We need to make sure we can see hidden files and folders
To enable the viewing of Hidden and System files follow these steps:
Right click on Start and select Explore. Select the Tools menu and click Folder Options. After the new window appears select the View tab. Put a checkmark in the checkbox labeled Display the contents of system folders. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. Remove the checkmark from the checkbox labeled Hide file extensions for known file types. Remove the checkmark from the checkbox labeled Hide protected operating system files. Click Yes To confirm Press the Apply button and then the OK button.
and In the file to submit box, click Browse.Using Windows Explorer
(Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Locate the files (put one in each box)
c:\rmgovfi.exe C:\WINDOWS\SYSTEM32\winqje32.dll
In the comments tell them that I asked you to upload the files
Then Select
Send File
Thanks
3. Please download
Combofix and save to your desktop:
Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the contents of the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang.
Here's the new HijackThis Log: Part 1/2 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:38:04, on 06/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Boot mode: Normal
ComboFix 07-09-06.4 - "T K Birdi" 2007-09-06 7:50:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.545 [GMT 1:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Broadband Medic.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Broadband Medic.lnk
backup=C:\WINDOWS\pss\Broadband Medic.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T K Birdi.BIRDIFAMILY^Start Menu^Programs^Startup^Desktop Boycott.lnk]
path=C:\Documents and Settings\T K Birdi.BIRDIFAMILY\Start Menu\Programs\Startup\Desktop Boycott.lnk
backup=C:\WINDOWS\pss\Desktop Boycott.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T K Birdi^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\T K Birdi\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Leeds United FC - Desktop News Alerts]
C:\Program Files\Leeds United FC - DNA\launch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
C:\WINDOWS\system32\LXSUPMON.EXE RUN
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\BAR\16.BIN\m3SrchMn.exe" /m=0
Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA7B12D-AB2C-4D16-BCFB-704945A98FDD}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "xem"=- "My Web Search Bar Search Scope Monitor"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkigh] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winqje32]
Save the File as
CFScript(exactly as shown no spaces) ->> Save it to your
Desktop
Using the Image as a reference, drag
CFScript into
ComboFix.exe
You will be prompted to run Combofix again, Do so Following the same rules as indicated in my first post Then post the contents of the C:\ComboFix.txt log in your reply
Note: The Combofix log should be quite a bit shorter this time
I did what you said. The scan ran, computer rebooted. Now it's stuck saying
"preparing log report
do not run any programs until ComboFix has finished
the system cannot find the path specified"
The whole process started at 16:55 GMT and should have finished by now. It did not take so long before. Did I do something wrong? Has the program developed a problem?
Ignore the previous message - impatience. Here's the new log:
Part 1/2
ComboFix 07-09-06.4 - "T K Birdi" 2007-09-06 16:51:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.442 [GMT 1:00]
Command switches used :: C:\Documents and Settings\T K Birdi.BIRDIFAMILY\Desktop\CFScript.txt
* Created a new restore point
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Broadband Medic.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Broadband Medic.lnk
backup=C:\WINDOWS\pss\Broadband Medic.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T K Birdi.BIRDIFAMILY^Start Menu^Programs^Startup^Desktop Boycott.lnk]
path=C:\Documents and Settings\T K Birdi.BIRDIFAMILY\Start Menu\Programs\Startup\Desktop Boycott.lnk
backup=C:\WINDOWS\pss\Desktop Boycott.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T K Birdi^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\T K Birdi\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Leeds United FC - Desktop News Alerts]
C:\Program Files\Leeds United FC - DNA\launch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
C:\WINDOWS\system32\LXSUPMON.EXE RUN
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\14.bin\MWSBAR.DLL,S
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\BAR\16.BIN\m3SrchMn.exe" /m=0
Save the File as
CFScript(exactly as shown no spaces) ->> Save it to your
Desktop
Using the Image as a reference, drag
CFScript into
ComboFix.exe
You will be prompted to run Combofix again, Do so Following the same rules as indicated in my first post Then post the contents of the C:\ComboFix.txt log in your reply
Note: When you run CFScript to collect malware samples,
* it will create a zipped file on your Desktop - (example = [4]-Submit_Date_Time.zip) * another file will be created on the desktop - CF-Submit.htm * the creation of thesse files is normal * When Combofix finishes running, it creates the Combofix log. * Then a message box will appear entitled " Submit Files for further analysis" * Select Yes * Another Window will open as well as your Internet Explorer Browser * Following the prompts, copy and paste the requested file path into the box and Select " Send File"
Once done, we will proceed on with removal of the infection
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Leeds United FC - Desktop News Alerts]
C:\Program Files\Leeds United FC - DNA\launch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
C:\WINDOWS\system32\LXSUPMON.EXE RUN
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\14.bin\MWSBAR.DLL,S
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\BAR\16.BIN\m3SrchMn.exe" /m=0
Sorry. My internet's a bit funny. I hope I have not caused any difficulties with sending the files. If I have to do it again, I'll do it first thing tomorrow morning. Other people want to use the computer. Sorry again if I made a mistake.
My internet disconnected just before the log was created. Repaired after. A page opened up in Internet Explorer, but I'm not sure if it sent any files for analysis. Do I have to do it again? I have the new log
Part 1/2
ComboFix 07-09-06.4 - "T K Birdi" 2007-09-06 19:57:39.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.396 [GMT 1:00]
Command switches used :: C:\Documents and Settings\T K Birdi.BIRDIFAMILY\Desktop\CFScript.txt
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
tkbirdie
2 Intern
•
181 Posts
0
September 5th, 2007 17:00
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/a74be1185a0835d1cd10d32b348fc0fe_35.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A742471-6B4B-4419-A0B2-68E4A9FF5ACD} (BTLocalAPI.BTlocal) - file://C:\ActivLite\btlocal3.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {471678BB-F992-4BE6-9761-7767883E8619} (DEXTUploadX.FileDownloadMonitor Class) - http://www.samsungcamera.co.kr/DEXTUploadX/DEXTUploadX.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119690216905
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121257338967
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.sc-server1.bt.com/broadband/MotivePreQual.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co.uk/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mav-8551 - {8B26AFB0-91C2-4E3F-B913-886C00F2F742} - C:\Program Files\Nike JogaTV\bin\idsAX.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: mljkigh - C:\WINDOWS\SYSTEM32\mljkigh.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winqje32 - C:\WINDOWS\SYSTEM32\winqje32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\cplptetd.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
bamajim
10.4K Posts
0
September 5th, 2007 20:00
We need to make sure we can see hidden files and folders
To enable the viewing of Hidden and System files follow these steps:
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Click Yes To confirm
Press the Apply button and then the OK button.
