owner - C:\Program Files\C4ebreg\c4ebreg.exe (file missing)
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\program files\lotus\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12984 bytes

B

bamajim

10.4K Posts

0

November 10th, 2007 00:00

tlemaster

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Microsoft MVP Windows-Security

CastleCops Instructor

"The world is what you make of it"

tlemaster

86 Posts

0

November 10th, 2007 00:00

results from VundoFix ...

VundoFix V6.5.11

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 9:19:12 PM 11/9/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

results from new Hijack ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:38 PM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\sdwork\issimsvc.exe
C:\program files\lotus\notes\ntmulti.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\Fonts\svchost.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\H.exe

O1 - Hosts: 127.0.1.10 corpmeeting01c.ge.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11D1ADBF-F2EA-4C22-A85A-EB4D12FB9F2A} - (no file)
O2 - BHO: (no name) - {40032E4E-359D-4B8B-9D62-9B09BB60D2CA} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {4A0BE8F5-F6F4-471E-97DC-E2556936FCAD} - (no file)
O2 - BHO: (no name) - {4DED6C14-CEB3-4453-A12D-9ABAF573D868} - C:\WINDOWS\system32\ssqrp.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {62A4FBB6-68EC-446E-9F3C-8DDDE95011D7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {75e62736-1143-d069-da04-9554cfc114b7} - {7b411cfc-4559-40ad-960d-341163726e57} - C:\WINDOWS\system32\ibrdbmmj.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B2C70EBC-0C82-4E37-BAD6-DF4184B37596} - (no file)
O2 - BHO: (no name) - {BCC73622-F72D-4277-803C-D65565A0947F} - C:\WINDOWS\system32\jkklmmj.dll
O2 - BHO: (no name) - {DA401A4A-B170-44D0-9E52-59DB910877B9} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [4876b629] rundll32.exe "C:\WINDOWS\system32\csqqicut.dll",b
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add Person to NotesBuddy... - C:\Program Files\IBM\NotesBuddy\AddPersonN.html
O8 - Extra context menu item: Add Picture to NotesBuddy... - C:\Program Files\IBM\NotesBuddy\AddImageN.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://www-1.ibm.com/qp2.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3.ibm.com/tools/print/plugin/gpwsx.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: jkklmmj - C:\WINDOWS\SYSTEM32\jkklmmj.dll
O20 - Winlogon Notify: ksisxovg - ksisxovg.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - Unknown owner - C:\Program Files\C4ebreg\c4ebreg.exe (file missing)
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\program files\lotus\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12994 bytes

B

bamajim

10.4K Posts

0

November 11th, 2007 11:00

tlemaster

We are going to run Vundofix again, but alter the instructions slightly
Run VundoFix again

At the Main window Rt Click in the Open Box and Select Add Files
A second window will open
Copy and paste the following into the blank boxes, one file path in each blank box.NOTE: There are 6 blank boxes. If there are more than 6 files to load. Then load 6
Select Close window, then
At the Main window Rt Click in the Open Box and Select Add Files Again
- C:\WINDOWS\system32\ssqrp.dll
  C:\WINDOWS\system32\prqss.*
  C:\WINDOWS\system32\ibrdbmmj.dll
  C:\WINDOWS\system32\jmmbdrbj.*
  C:\WINDOWS\system32\jkklmmj.dll
  C:\WINDOWS\system32\jmmlkkj.*
Select Add Files ->> Repeat untill they are all loaded Then Close Window
Click the Remove Vundo button. Do not click the Scan for Vundo Button
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot

Microsoft MVP Windows-Security

CastleCops Instructor

"The world is what you make of it"

tlemaster

86 Posts

0

November 11th, 2007 20:00

Thanks Bamajim, things are starting to look much better .... here are my new logs ...

VundoFix V6.5.11

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 9:19:12 PM 11/9/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ibrdbmmj.dll
C:\WINDOWS\system32\ibrdbmmj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkklmmj.dll
C:\WINDOWS\system32\jkklmmj.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\ssqrp.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkklmmj.dll
C:\WINDOWS\system32\jkklmmj.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.11

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 4:57:24 PM 11/11/2007

Listing files found while scanning....

C:\WINDOWS\system32\bjxnpxtu.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bjxnpxtu.dll
C:\WINDOWS\system32\bjxnpxtu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkklmmj.dll
C:\WINDOWS\system32\jkklmmj.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkklmmj.dll
C:\WINDOWS\system32\jkklmmj.dll Could not be deleted.

Performing Repairs to the registry.
Done!

**************************************************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:53 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\lxwhbgcg.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\sdwork\issimsvc.exe
C:\program files\lotus\notes\ntmulti.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\mrofinu1188.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\WinAble\winable.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\H.exe

O1 - Hosts: 127.0.1.10 corpmeeting01c.ge.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11D1ADBF-F2EA-4C22-A85A-EB4D12FB9F2A} - (no file)
O2 - BHO: (no name) - {2437AA13-B191-48DC-A6C4-B11008395AC8} - C:\WINDOWS\system32\pmnlm.dll
O2 - BHO: (no name) - {26904B10-01F0-429D-ADF2-4F79E64FF407} - C:\WINDOWS\system32\ssqrp.dll (file missing)
O2 - BHO: (no name) - {40032E4E-359D-4B8B-9D62-9B09BB60D2CA} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {4A0BE8F5-F6F4-471E-97DC-E2556936FCAD} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {62A4FBB6-68EC-446E-9F3C-8DDDE95011D7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {13f5e324-c8b5-adeb-0064-d9fd51efde78} - {87edfe15-df9d-4600-beda-5b8c423e5f31} - C:\WINDOWS\system32\anopdnje.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B2C70EBC-0C82-4E37-BAD6-DF4184B37596} - (no file)
O2 - BHO: (no name) - {BCC73622-F72D-4277-803C-D65565A0947F} - C:\WINDOWS\system32\jkklmmj.dll
O2 - BHO: (no name) - {DA401A4A-B170-44D0-9E52-59DB910877B9} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [4876b629] rundll32.exe "C:\WINDOWS\system32\hdacftcn.dll",b
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add Person to NotesBuddy... - C:\Program Files\IBM\NotesBuddy\AddPersonN.html
O8 - Extra context menu item: Add Picture to NotesBuddy... - C:\Program Files\IBM\NotesBuddy\AddImageN.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://www-1.ibm.com/qp2.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3.ibm.com/tools/print/plugin/gpwsx.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: ksisxovg - ksisxovg.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\lxwhbgcg.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - Unknown owner - C:\Program Files\C4ebreg\c4ebreg.exe (file missing)
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\program files\lotus\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13556 bytes

B

bamajim

10.4K Posts

0

November 12th, 2007 12:00

tlemaster

Glad to hear it. Sorry for the delay

Please download Combofix and save to your desktop:

Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Microsoft MVP Windows-Security

CastleCops Instructor

"The world is what you make of it"

tlemaster

86 Posts

0

November 12th, 2007 17:00

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
2007-11-12 07:54 36352 --a------ C:\WINDOWS\system32\jkkiffe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11D1ADBF-F2EA-4C22-A85A-EB4D12FB9F2A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26904B10-01F0-429D-ADF2-4F79E64FF407}]
C:\WINDOWS\system32\ssqrp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40032E4E-359D-4B8B-9D62-9B09BB60D2CA}]
C:\WINDOWS\system32\jkkjh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A0BE8F5-F6F4-471E-97DC-E2556936FCAD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62A4FBB6-68EC-446E-9F3C-8DDDE95011D7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93437303-9c47-48f0-8046-851df344a6b2}]
2007-11-12 08:00 81472 --a------ C:\WINDOWS\system32\xdaqwllv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-12 13:50 144320 --a------ C:\WINDOWS\system32\xnawsfit.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2C70EBC-0C82-4E37-BAD6-DF4184B37596}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA401A4A-B170-44D0-9E52-59DB910877B9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\xnawsfit.dll [2007-11-12 13:50 144320]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\xnawsfit.dll [2007-11-12 13:50 144320]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-19 04:41]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-19 04:38]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-19 04:42]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 05:56]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 22:35 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-12-06 11:45]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-04-12 10:30]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2007-01-16 10:26]
"stgclean"="c:\sdwork\w32main2.exe" [2007-07-05 10:32]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 19:48]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-08-18 11:50]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 01:26]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2004-09-21 12:22]
"ISSI EZUpdate Service"="c:\sdwork\issimsvc.exe" [2007-06-12 07:25]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-03 17:09]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 17:57]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-01-10 11:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"4876b629"="C:\WINDOWS\system32\ryaqeeyx.dll" [2007-11-12 07:57]
"runner1"="C:\WINDOWS\mrofinu1188.exe" [2007-11-12 14:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [2006-01-06 09:57]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 15:25]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 17:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-21 23:22:07]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"= C:\WINDOWS\system32\jkkiffe.dll [2007-11-12 07:54 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmgrtok]
atmgrtok.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkiffe]
jkkiffe.dll 2007-11-12 07:54 36352 C:\WINDOWS\system32\jkkiffe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ksisxovg]
ksisxovg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
pcsinst.dll 2004-04-27 17:02 49152 C:\WINDOWS\system32\pcsinst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xnawsfit]
xnawsfit.dll 2007-11-12 13:50 144320 C:\WINDOWS\system32\xnawsfit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvtu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C4EBReg]
"C:\Program Files\C4ebreg\c4ebreg.exe" /q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
"C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESPN BottomLine]
C:\Program Files\ESPN\BottomLine\bline.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"C:\Program Files\Dell PC Fax\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISAMTray]
"C:\Program Files\C4ebreg\isamtray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISSI EZUpdate Service]
"c:\sdwork\issimsvc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 3100 Series]
"C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBRKsk]
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
"C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
"C:\Program Files\Logitech\Profiler\lwemon.exe" /noui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tpam.exe]
"C:\Program Files\IBM\Personal Communications\tpam.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
"C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"