2. I need you to help us out with some research
Please go HERE
Put Your Name, and Dell HJT forum
and In the file to submit box, click Browse.Using Windows Explorer
- (Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Locate the files (put one in each box)C:\WINDOWS\SYSTEM32\winqje32.dll
In the comments tell them that I asked you to upload the files
Then Select Send File
Thanks
3. Please download Combofix and save to your desktop:
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.
MRU Graduate
"The world is what you make of it"
Message Edited by bamajim on 09-05-2007 04:52 PM
tkbirdie
2 Intern
•
181 Posts
0
September 6th, 2007 05:00
Here's the new HijackThis Log: Part 1/2 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:38:04, on 06/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cplptetd.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MYWEBS~1\BAR\16.BIN\m3SrchMn.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\The Lion\skinkers.exe
C:\Program Files\Serif\GraphicsPlus\GpStart.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\BBC News Alerts\skinkers.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\BBC Sports Alerts\skinkers.exe
C:\Program Files\Cricinfo Desktop Alerts\Cricinfo_Desktop_Alerts.exe
C:\Program Files\Mini Motty\skinkers.exe
C:\Program Files\Sky Alerts\skinker.exe
C:\Program Files\United Alerts\UnitedAlerts.exe
C:\Program Files\WeatherCast\Weather.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Opera754\opera.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\TKBIRD~1.BIR\LOCALS~1\TEMP\xpinstall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.manutd.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://securityresponse.symantec.com/avcenter/cgi-bin/virauto.cgi?vid=37815
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.1.244.4:8080
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\16.BIN\MWSSRCAS.DLL
O3 - Toolbar: Ask Jeeves UK Bar - {E1EAF699-2EF8-49E2-95F4-8BFBC5AF51BB} - C:\WINDOWS\system32\minijv2AB.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\16.BIN\MWSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\BAR\16.BIN\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TheLionCluster] C:\Program Files\The Lion\skinkers.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: BBC News Alerts.lnk = C:\Program Files\BBC News Alerts\skinkers.exe
O4 - Startup: BBC Sports Alerts.lnk = C:\Program Files\BBC Sports Alerts\skinkers.exe
O4 - Startup: Cricinfo Desktop Alerts.lnk = C:\Program Files\Cricinfo Desktop Alerts\Cricinfo_Desktop_Alerts.exe
O4 - Startup: Desktop Boycott.lnk = ?
O4 - Startup: Leeds United FC Alerts.lnk = C:\Program Files\Leeds United FC - DNA\launch.exe
O4 - Startup: Mini Motty.lnk = C:\Program Files\Mini Motty\skinkers.exe
O4 - Startup: NoAdware .lnk = C:\Program Files\NoAdware4\NoAdware4.exe
O4 - Startup: Sky Alerts.lnk = C:\Program Files\Sky Alerts\skinker.exe
O4 - Startup: The Lion.lnk = C:\Program Files\The Lion\skinkers.exe
O4 - Startup: United Alerts.lnk = C:\Program Files\United Alerts\UnitedAlerts.exe
O4 - Startup: WeatherCast.lnk = C:\Program Files\WeatherCast\Weather.exe
O4 - Global Startup: GraphicsPlus.lnk = C:\Program Files\Serif\GraphicsPlus\GpStart.exe
O4 - Global Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise/products/housecall_pre.php (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Message Edited by tkbirdie on 09-06-2007 08:53 AM
tkbirdie
2 Intern
•
181 Posts
0
September 6th, 2007 05:00
Part 2/2
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/a74be1185a0835d1cd10d32b348fc0fe_35.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A742471-6B4B-4419-A0B2-68E4A9FF5ACD} (BTLocalAPI.BTlocal) - file://C:\ActivLite\btlocal3.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {471678BB-F992-4BE6-9761-7767883E8619} (DEXTUploadX.FileDownloadMonitor Class) - http://www.samsungcamera.co.kr/DEXTUploadX/DEXTUploadX.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119690216905
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121257338967
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.sc-server1.bt.com/broadband/MotivePreQual.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co.uk/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O18 - Protocol: mav-8551 - {8B26AFB0-91C2-4E3F-B913-886C00F2F742} - C:\Program Files\Nike JogaTV\bin\idsAX.dll
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\cplptetd.exe
O23 - Service: DvpApi (dvpapi) - Unknown owner - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Unknown owner - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TCP/IP Print Server (LPDSVC) - Unknown owner - C:\WINDOWS\System32\tcpsvcs.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - Unknown owner - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Simple TCP/IP Services (SimpTcp) - Unknown owner - C:\WINDOWS\System32\tcpsvcs.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SNMP Service (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINDOWS\system32\MsPMSPSv.exe
--
End of file - 17057 bytes
Message Edited by tkbirdie on 09-06-2007 04:45 PM
tkbirdie
2 Intern
•
181 Posts
0
September 6th, 2007 06:00
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.545 [GMT 1:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\i
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\PopSwatr\History\allowed
C:\Program Files\FunWebProducts\PopSwatr\History\notallow
C:\Program Files\FunWebProducts\ScreenSaver\Images\00025682.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\006D4861.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\009E0A9E.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\01212676.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\014361F3.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\022DB4A4.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\0378AEEE.urr
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MySignatureInsertBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\15.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\15.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\15.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\15.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\15.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\15.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\15.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\15.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\16.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\16.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\16.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\16.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\16.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\16.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\16.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\16.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\16.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\16.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\16.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\16.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\16.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\16.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\16.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\16.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\16.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\16.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\16.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\16.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\16.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\16.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\16.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\16.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\16.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\16.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\16.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\16.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\16.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\16.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\16.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\16.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\16.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\16.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\16.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\16.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\16.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\00074EBA
C:\Program Files\MyWebSearch\bar\Cache\0008583B.bin
C:\Program Files\MyWebSearch\bar\Cache\00085A7D.bin
C:\Program Files\MyWebSearch\bar\Cache\00085B96.bin
C:\Program Files\MyWebSearch\bar\Cache\00086182.bin
C:\Program Files\MyWebSearch\bar\Cache\00097D71.bin
C:\Program Files\MyWebSearch\bar\Cache\00098570.bin
C:\Program Files\MyWebSearch\bar\Cache\0009866A.bin
C:\Program Files\MyWebSearch\bar\Cache\0009884E.bin
C:\Program Files\MyWebSearch\bar\Cache\00098CF2.bin
C:\Program Files\MyWebSearch\bar\Cache\00098F63.bin
C:\Program Files\MyWebSearch\bar\Cache\00099212.bin
C:\Program Files\MyWebSearch\bar\Cache\00099493.bin
C:\Program Files\MyWebSearch\bar\Cache\00099752.bin
C:\Program Files\MyWebSearch\bar\Cache\0009FAFE.bin
C:\Program Files\MyWebSearch\bar\Cache\001474B1
C:\Program Files\MyWebSearch\bar\Cache\00222D73
C:\Program Files\MyWebSearch\bar\Cache\005FC390
C:\Program Files\MyWebSearch\bar\Cache\006C69B9
C:\Program Files\MyWebSearch\bar\Cache\00AD1515.bin
C:\Program Files\MyWebSearch\bar\Cache\00B642C0
C:\Program Files\MyWebSearch\bar\Cache\00C404D8.bin
C:\Program Files\MyWebSearch\bar\Cache\01F90B71
C:\Program Files\MyWebSearch\bar\Cache\0200D9CB
C:\Program Files\MyWebSearch\bar\Cache\021CCA23.bin
C:\Program Files\MyWebSearch\bar\Cache\02464EEC
C:\Program Files\MyWebSearch\bar\Cache\027386D9.bin
C:\Program Files\MyWebSearch\bar\Cache\02738841.bin
C:\Program Files\MyWebSearch\bar\Cache\0273893B.bin
C:\Program Files\MyWebSearch\bar\Cache\03056561
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Search\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_bfeats.dat
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
C:\Program Files\MyWebSearch\bar\Settings\settings.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.htm.bak
C:\Program Files\MyWebSearch\SrchAstt\15.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\SrchAstt\16.bin\MWSSRCAS.DLL
C:\Temp\fse
C:\WINDOWS\9129837.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\DOWNLO~1.\rave
C:\WINDOWS\DOWNLO~1.\rave\avirexe.vdm
C:\WINDOWS\DOWNLO~1.\rave\avirscr.vdm
C:\WINDOWS\DOWNLO~1.\rave\base.vdm
C:\WINDOWS\DOWNLO~1.\rave\daily.vdm
C:\WINDOWS\DOWNLO~1.\rave\daily.vdt