R2 AppnApi;AppnApi;C:\WINDOWS\system32\drivers\appnapi.sys
R2 IBM_LLC2;IBM Personal Communications LLC2 Driver;C:\WINDOWS\system32\DRIVERS\llc2.sys
R2 NsTrcNT;NsTrcNT;C:\WINDOWS\system32\drivers\nstrcnt.sys
R2 pdlnctdl;Twinax CUT Adapter;C:\WINDOWS\system32\drivers\pdlnctdl.sys
R2 pdlndldl;IBM Enterprise Extender (HPR/IP);C:\WINDOWS\system32\drivers\pdlndldl.sys
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter
R3 ABVPN2K;Net Firewall Miniport Interface;C:\WINDOWS\system32\DRIVERS\abvpn2k.sys
R3 Anydlc;Anydlc;C:\WINDOWS\system32\drivers\anydlc.sys
R3 Appn;Appn;C:\WINDOWS\system32\drivers\appn.sys
R3 AppnBase;AppnBase;C:\WINDOWS\system32\drivers\AppnBase.sys
R3 KLOGNT;KLOGNT;C:\WINDOWS\system32\drivers\klognt.sys
R3 pdlnacom;PDLC Adapter -- COM;C:\WINDOWS\system32\drivers\pdlnacom.sys
R3 pdlnafac;PDLC Adapter Factory;C:\WINDOWS\system32\drivers\pdlnafac.sys
R3 pdlnatcm;Twinax Adapter Common;C:\WINDOWS\system32\drivers\pdlnatcm.sys
R3 pdlnatdl;Twinax Adapter;C:\WINDOWS\system32\drivers\pdlnatdl.sys
R3 pdlncbas;PDLC CxM Classes;C:\WINDOWS\system32\drivers\pdlncbas.sys
R3 pdlncfwk;PDLC Connection Manager;C:\WINDOWS\system32\drivers\pdlncfwk.sys
R3 pdlndint;PDLC DLC Classes;C:\WINDOWS\system32\drivers\pdlndint.sys
R3 pdlndlpb;PDLC LAPB;C:\WINDOWS\system32\drivers\pdlndlpb.sys
R3 pdlndoem;PDLC OEM Interface;C:\WINDOWS\system32\drivers\pdlndoem.sys
R3 pdlndqll;PDLC QLLC;C:\WINDOWS\system32\drivers\pdlndqll.sys
R3 pdlndsdl;PDLC SDLC;C:\WINDOWS\system32\drivers\pdlndsdl.sys
R3 pdlndtdl;Twinax DLC;C:\WINDOWS\system32\drivers\pdlndtdl.sys
R3 pdlnebas;PDLC Environment;C:\WINDOWS\system32\drivers\pdlnebas.sys
R3 pdlnecfg;PDLC Configuration;C:\WINDOWS\system32\drivers\pdlnecfg.sys
R3 pdlnemap;PDLC Mapper;C:\WINDOWS\system32\drivers\pdlnemap.sys
R3 pdlnemsg;PDLC Message Driver;C:\WINDOWS\system32\drivers\pdlnemsg.sys
R3 pdlnepkt;PDLC Buffer Manager;C:\WINDOWS\system32\drivers\pdlnepkt.sys
R3 pdlnshay;PDLC Hayes At signalling;C:\WINDOWS\system32\drivers\pdlnshay.sys
R3 pdlnslea;PDLC SDLC Leased;C:\WINDOWS\system32\drivers\pdlnslea.sys
R3 pdlnsv25;PDLC V25bis signalling;C:\WINDOWS\system32\drivers\pdlnsv25.sys
R3 pdlnsx25;PDLC X.25;C:\WINDOWS\system32\drivers\pdlnsx25.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S2 ISAMSvc;IBM Standard Asset Manager Service;C:\Program Files\C4ebreg\c4ebreg.exe
S3 avpnnic;AGN Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\avpnnic.sys
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-03 00:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Tony LeMaster.job"
"2007-11-12 19:00:26 C:\WINDOWS\Tasks\Symantec NetDetect.job"
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 14:13:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-12 14:20:12 - machine was rebooted
.
--- E O F ---

tlemaster

86 Posts

0

November 12th, 2007 17:00

No problem, I really appreciate your help. Here's the log from ComboFix

ComboFix 07-11-08.3 - Tony LeMaster 2007-11-12 13:52:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.430 [GMT -5:00]
Running from: C:\Documents and Settings\Tony LeMaster\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Tony LeMaster\Application Data\inst.exe
C:\Documents and Settings\Tony LeMaster\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Tony LeMaster\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Tony LeMaster\Favorites\Online Security Guide.lnk
C:\Program Files\Temporary
C:\Program Files\Temporary\wininstall.exe
C:\Program Files\WinAble
C:\Program Files\WinAble\winable.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\bjxnpxtu.dllbox
C:\WINDOWS\system32\gjllm.bak1
C:\WINDOWS\system32\gjllm.bak2
C:\WINDOWS\system32\gjllm.ini
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak2
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.bak2
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\prqss.bak1
C:\WINDOWS\system32\prqss.bak2
C:\WINDOWS\system32\prqss.ini
C:\WINDOWS\system32\xnawsfit.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FAD
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))
.