C:\WINDOWS\DOWNLO~1.\rave\filters.vdm
C:\WINDOWS\DOWNLO~1.\rave\kernel.vdk
C:\WINDOWS\DOWNLO~1.\rave\keyring.vdk
C:\WINDOWS\DOWNLO~1.\rave\mapi_vdm.vdm
C:\WINDOWS\DOWNLO~1.\rave\modules.vdk
C:\WINDOWS\DOWNLO~1.\rave\rav8def.vdm
C:\WINDOWS\DOWNLO~1.\rave\rufs.vdm
C:\WINDOWS\DOWNLO~1.\rave\rufsplg.vdm
C:\WINDOWS\DOWNLO~1.\rave\unarch.vdm
C:\WINDOWS\DOWNLO~1.\rave\unmail.vdm
C:\WINDOWS\DOWNLO~1.\rave\unpack.vdm
C:\WINDOWS\new_drv.sys
C:\WINDOWS\servicepackfiles\free.exe
C:\WINDOWS\servicepackfiles\i386\mswsock.dll
C:\WINDOWS\servicepackfiles\www.google.com
C:\WINDOWS\servicepackfiles\www.google.com\favicon.ico
C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp0.gif
C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp1.gif
C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp2.gif
C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp3.gif
C:\WINDOWS\servicepackfiles\www.google.com\index.html
C:\WINDOWS\servicepackfiles\www.google.com\thank.html
C:\WINDOWS\spooldr.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cookie.dat
C:\WINDOWS\system32\dllcache\mswsock.dll
C:\WINDOWS\system32\drivers\etc\hosts.tim
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\llnmp.bak1
C:\WINDOWS\system32\llnmp.bak2
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\llnmp.ini2
C:\WINDOWS\system32\llnmp.tmp
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\winvip.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_IPRIP
-------\LEGACY_NEW_DRV
-------\LEGACY_NM
-------\DomainService
-------\new_drv
-------\xpdx
((((((((((((((((((((((((( Files Created from 2007-08-06 to 2007-09-06 )))))))))))))))))))))))))))))))
2007-09-06 07:45 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
2007-09-06 07:35
2007-09-06 07:23
2007-09-06 07:10
2007-09-06 07:09
2007-09-06 07:02
2007-09-05 22:53 125,504 --a--c--- C:\WINDOWS\system32\lupsvtue.dll
2007-09-05 20:11 125,504 --a--c--- C:\WINDOWS\system32\okqempgk.dll
2007-09-05 20:05 1 --a--c--- C:\WINDOWS\system32\ps.dat
2007-09-05 19:29
2007-09-05 17:53
2007-09-05 17:42 34,578 --a--c--- C:\WINDOWS\system32\drivers\NPDRIVER.SYS
2007-09-05 17:26
2007-09-05 17:25 83,208 --a--c--- C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-05 17:25 82,136 --a--c--- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-05 17:24
2007-09-05 17:23 83,968 --a------ C:\rmgovfi.exe
2007-09-05 17:23 15,360 --a------ C:\d.exe
2007-09-05 10:14 69,184 --a--c--- C:\WINDOWS\system32\wpmaimje.dll
2007-09-05 10:09 122,432 --a--c--- C:\WINDOWS\system32\cplptetd.exe
2007-09-05 09:44 2,585,872 --a--c--- C:\DOCUME~1\ALLUSE~1\WindowsInstaller-KB893803-v2-x86.exe
2007-09-05 09:37
2007-09-05 09:35 0 --a--c--- C:\WINDOWS\system32\perfn2872.dat
2007-09-05 09:34 822,784 --a--c--- C:\WINDOWS\system32\mininet.dll
2007-09-05 09:34 343,040 --a--c--- C:\WINDOWS\system32\msmcrt.dll
2007-09-05 09:01 125,504 --a--c--- C:\WINDOWS\system32\idtkyyuc.dll
2007-09-05 09:00 1,000,792 --a--c--- C:\DOCUME~1\ALLUSE~1\Norton_Removal_Tool.exe
2007-09-04 19:19 43,542 --a--c--- C:\WINDOWS\system32\gebbyyx.dll
2007-09-04 19:18 43,542 --a--c--- C:\WINDOWS\system32\mljkigh.dll
2007-09-04 19:18 22,016 --a--c--- C:\WINDOWS\system32\winqje32.dll
2007-09-04 19:14 782,336 --a--c--- C:\WINDOWS\iun6002.exe
2007-09-04 19:14 135,168 --a--c--- C:\WINDOWS\system32\DSKernel2.dll
2007-09-04 19:14 1,936,528 --a--c--- C:\WINDOWS\system32\ltmm15.dll
2007-09-04 19:13
2007-09-04 19:08 25,990,432 --a--c--- C:\DOCUME~1\ALLUSE~1\RCSetup.exe
2007-09-04 19:05 411,248 --a--c--- C:\DOCUME~1\ALLUSE~1\RCSetupG.exe
2007-09-03 18:39 140,644 --a--c--- C:\DOCUME~1\ALLUSE~1\TruePokerSetupHigh.exe
2007-09-03 18:39
2007-08-30 21:03
2007-08-30 17:00
2007-08-29 14:58
2007-08-29 10:37
2007-08-29 09:11
2007-08-28 21:13
2007-08-26 13:31
2007-08-26 13:30
2007-08-26 13:29
2007-08-26 13:28
2007-08-26 13:28
2007-08-26 13:27
2007-08-26 13:27
2007-08-22 21:18
2007-08-21 11:23 271,648 --a--c--- C:\DOCUME~1\ALLUSE~1\RealPlayer11BETA.exe
2007-08-15 15:31
2007-08-15 15:31
2007-08-15 15:14
2007-08-15 15:12
2007-08-11 10:27
2007-08-06 12:34
tkbirdie
2 Intern
•
181 Posts
0
September 6th, 2007 06:00
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-06 08:18 57856 -----c--- C:\WINDOWS\system32\spoolsv.exe
2007-09-06 08:18 53248 -----c--- C:\WINDOWS\system32\MsPMSPSv.exe
2007-09-06 08:18 33280 -----c--- C:\WINDOWS\system32\snmp.exe
2007-09-06 08:18 298496 -----c--- C:\WINDOWS\system32\LEXBCES.EXE
2007-09-06 08:18 19456 -----c--- C:\WINDOWS\system32\tcpsvcs.exe
2007-09-06 07:49 47104 --a--c--- C:\WINDOWS\system32\ssmypics.scr
2007-09-06 07:48 220672 --a--c--- C:\WINDOWS\system32\logon.scr
2007-09-06 07:42 10752 --a--c--- C:\WINDOWS\system32\dumprep.exe
2007-09-06 07:40 388608 --a--c--- C:\WINDOWS\system32\cmd.exe
2007-09-06 07:40 --------- d----c--- C:\Program Files\Opera754
2007-09-06 07:36 44544 --a--c--- C:\WINDOWS\system32\alg.exe
2007-09-06 07:36 267776 --a--c--- C:\WINDOWS\system32\fxssvc.exe
2007-09-06 07:34 55296 --a--c--- C:\WINDOWS\system32\freecell.exe
2007-09-06 07:34 126976 --a--c--- C:\WINDOWS\system32\mshearts.exe
2007-09-06 07:34 119808 --a--c--- C:\WINDOWS\system32\winmine.exe
2007-09-06 07:33 343040 --a--c--- C:\WINDOWS\system32\mspaint.exe
2007-09-06 07:24 69120 --a--c--- C:\WINDOWS\system32\notepad.exe
2007-09-06 07:23 5632 --a--c--- C:\WINDOWS\system32\write.exe
2007-09-06 07:20 78848 --a--c--- C:\WINDOWS\system32\msiexec.exe
2007-09-06 07:20 538624 --a--c--- C:\WINDOWS\system32\spider.exe
2007-09-06 07:19 80384 --a--c--- C:\WINDOWS\system32\charmap.exe
2007-09-06 07:19 64000 --a--c--- C:\WINDOWS\system32\cleanmgr.exe
2007-09-06 07:19 600576 --a--c--- C:\WINDOWS\system32\mstsc.exe
2007-09-06 07:19 32768 --a--c--- C:\WINDOWS\system32\odbcad32.exe
2007-09-06 07:19 229376 --a--c--- C:\WINDOWS\system32\fxscover.exe
2007-09-06 07:19 183808 --a--c--- C:\WINDOWS\system32\accwiz.exe
2007-09-06 07:19 138752 --a--c--- C:\WINDOWS\system32\sndvol32.exe
2007-09-06 07:19 135680 -----c--- C:\WINDOWS\system32\taskmgr.exe
2007-09-06 07:19 131584 --a--c--- C:\WINDOWS\system32\sndrec32.exe
2007-09-06 07:19 1135616 --a--c--- C:\WINDOWS\system32\ntbackup.exe
2007-09-06 07:19 11264 --a--c--- C:\WINDOWS\system32\fxssend.exe
2007-09-06 07:19 10752 --a--c--- C:\WINDOWS\hh.exe
2007-09-06 07:18 180224 --a--c--- C:\WINDOWS\system32\dwwin.exe
2007-09-06 07:16 679936 --a--c--- C:\WINDOWS\system32\sstext3d.scr
2007-09-06 07:16 347136 --a--c--- C:\WINDOWS\system32\tourstart.exe
2007-09-06 07:16 150016 --a--c--- C:\WINDOWS\system32\imapi.exe
2007-09-06 07:15 28672 -----c--- C:\WINDOWS\system32\verclsid.exe
2007-09-06 07:15 169984 --a--c--- C:\WINDOWS\system32\LEXPPS.EXE
2007-09-06 07:15 15360 --a--c--- C:\WINDOWS\system32\ctfmon.exe
2007-09-06 07:15 114688 -----c--- C:\WINDOWS\system32\calc.exe
2007-09-06 07:15 1032192 -----c--- C:\WINDOWS\explorer.exe
2007-09-06 07:14 514560 --a--c--- C:\WINDOWS\system32\logonui.exe
2007-09-06 07:08 32256 --a--c--- C:\WINDOWS\system32\wupdmgr.exe
2007-09-06 07:06 33280 --a--c--- C:\WINDOWS\system32\rundll32.exe
2007-09-05 17:54 --------- d----c--- C:\Program Files\Symantec
2007-09-05 17:51 --------- d----c--- C:\Program Files\Common Files\Symantec Shared
2007-09-05 16:50 400768 --a--c--- C:\WINDOWS\system32\drivers\tcpip.sys
2007-09-05 12:02 --------- d----c--- C:\Program Files\NoAdware4
2007-08-31 20:17 --------- d----c--- C:\Program Files\Diamond Caves 3
2007-08-31 15:04 --------- d----c--- C:\Program Files\WeatherCast
2007-08-29 09:10 --------- d----c--- C:\Program Files\CCleaner
2007-08-22 15:43 --------- d----c--- C:\Program Files\LimeWire
2007-08-21 16:25 --------- d----c--- C:\Program Files\Common Files\xing shared
2007-08-21 16:25 --------- d----c--- C:\Program Files\Common Files\Real
2007-08-18 22:22 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-08-18 15:18 --------- d----c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\LimeWire
2007-08-15 15:31 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-15 15:27 --------- d----c--- C:\Program Files\QuickTime
2007-08-15 15:12 --------- d----c--- C:\Program Files\Common Files\Apple
2007-08-13 19:58 --------- d----c--- C:\DOCUME~1\TKBIRD~1.BIR\APPLIC~1\Azureus
2007-08-06 13:12 --------- d----c--- C:\DOCUME~1\HPSBIR~1\APPLIC~1\ConvertTemp
2007-08-03 22:21 --------- d----c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\MSN6
2007-07-26 15:33 --------- d----c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\TransRender
2007-07-26 15:22 --------- d----c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\Temporary
2007-07-20 18:47 --------- d----c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\Teleca
2007-07-20 18:18 --------- d----c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\Sony Ericsson
2007-07-20 18:10 --------- d----c--- C:\Program Files\Common Files\Teleca Shared
2007-07-20 18:10 --------- d----c--- C:\Program Files\Common Files\Sony Ericsson Shared
2007-07-20 18:10 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
2007-07-20 18:10 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2007-07-20 18:08 --------- d----c--- C:\Program Files\Sony Ericsson
2007-07-10 23:18 --------- dr-h-c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\yahoo!
2007-07-10 23:17 --------- d----c--- C:\Program Files\Yahoo!
2007-07-10 23:17 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
2007-06-24 21:18 561152 --a--c--- C:\WINDOWS\AJScreensaver.scr
2007-03-02 09:25 5572184 --a--c--- C:\DOCUME~1\ALLUSE~1\MsgPlusLive-4.20.262.exe
2006-12-24 20:26 2615024 --a--c--- C:\DOCUME~1\ALLUSE~1\SmileyCentralSetup2.2.60.4.exe
2006-09-22 12:12 12842560 --a--c--- C:\DOCUME~1\ALLUSE~1\RealPlayer10-5GOLD.exe
2006-08-09 19:05 16332072 --a--c--- C:\DOCUME~1\ALLUSE~1\msn8.0.0812.exe
2006-02-01 17:33 7037280 --a--c--- C:\DOCUME~1\ALLUSE~1\iaplayer_2.60.12.0112.exe
2005-07-10 09:10 17416153 --a--c--- C:\DOCUME~1\ALLUSE~1\ow32enen754u1j.exe
2004-12-21 20:41 1164112 --a--c--- C:\DOCUME~1\ALLUSE~1\wrar341.exe
2004-09-29 22:40 2421920 --a--c--- C:\DOCUME~1\ALLUSE~1\winzip90.exe
2004-08-31 11:30 5928717 --a--c--- C:\DOCUME~1\ALLUSE~1\dc3Setup.exe
2003-10-05 11:45 391336 --a--c--- C:\DOCUME~1\ALLUSE~1\WeatherInstCAST3103.exe
1999-06-25 11:55 149504 --a--c--- C:\Program Files\UNWISE.EXE
2007-03-09 07:12:32 27,648 -csha-w C:\WINDOWS\system32\AVSredirect.dll
*Note* empty entries & legit default entries are not shown
2007-09-04 19:18 43542 --a--c--- C:\WINDOWS\system32\mljkigh.dll
C:\WINDOWS\system32\95155215.dll
"xem"="C:\WINDOWS\ServicePackFiles\services.exe" []
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\BAR\16.BIN\m3SrchMn.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-15 00:59]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [2003-08-17 23:33]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-05 17:53]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-06 07:15]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-09-06 07:15]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"TheLionCluster"="C:\Program Files\The Lion\skinkers.exe" [2007-09-06 07:15]