2007-11-12 13:50 144,320 --a------ C:\WINDOWS\system32\xnawsfit.dll
2007-11-12 13:50 144,320 --a------ C:\WINDOWS\system32\pgcjavlw.dll
2007-11-12 13:48 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 08:00 81,472 --a------ C:\WINDOWS\system32\xdaqwllv.dll
2007-11-12 07:57 89,664 --a------ C:\WINDOWS\system32\ryaqeeyx.dll
2007-11-12 07:54 36,352 --a------ C:\WINDOWS\system32\jkkiffe.dll
2007-11-12 07:53 71,232 --a------ C:\WINDOWS\system32\tngtihrx.exe
2007-11-11 14:41 36,352 --a------ C:\WINDOWS\system32\wvuvwxu.dll
2007-11-11 14:41 1,545 --a------ C:\Documents and Settings\Tony LeMaster\x.dat
2007-11-11 14:41 134 --a------ C:\n.bat
2007-11-11 14:41 0 --a------ C:\x.dat
2007-11-11 14:40 172,032 --a------ C:\winlogon.exe
2007-11-11 14:40 1,663 --a------ C:\Documents and Settings\Tony LeMaster\z.dat
2007-11-11 14:40 0 --a------ C:\z.dat
2007-11-11 14:39 79,936 --a------ C:\WINDOWS\system32\anopdnje.dll
2007-11-11 14:38 71,232 --a------ C:\WINDOWS\system32\lkyfkwvy.exe
2007-11-09 21:48 144,320 --a------ C:\WINDOWS\system32\rtghsqxd.dll
2007-11-09 21:48 77,888 --a------ C:\WINDOWS\system32\isjomhuy.dll
2007-11-09 21:48 71,232 --a------ C:\WINDOWS\system32\lxwhbgcg.exe
2007-11-09 21:19 d-------- C:\VundoFix Backups
2007-11-08 08:07 35,328 --a------ C:\WINDOWS\system32\qomnmml.dll
2007-11-08 08:04 145,984 --a------ C:\WINDOWS\system32\gnrtwpbc.dll
2007-11-07 15:08 35,328 --a------ C:\WINDOWS\system32\ljjhiij.dll
2007-11-07 04:38 79,936 --a------ C:\WINDOWS\system32\twlkdlrp.dll
2007-11-07 04:32 71,232 --a------ C:\WINDOWS\system32\cvkewhoy.exe
2007-11-07 04:29 145,984 --a------ C:\WINDOWS\system32\hkbtmyoj.dll
2007-11-06 12:28 7,467,056 --a------ C:\temp\spybotsd15.exe
2007-11-06 10:21 35,328 --a------ C:\WINDOWS\system32\byxxyaa.dll
2007-11-04 22:24 786 --a------ C:\6078.bat
2007-11-04 21:44 786 --a------ C:\3232.bat
2007-11-04 15:11 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-04 13:43 d-------- C:\Program Files\Trend Micro
2007-11-03 23:07 d-------- C:\WINDOWS\system32\Mz18r
2007-11-03 23:07 35,328 --a------ C:\WINDOWS\system32\jkkkkhe.dll
2007-11-03 08:02 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-03 07:59 35,328 --a------ C:\WINDOWS\system32\jkklmmj.dll
2007-11-03 07:57 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 11:02 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-11-02 11:02 19,424 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2007-11-02 10:48 d-------- C:\Phone Wallpaper
2007-11-01 10:02 d-------- C:\Phone Ringtone
2007-11-01 09:49 d-------- C:\Program Files\Create-Ringtone
2007-11-01 09:48 1,690,923 --a------ C:\temp\create-ringtone_setup.exe
2007-10-31 16:18 d-------- C:\Documents and Settings\All Users\Application Data\Dell
2007-10-31 16:16 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-10-31 16:15 d-------- C:\Program Files\Dell Support Center
2007-10-31 16:15 d-------- C:\Program Files\Common Files\supportsoft
2007-10-24 08:05 d-------- C:\Program Files\Windows Desktop Search
2007-10-24 08:05 d-------- C:\Documents and Settings\Tony LeMaster\Application Data\Windows Desktop Search
2007-10-24 08:04 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2007-10-24 08:04 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2007-10-24 08:04 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2007-10-24 08:00 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2007-10-24 08:00 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2007-10-24 08:00 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 19:16 69,632 ----a-w C:\a.exe
2007-11-12 19:14 32,768 ----a-w C:\svchost.exe
2007-11-12 19:10 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-12 18:37 --------- d-----w C:\Documents and Settings\Tony LeMaster\Application Data\WeatherBug
2007-11-11 22:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-10 02:17 --------- d-----w C:\Documents and Settings\Tony LeMaster\Application Data\U3
2007-11-08 17:24 --------- d-----w C:\Program Files\BearShare
2007-11-08 16:12 4,666 ----a-w C:\WINDOWS\system32\tmp.reg