GraphicsPlus.lnk - C:\Program Files\Serif\GraphicsPlus\GpStart.exe [2004-09-28 21:03:15]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]
WlanUtility.lnk - C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe [2003-08-25 10:50:22]
BBC News Alerts.lnk - C:\Program Files\BBC News Alerts\skinkers.exe [2005-04-04 14:35:06]
BBC Sports Alerts.lnk - C:\Program Files\BBC Sports Alerts\skinkers.exe [2004-07-06 09:05:30]
Cricinfo Desktop Alerts.lnk - C:\Program Files\Cricinfo Desktop Alerts\Cricinfo_Desktop_Alerts.exe [2006-11-08 19:31:44]
Desktop Boycott.lnk - C:\DOCUME~1\TKBIRD~1.BIR\APPLIC~1\Microsoft\Installer\{29F6B9DD-26EA-432A-B4EE-E26006114F67}\_bb32ea6.exe [2007-05-29 19:22:04]
Leeds United FC Alerts.lnk - C:\Program Files\Leeds United FC - DNA\launch.exe [2007-06-07 10:11:52]
Mini Motty.lnk - C:\Program Files\Mini Motty\skinkers.exe [2004-07-06 09:05:30]
NoAdware .lnk - C:\Program Files\NoAdware4\NoAdware4.exe [2006-09-15 11:06:21]
Sky Alerts.lnk - C:\Program Files\Sky Alerts\skinker.exe [2005-08-01 14:45:50]
The Lion.lnk - C:\Program Files\The Lion\skinkers.exe [2003-03-24 10:32:41]
United Alerts.lnk - C:\Program Files\United Alerts\UnitedAlerts.exe [2005-01-25 13:25:08]
WeatherCast.lnk - C:\Program Files\WeatherCast\Weather.exe [2006-09-07 17:33:02]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 11:58 77824]
"{4AA7B12D-AB2C-4D16-BCFB-704945A98FDD}"= C:\WINDOWS\system32\mljkigh.dll [2007-09-04 19:18 43542]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2007-02-27 11:24 159744 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
mljkigh.dll 2007-09-04 19:18 43542 C:\WINDOWS\system32\mljkigh.dll
winqje32.dll 2007-09-04 19:18 22016 C:\WINDOWS\system32\winqje32.dll
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Broadband Medic.lnk
backup=C:\WINDOWS\pss\Broadband Medic.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
path=C:\Documents and Settings\T K Birdi.BIRDIFAMILY\Start Menu\Programs\Startup\Desktop Boycott.lnk
backup=C:\WINDOWS\pss\Desktop Boycott.lnkStartup
path=C:\Documents and Settings\T K Birdi\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
"C:\Program Files\Cricinfo Desktop Alerts\Cricinfo_Desktop_Alerts.exe"
C:\Program Files\DA Group\Desktop Boycott\DesktopBoycott.exe
C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
"C:\Program Files\Five Live Flash\FiveLiveFlash.exe"
C:\Program Files\HELLO! Tickertape\HELLO! Tickertape.lnk
"C:\Program Files\iTunes\iTunesHelper.exe"
C:\WINDOWS\kdx\KHost.exe -all
C:\Program Files\Leeds United FC - DNA\launch.exe
C:\WINDOWS\system32\LXSUPMON.EXE RUN
C:\Program Files\Nike JogaTV\bin\NikeJogaTV.exe
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
"C:\Program Files\Messenger\msmsgs.exe" /background
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
tkbirdie
2 Intern
•
181 Posts
0
September 6th, 2007 06:00
"C:\PROGRA~1\MYWEBS~1\BAR\16.BIN\m3SrchMn.exe" /m=0
C:\PROGRA~1\MYWEBS~1\bar\16.bin\mwsoemon.exe
"C:\Program Files\Common Files\DriveCleaner Free\udcpas.exe"
C:\Program Files\Picasa2\PicasaMediaDetector.exe
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
"C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe"
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
C:\Program Files\SuperAdBlocker.com\Sponsored Ad Blocker\SCHBlock.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\The Lion\skinkers.exe
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
C:\Program Files\VVSN\VVSN.exe
C:\PROGRA~1\WEATHE~1\Weather.exe /q
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 SABKUTIL;SABKUTIL;\??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 ms6823;IEEE802.11b Wireless USB Adapter;C:\WINDOWS\system32\DRIVERS\ms6823.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
R3 tbcspud;Santa Cruz Driver;C:\WINDOWS\system32\drivers\tbcspud.sys
R3 tbcwdm;Santa Cruz WDM Driver;C:\WINDOWS\system32\drivers\tbcwdm.sys
S1 SABDIFSV;SABDIFSV;\??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Port II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
S3 vtdg46xx;vtdg46xx;\??\C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
Contents of the 'Scheduled Tasks' folder
"2007-08-15 14:15:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-05 16:44:57 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
"2007-09-06 07:23:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-09-06 07:35:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{492827B2-2AF5-4AF1-8FC1-1589160A3476}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2007-09-06 07:35:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{6DD2952F-AE0D-4305-B1FB-FFB5F054156C}.job"
"2007-09-05 11:52:27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{726016E8-6372-4311-8564-68D6A63FF720}.job"
- C:\WINDOWS\system32\msfeedssync.exe
Rootkit scan 2007-09-06 08:21:24
Windows 5.1.2600 Service Pack 2 NTFS
hidden files: 0
C:\ComboFix-quarantined-files.txt ... 2007-09-06 08:40
bamajim
10.4K Posts
0
September 6th, 2007 14:00
Good job so far
1. Open NotePad (not wordpad). Copy and paste the following into Notepad
File::
C:\WINDOWS\system32\lupsvtue.dll
C:\WINDOWS\system32\okqempgk.dll