2007-11-08 14:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 23:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-07 22:48 --------- d--h--w C:\Documents and Settings\Tony LeMaster\Application Data\Gtek
2007-11-05 03:01 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-05 03:01 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-05 03:01 123,952 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-05 03:01 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-05 03:01 --------- d-----w C:\Program Files\Symantec
2007-11-03 17:09 69,632 ----a-w C:\WINDOWS\system32\realbap1.dll
2007-11-03 17:09 45,568 ----a-w C:\WINDOWS\system32\realbsf1.dll
2007-11-02 16:06 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-02 16:06 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-11-02 15:59 --------- d-----w C:\Program Files\Sony Ericsson
2007-11-02 15:57 --------- d-----w C:\Program Files\Java
2007-10-30 18:23 --------- d-----w C:\Program Files\Dell PC Fax
2007-10-30 18:21 --------- d-----w C:\Program Files\Yahoo!
2007-10-30 18:21 --------- d-----w C:\Program Files\Viewpoint
2007-10-30 18:21 --------- d-----w C:\Program Files\ViaVoice Outloud
2007-10-30 18:21 --------- d-----w C:\Program Files\QuickTime
2007-10-30 18:21 --------- d-----w C:\Program Files\Pinnacle
2007-10-30 18:21 --------- d-----w C:\Program Files\OfficeUpdate11
2007-10-30 18:21 --------- d-----w C:\Program Files\Modem Helper
2007-10-30 18:21 --------- d-----w C:\Program Files\Dell
2007-10-30 18:21 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-30 18:20 --------- d-----w C:\Program Files\Apple Software Update
2007-10-30 17:55 --------- d-----w C:\Program Files\dl_cats
2007-10-29 13:48 --------- d-----w C:\Documents and Settings\Tony LeMaster\Application Data\Viewpoint
2007-10-29 13:27 --------- d-----w C:\Program Files\AIM6
2007-10-29 13:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-29 13:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-28 00:00 --------- d-----w C:\Program Files\AT&T Network Client
2007-10-27 01:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-18 20:45 6,788 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-10 00:41 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-09 02:12 --------- d-----w C:\Program Files\MSBuild
2007-10-09 02:08 --------- d-----w C:\Program Files\Reference Assemblies
2007-10-09 01:43 --------- d-----w C:\Program Files\MUSICMATCH
2007-10-09 01:34 --------- d-----w C:\Program Files\DVDFab HD Decrypter 3
2007-10-08 01:28 --------- d-----w C:\Program Files\Lavasoft
2007-10-08 01:28 --------- d-----w C:\Documents and Settings\Tony LeMaster\Application Data\Lavasoft
2007-10-08 01:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-05 22:36 --------- d-----w C:\Program Files\Norton Internet Security
2007-09-27 22:53 --------- d-----w C:\Program Files\DivX
2007-09-25 00:59 --------- d-----w C:\Documents and Settings\Tony LeMaster\Application Data\AdobeUM
2007-09-25 00:36 --------- d-----w C:\Documents and Settings\Tony LeMaster\Application Data\AdobeAUM
2007-09-25 00:22 --------- d-----w C:\Program Files\Sony
2007-09-25 00:21 --------- d-----w C:\Program Files\Sony Setup
2007-09-25 00:09 --------- d-----w C:\Documents and Settings\Tony LeMaster\Application Data\Teleca
2007-09-25 00:00 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-09-24 23:59 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2007-09-24 23:59 --------- d-----w C:\Documents and Settings\Tony LeMaster\Application Data\Sony Ericsson
2007-09-24 23:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2007-09-24 23:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-12 21:06 --------- d-----w C:\Program Files\Plus!
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-01-10 16:15:15 839,689 --sh--w C:\WINDOWS\Fonts\svchost.exe
2006-06-21 01:00:42 56 --sh--r C:\WINDOWS\system32\8CCA6B4D2D.sys
2006-03-03 03:15:20 56 --sh--r C:\WINDOWS\system32\9D8E5C4B39.sys
2006-03-01 22:24:07 56 --sh--r C:\WINDOWS\system32\A7B34472E9.sys
.