C:\WINDOWS\system32\ps.dat
C:\rmgovfi.exe
C:\d.exe
C:\WINDOWS\system32\wpmaimje.dll
C:\WINDOWS\system32\cplptetd.exe
C:\WINDOWS\system32\perfn2872.dat
C:\WINDOWS\system32\msmcrt.dll
C:\WINDOWS\system32\idtkyyuc.dll
C:\WINDOWS\system32\gebbyyx.dll
C:\WINDOWS\system32\mljkigh.dll
C:\WINDOWS\system32\winqje32.dll
C:\WINDOWS\hh.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA7B12D-AB2C-4D16-BCFB-704945A98FDD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xem"=-
"My Web Search Bar Search Scope Monitor"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkigh]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winqje32]
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop
Using the Image as a reference, drag CFScript into ComboFix.exe
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
Note: The Combofix log should be quite a bit shorter this time
MRU Graduate
"The world is what you make of it"
tkbirdie
2 Intern
•
181 Posts
0
September 6th, 2007 15:00
tkbirdie
2 Intern
•
181 Posts
0
September 6th, 2007 15:00
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.442 [GMT 1:00]
Command switches used :: C:\Documents and Settings\T K Birdi.BIRDIFAMILY\Desktop\CFScript.txt
* Created a new restore point
C:\WINDOWS\system32\lupsvtue.dll
C:\WINDOWS\system32\okqempgk.dll
C:\WINDOWS\system32\ps.dat
C:\rmgovfi.exe
C:\d.exe
C:\WINDOWS\system32\wpmaimje.dll
C:\WINDOWS\system32\cplptetd.exe
C:\WINDOWS\system32\perfn2872.dat
C:\WINDOWS\system32\msmcrt.dll
C:\WINDOWS\system32\idtkyyuc.dll
C:\WINDOWS\system32\gebbyyx.dll
C:\WINDOWS\system32\mljkigh.dll
C:\WINDOWS\system32\winqje32.dll
C:\WINDOWS\hh.exe
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\d.exe
C:\rmgovfi.exe
C:\WINDOWS\hh.exe
C:\WINDOWS\system32\gebbyyx.dll
C:\WINDOWS\system32\lupsvtue.dll
C:\WINDOWS\system32\msmcrt.dll
C:\WINDOWS\system32\okqempgk.dll
C:\WINDOWS\system32\perfn2872.dat
C:\WINDOWS\system32\ps.dat
C:\WINDOWS\system32\winqje32.dll
((((((((((((((((((((((((( Files Created from 2007-08-06 to 2007-09-06 )))))))))))))))))))))))))))))))
2007-09-06 09:45
2007-09-06 09:43
2007-09-06 09:04 6,448 ---hsc--- C:\WINDOWS\system32\ppqss.bak1
2007-09-06 09:04 244,832 --a--c--- C:\WINDOWS\system32\ssqpp.dll
2007-09-06 07:45 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
2007-09-06 07:35
2007-09-06 07:34 812,344 --a--c--- C:\DOCUME~1\ALLUSE~1\HJTInstall.exe
2007-09-06 07:33 19,189,400 --a--c--- C:\DOCUME~1\ALLUSE~1\nsb-install-8-1-3.exe
2007-09-06 07:23
2007-09-06 07:10
2007-09-06 07:09
2007-09-06 07:02
2007-09-05 19:29
2007-09-05 17:53
2007-09-05 17:42 34,578 --a--c--- C:\WINDOWS\system32\drivers\NPDRIVER.SYS
2007-09-05 17:26
2007-09-05 17:25 83,208 --a--c--- C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-05 17:25 82,136 --a--c--- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-05 17:24
2007-09-05 10:14 69,184 --a--c--- C:\WINDOWS\system32\wpmaimje.dll
2007-09-05 10:09 122,432 --a--c--- C:\WINDOWS\system32\cplptetd.exe
2007-09-05 09:44 2,585,872 --a--c--- C:\DOCUME~1\ALLUSE~1\WindowsInstaller-KB893803-v2-x86.exe
2007-09-05 09:37
2007-09-05 09:34 822,784 --a--c--- C:\WINDOWS\system32\mininet.dll
2007-09-05 09:01 125,504 --a--c--- C:\WINDOWS\system32\idtkyyuc.dll
2007-09-05 09:00 1,000,792 --a--c--- C:\DOCUME~1\ALLUSE~1\Norton_Removal_Tool.exe
2007-09-04 19:18 43,542 -----c--- C:\WINDOWS\system32\mljkigh.dll
2007-09-04 19:14 782,336 --a--c--- C:\WINDOWS\iun6002.exe
2007-09-04 19:14 135,168 --a--c--- C:\WINDOWS\system32\DSKernel2.dll
2007-09-04 19:14 1,936,528 --a--c--- C:\WINDOWS\system32\ltmm15.dll
2007-09-04 19:13
2007-09-04 19:08 25,990,432 --a--c--- C:\DOCUME~1\ALLUSE~1\RCSetup.exe
2007-09-04 19:05 411,248 --a--c--- C:\DOCUME~1\ALLUSE~1\RCSetupG.exe
2007-09-03 18:39 140,644 --a--c--- C:\DOCUME~1\ALLUSE~1\TruePokerSetupHigh.exe
2007-09-03 18:39
2007-08-30 21:03
2007-08-30 17:00
2007-08-29 14:58
2007-08-29 10:37
2007-08-29 09:11
2007-08-28 21:13
2007-08-26 13:31
2007-08-26 13:30
2007-08-26 13:29
2007-08-26 13:28
2007-08-26 13:28
2007-08-26 13:27
2007-08-26 13:27
2007-08-22 21:18
2007-08-21 16:25
2007-08-21 11:23 271,648 --a--c--- C:\DOCUME~1\ALLUSE~1\RealPlayer11BETA.exe
2007-08-15 15:31
2007-08-15 15:31
2007-08-15 15:14
2007-08-15 15:12
2007-08-15 15:12
2007-08-11 10:27
2007-08-06 12:34
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-06 09:36 --------- d----c--- C:\DOCUME~1\TKBIRD~1.BIR\APPLIC~1\Azureus
2007-09-06 08:18 77824 -----c--- C:\WINDOWS\system32\nvsvc32.exe
2007-09-06 08:18 57856 -----c--- C:\WINDOWS\system32\spoolsv.exe
2007-09-06 08:18 53248 -----c--- C:\WINDOWS\system32\MsPMSPSv.exe
2007-09-06 08:18 33280 -----c--- C:\WINDOWS\system32\snmp.exe
2007-09-06 08:18 298496 -----c--- C:\WINDOWS\system32\LEXBCES.EXE
2007-09-06 08:18 19456 -----c--- C:\WINDOWS\system32\tcpsvcs.exe
2007-09-06 07:49 47104 --a--c--- C:\WINDOWS\system32\ssmypics.scr
2007-09-06 07:48 220672 --a--c--- C:\WINDOWS\system32\logon.scr
2007-09-06 07:42 10752 --a--c--- C:\WINDOWS\system32\dumprep.exe
2007-09-06 07:40 388608 --a--c--- C:\WINDOWS\system32\cmd.exe
2007-09-06 07:40 --------- d----c--- C:\Program Files\Opera754
2007-09-06 07:36 44544 --a--c--- C:\WINDOWS\system32\alg.exe
2007-09-06 07:36 267776 --a--c--- C:\WINDOWS\system32\fxssvc.exe
2007-09-06 07:34 55296 --a--c--- C:\WINDOWS\system32\freecell.exe
2007-09-06 07:34 126976 --a--c--- C:\WINDOWS\system32\mshearts.exe