B

bamajim

10.4K Posts

0

November 12th, 2007 19:00

tlemaster

1. Open NotePad (not wordpad). Copy and paste the following into Notepad

File::
C:\WINDOWS\system32\xnawsfit.dll
C:\WINDOWS\system32\pgcjavlw.dll
C:\WINDOWS\system32\xdaqwllv.dll
C:\WINDOWS\system32\ryaqeeyx.dll
C:\WINDOWS\system32\jkkiffe.dll
C:\WINDOWS\system32\tngtihrx.exe
C:\WINDOWS\system32\wvuvwxu.dll
C:\winlogon.exe
C:\WINDOWS\system32\anopdnje.dll
C:\WINDOWS\system32\lkyfkwvy.exe
C:\WINDOWS\system32\rtghsqxd.dll
C:\WINDOWS\system32\isjomhuy.dll
C:\WINDOWS\system32\lxwhbgcg.exe
C:\WINDOWS\system32\qomnmml.dll
C:\WINDOWS\system32\gnrtwpbc.dll
C:\WINDOWS\system32\ljjhiij.dll
C:\WINDOWS\system32\twlkdlrp.dll
C:\WINDOWS\system32\cvkewhoy.exe
C:\WINDOWS\system32\hkbtmyoj.dll
C:\WINDOWS\system32\byxxyaa.dll
C:\WINDOWS\system32\Mz18r
C:\WINDOWS\system32\jkkkkhe.dll
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\jkklmmj.dll
C:\a.exe
C:\svchost.exe
C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\jkkjh.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11D1ADBF-F2EA-4C22-A85A-EB4D12FB9F2A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26904B10-01F0-429D-ADF2-4F79E64FF407}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40032E4E-359D-4B8B-9D62-9B09BB60D2CA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A0BE8F5-F6F4-471E-97DC-E2556936FCAD}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62A4FBB6-68EC-446E-9F3C-8DDDE95011D7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93437303-9c47-48f0-8046-851df344a6b2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2C70EBC-0C82-4E37-BAD6-DF4184B37596}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA401A4A-B170-44D0-9E52-59DB910877B9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Host Process"=-
"4876b629"=-
"runner1"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmgrtok]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkiffe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ksisxovg]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xnawsfit]

Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

user posted image

You will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply

Microsoft MVP Windows-Security

CastleCops Instructor

"The world is what you make of it"

tlemaster

86 Posts

0

November 12th, 2007 20:00

Here's the log ...

ComboFix 07-11-08.3 - Tony LeMaster 2007-11-12 16:51:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.426 [GMT -5:00]
Running from: C:\Documents and Settings\Tony LeMaster\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tony LeMaster\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\a.exe
C:\svchost.exe
C:\WINDOWS\system32\anopdnje.dll
C:\WINDOWS\system32\byxxyaa.dll
C:\WINDOWS\system32\cvkewhoy.exe
C:\WINDOWS\system32\gnrtwpbc.dll
C:\WINDOWS\system32\hkbtmyoj.dll
C:\WINDOWS\system32\isjomhuy.dll
C:\WINDOWS\system32\jkkiffe.dll
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkkkhe.dll
C:\WINDOWS\system32\jkklmmj.dll
C:\WINDOWS\system32\ljjhiij.dll
C:\WINDOWS\system32\lkyfkwvy.exe
C:\WINDOWS\system32\lxwhbgcg.exe
C:\WINDOWS\system32\Mz18r
C:\WINDOWS\system32\pgcjavlw.dll
C:\WINDOWS\system32\qomnmml.dll
C:\WINDOWS\system32\rtghsqxd.dll
C:\WINDOWS\system32\ryaqeeyx.dll
C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\tngtihrx.exe
C:\WINDOWS\system32\twlkdlrp.dll
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\wvuvwxu.dll
C:\WINDOWS\system32\xdaqwllv.dll
C:\WINDOWS\system32\xnawsfit.dll
C:\winlogon.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Tony LeMaster\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Tony LeMaster\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Tony LeMaster\Favorites\Online Security Guide.lnk
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\anopdnje.dll
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\byxxyaa.dll
C:\WINDOWS\system32\cvkewhoy.exe
C:\WINDOWS\system32\gnrtwpbc.dll
C:\WINDOWS\system32\hkbtmyoj.dll
C:\WINDOWS\system32\isjomhuy.dll
C:\WINDOWS\system32\jkkiffe.dll
C:\WINDOWS\system32\jkkkkhe.dll
C:\WINDOWS\system32\jkklmmj.dll
C:\WINDOWS\system32\ljjhiij.dll
C:\WINDOWS\system32\lkyfkwvy.exe
C:\WINDOWS\system32\lxwhbgcg.exe
C:\WINDOWS\system32\pgcjavlw.dll
C:\WINDOWS\system32\qomnmml.dll
C:\WINDOWS\system32\rtghsqxd.dll
C:\WINDOWS\system32\ryaqeeyx.dll
C:\WINDOWS\system32\tngtihrx.exe
C:\WINDOWS\system32\twlkdlrp.dll
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini2
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\wvuvwxu.dll
C:\WINDOWS\system32\xdaqwllv.dll
C:\WINDOWS\system32\xnawsfit.dll
C:\WINDOWS\system32\xnawsfit.dllbox
C:\winlogon.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))
.

2007-11-12 14:17 36,352 --a------ C:\WINDOWS\system32\iiffghe.dll
2007-11-12 13:48 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 14:41 1,545 --a------ C:\Documents and Settings\Tony LeMaster\x.dat
2007-11-11 14:41 134 --a------ C:\n.bat
2007-11-11 14:41 0 --a------ C:\x.dat
2007-11-11 14:40 1,663 --a------ C:\Documents and Settings\Tony LeMaster\z.dat
2007-11-11 14:40 0 --a------ C:\z.dat
2007-11-09 21:19 d-------- C:\VundoFix Backups
2007-11-06 12:28 7,467,056 --a------ C:\temp\spybotsd15.exe
2007-11-04 22:24 786 --a------ C:\6078.bat
2007-11-04 21:44 786 --a------ C:\3232.bat
2007-11-04 15:11 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-04 13:43 d-------- C:\Program Files\Trend Micro
2007-11-03 23:07 d-------- C:\WINDOWS\system32\Mz18r
2007-11-03 07:57 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 11:02 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-11-02 11:02 19,424 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2007-11-02 10:48 d-------- C:\Phone Wallpaper
2007-11-01 10:02 d-------- C:\Phone Ringtone
2007-11-01 09:49 d-------- C:\Program Files\Create-Ringtone
2007-11-01 09:48 1,690,923 --a------ C:\temp\create-ringtone_setup.exe
2007-10-31 16:18 d-------- C:\Documents and Settings\All Users\Application Data\Dell
2007-10-31 16:16 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-10-31 16:15 d-------- C:\Program Files\Dell Support Center
2007-10-31 16:15 d-------- C:\Program Files\Common Files\supportsoft
2007-10-24 08:05 d-------- C:\Program Files\Windows Desktop Search
2007-10-24 08:05 d-------- C:\Documents and Settings\Tony LeMaster\Application Data\Windows Desktop Search
2007-10-24 08:04 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2007-10-24 08:04 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2007-10-24 08:04 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2007-10-24 08:00 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2007-10-24 08:00 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2007-10-24 08:00 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 22:01 --------- d-----w C:\Documents and Settings\Tony LeMaster\Application Data\WeatherBug
2007-11-12 22:00 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-11 22:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-10 02:17 --------- d-----w C:\Documents and Settings\Tony LeMaster\Application Data\U3
2007-11-08 17:24 --------- d-----w C:\Program Files\BearShare
2007-11-08 14:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 23:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-07 22:48 --------- d--h--w C:\Documents and Settings\Tony LeMaster\Application Data\Gtek
2007-11-05 03:01 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-05 03:01 123,952 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-05 03:01 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-05 03:01 --------- d-----w C:\Program Files\Symantec
2007-11-02 16:06 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-02 16:06 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-11-02 15:59 --------- d-----w C:\Program Files\Sony Ericsson
2007-11-02 15:57 --------- d-----w C:\Program Files\Java
2007-10-30 18:23 --------- d-----w C:\Program Files\Dell PC Fax
2007-10-30 18:21 --------- d-----w C:\Program Files\Yahoo!
2007-10-30 18:21 --------- d-----w C:\Program Files\Viewpoint
2007-10-30 18:21 --------- d-----w C:\Program Files\ViaVoice Outloud
2007-10-30 18:21 --------- d-----w C:\Program Files\QuickTime
2007-10-30 18:21 --------- d-----w C:\Program Files\Pinnacle
2007-10-30 18:21 --------- d-----w C:\Program Files\OfficeUpdate11
2007-10-30 18:21 --------- d-----w C:\Program Files\Modem Helper
2007-10-30 18:21 --------- d-----w C:\Program Files\Dell
2007-10-30 18:21 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-30 18:20 --------- d-----w C:\Program Files\Apple Software Update
2007-10-30 17:55 --------- d-----w C:\Program Files\dl_cats
2007-10-29 13:48 --------- d-----w C:\Documents and Settings\Tony LeMaster\Application Data\Viewpoint
2007-10-29 13:27 --------- d-----w C:\Program Files\AIM6
2007-10-29 13:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-29 13:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-28 00:00 --------- d-----w C:\Program Files\AT&T Network Client
2007-10-27 01:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-10 00:41 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-09 02:12 --------- d-----w C:\Program Files\MSBuild
2007-10-09 02:08 --------- d-----w C:\Program Files\Reference Assemblies
2007-10-09 01:43 --------- d-----w C:\Program Files\MUSICMATCH
2007-10-09 01:34 --------- d-----w C:\Program Files\DVDFab HD Decrypter 3
2007-10-08 01:28 --------- d-----w C:\Program Files\Lavasoft
2007-10-08 01:28 --------- d-----w C:\Documents and Settings\Tony LeMaster\Application Data\Lavasoft
2007-10-08 01:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-05 22:36 --------- d-----w C:\Program Files\Norton Internet Security
2007-09-27 22:53 --------- d-----w C:\Program Files\DivX
2007-09-25 00:59 --------- d-----w C:\Documents and Settings\Tony LeMaster\Application Data\AdobeUM
2007-09-25 00:36 --------- d-----w C:\Documents and Settings\Tony LeMaster\Application Data\AdobeAUM
2007-09-25 00:22 --------- d-----w C:\Program Files\Sony
2007-09-25 00:21 --------- d-----w C:\Program Files\Sony Setup
2007-09-25 00:09 --------- d-----w C:\Documents and Settings\Tony LeMaster\Application Data\Teleca
2007-09-25 00:00 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-09-24 23:59 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2007-09-24 23:59 --------- d-----w C:\Documents and Settings\Tony LeMaster\Application Data\Sony Ericsson
2007-09-24 23:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2007-09-24 23:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-09-12 21:06 --------- d-----w C:\Program Files\Plus!
2007-05-07 00:30 47,360 ----a-w C:\Documents and Settings\Tony LeMaster\Application Data\pcouffin.sys
2007-03-06 23:06 87,608 ----a-w C:\Documents and Settings\Tony LeMaster\Application Data\ezpinst.exe
2006-04-02 11:08 3,499,198 -c--a-w C:\Documents and Settings\Tony LeMaster\neoteris_read_12241337.reg
2006-04-01 11:16 3,499,198 -c--a-w C:\Documents and Settings\Tony LeMaster\neoteris_read_9236202.reg
2006-03-31 14:36 3,499,198 -c--a-w C:\Documents and Settings\Tony LeMaster\neoteris_read_10050169.reg
2006-03-20 14:29 3,499,198 -c--a-w C:\Documents and Settings\Tony LeMaster\neoteris_read_30408372.reg
2006-03-18 14:29 3,499,198 -c--a-w C:\Documents and Settings\Tony LeMaster\neoteris_read_12985263.reg
2006-03-18 08:52 3,499,198 -c--a-w C:\Documents and Settings\Tony LeMaster\neoteris_read_16988783.reg
2006-03-17 14:09 3,499,198 -c--a-w C:\Documents and Settings\Tony LeMaster\neoteris_read_11228395.reg
2006-03-17 05:33 44,216 -c--a-w C:\Documents and Settings\Tony LeMaster\Application Data\GDIPFONTCACHEV1.DAT
2006-03-13 14:39 3,385,166 -c--a-w C:\Documents and Settings\Tony LeMaster\neoteris_read_26285048.reg
2006-03-13 12:18 3,385,166 -c--a-w C:\Documents and Settings\Tony LeMaster\neoteris_read_12644844.reg
2006-03-12 14:02 3,385,166 -c--a-w C:\Documents and Settings\Tony LeMaster\neoteris_read_22221245.reg
2006-03-11 14:20 3,385,166 -c--a-w C:\Documents and Settings\Tony LeMaster\neoteris_read_5294604.reg
2006-03-06 13:22 3,385,008 -c--a-w C:\Documents and Settings\Tony LeMaster\neoteris_read_23387835.reg
2007-01-10 16:15:15 839,689 --sh--w C:\WINDOWS\Fonts\svchost.exe
2006-06-21 01:00:42 56 --sh--r C:\WINDOWS\system32\8CCA6B4D2D.sys
2006-03-03 03:15:20 56 --sh--r C:\WINDOWS\system32\9D8E5C4B39.sys
2006-03-01 22:24:07 56 --sh--r C:\WINDOWS\system32\A7B34472E9.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-12_14.17.11.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-12 18:40:29 78,252 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-12 22:04:23 78,252 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-12 18:40:29 459,314 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-12 22:04:23 459,314 ----a-w C:\WINDOWS\system32\perfh009.dat

tlemaster

86 Posts

0

November 12th, 2007 20:00

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-19 04:41]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-19 04:38]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-19 04:42]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 05:56]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 22:35 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-12-06 11:45]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-04-12 10:30]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2007-01-16 10:26]
"stgclean"="c:\sdwork\w32main2.exe" [2007-07-05 10:32]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 19:48]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-08-18 11:50]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 01:26]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2004-09-21 12:22]
"ISSI EZUpdate Service"="c:\sdwork\issimsvc.exe" [2007-06-12 07:25]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-03 17:09]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 17:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [2006-01-06 09:57]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 15:25]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 17:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-21 23:22:07]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]