2007-09-06 07:34 119808 --a--c--- C:\WINDOWS\system32\winmine.exe
2007-09-06 07:33 343040 --a--c--- C:\WINDOWS\system32\mspaint.exe
2007-09-06 07:24 69120 --a--c--- C:\WINDOWS\system32\notepad.exe
2007-09-06 07:23 5632 --a--c--- C:\WINDOWS\system32\write.exe
2007-09-06 07:20 78848 --a--c--- C:\WINDOWS\system32\msiexec.exe
2007-09-06 07:20 538624 --a--c--- C:\WINDOWS\system32\spider.exe
2007-09-06 07:19 80384 --a--c--- C:\WINDOWS\system32\charmap.exe
2007-09-06 07:19 64000 --a--c--- C:\WINDOWS\system32\cleanmgr.exe
2007-09-06 07:19 600576 --a--c--- C:\WINDOWS\system32\mstsc.exe
2007-09-06 07:19 32768 --a--c--- C:\WINDOWS\system32\odbcad32.exe
2007-09-06 07:19 229376 --a--c--- C:\WINDOWS\system32\fxscover.exe
2007-09-06 07:19 183808 --a--c--- C:\WINDOWS\system32\accwiz.exe
2007-09-06 07:19 138752 --a--c--- C:\WINDOWS\system32\sndvol32.exe
2007-09-06 07:19 135680 -----c--- C:\WINDOWS\system32\taskmgr.exe
2007-09-06 07:19 131584 --a--c--- C:\WINDOWS\system32\sndrec32.exe
2007-09-06 07:19 1135616 --a--c--- C:\WINDOWS\system32\ntbackup.exe
2007-09-06 07:19 11264 --a--c--- C:\WINDOWS\system32\fxssend.exe
2007-09-06 07:18 180224 --a--c--- C:\WINDOWS\system32\dwwin.exe
2007-09-06 07:16 679936 --a--c--- C:\WINDOWS\system32\sstext3d.scr
2007-09-06 07:16 347136 --a--c--- C:\WINDOWS\system32\tourstart.exe
2007-09-06 07:16 150016 --a--c--- C:\WINDOWS\system32\imapi.exe
2007-09-06 07:15 28672 -----c--- C:\WINDOWS\system32\verclsid.exe
2007-09-06 07:15 169984 --a--c--- C:\WINDOWS\system32\LEXPPS.EXE
2007-09-06 07:15 15360 --a--c--- C:\WINDOWS\system32\ctfmon.exe
2007-09-06 07:15 114688 -----c--- C:\WINDOWS\system32\calc.exe
2007-09-06 07:15 1032192 -----c--- C:\WINDOWS\explorer.exe
2007-09-06 07:14 514560 --a--c--- C:\WINDOWS\system32\logonui.exe
2007-09-06 07:08 32256 --a--c--- C:\WINDOWS\system32\wupdmgr.exe
2007-09-06 07:06 33280 --a--c--- C:\WINDOWS\system32\rundll32.exe
2007-09-05 17:54 --------- d----c--- C:\Program Files\Symantec
2007-09-05 17:51 --------- d----c--- C:\Program Files\Common Files\Symantec Shared
2007-09-05 16:50 400768 --a--c--- C:\WINDOWS\system32\drivers\tcpip.sys
2007-09-05 12:02 --------- d----c--- C:\Program Files\NoAdware4
2007-08-31 20:17 --------- d----c--- C:\Program Files\Diamond Caves 3
2007-08-29 09:10 --------- d----c--- C:\Program Files\CCleaner
2007-08-22 15:43 --------- d----c--- C:\Program Files\LimeWire
2007-08-21 16:25 --------- d----c--- C:\Program Files\Common Files\Real
2007-08-18 22:22 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-08-18 15:18 --------- d----c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\LimeWire
2007-08-15 15:31 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-15 15:27 --------- d----c--- C:\Program Files\QuickTime
2007-08-06 13:12 --------- d----c--- C:\DOCUME~1\HPSBIR~1\APPLIC~1\ConvertTemp
2007-08-03 22:21 --------- d----c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\MSN6
2007-07-26 15:33 --------- d----c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\TransRender
2007-07-26 15:22 --------- d----c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\Temporary
2007-07-20 18:47 --------- d----c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\Teleca
2007-07-20 18:18 --------- d----c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\Sony Ericsson
2007-07-20 18:10 --------- d----c--- C:\Program Files\Common Files\Teleca Shared
2007-07-20 18:10 --------- d----c--- C:\Program Files\Common Files\Sony Ericsson Shared
2007-07-20 18:10 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
2007-07-20 18:10 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2007-07-20 18:08 --------- d----c--- C:\Program Files\Sony Ericsson
2007-07-10 23:18 --------- dr-h-c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\yahoo!
2007-07-10 23:17 --------- d----c--- C:\Program Files\Yahoo!
2007-07-10 23:17 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
2007-06-24 21:18 561152 --a--c--- C:\WINDOWS\AJScreensaver.scr
2007-03-02 09:25 5572184 --a--c--- C:\DOCUME~1\ALLUSE~1\MsgPlusLive-4.20.262.exe
2006-12-24 20:26 2615024 --a--c--- C:\DOCUME~1\ALLUSE~1\SmileyCentralSetup2.2.60.4.exe
2006-09-22 12:12 12842560 --a--c--- C:\DOCUME~1\ALLUSE~1\RealPlayer10-5GOLD.exe
2006-08-09 19:05 16332072 --a--c--- C:\DOCUME~1\ALLUSE~1\msn8.0.0812.exe
2006-02-01 17:33 7037280 --a--c--- C:\DOCUME~1\ALLUSE~1\iaplayer_2.60.12.0112.exe
2005-07-10 09:10 17416153 --a--c--- C:\DOCUME~1\ALLUSE~1\ow32enen754u1j.exe
2004-12-21 20:41 1164112 --a--c--- C:\DOCUME~1\ALLUSE~1\wrar341.exe
2004-09-29 22:40 2421920 --a--c--- C:\DOCUME~1\ALLUSE~1\winzip90.exe
2004-08-31 11:30 5928717 --a--c--- C:\DOCUME~1\ALLUSE~1\dc3Setup.exe
2003-10-05 11:45 391336 --a--c--- C:\DOCUME~1\ALLUSE~1\WeatherInstCAST3103.exe
1999-06-25 11:55 149504 --a--c--- C:\Program Files\UNWISE.EXE
2007-03-09 07:12:32 27,648 -csha-w C:\WINDOWS\system32\AVSredirect.dll
tkbirdie
2 Intern
•
181 Posts
0
September 6th, 2007 15:00
-c--a-r 13,312 2007-09-06 08:05:17 C:\WINDOWS\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
-c--a-r 192,512 2007-09-06 08:05:38 C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
-c--a-r 45,056 2007-09-06 08:05:15 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
-c--a-r 22,016 2007-09-06 08:05:34 C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
-c--a-r 37,888 2007-09-06 08:05:36 C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
-c--a-r 14,848 2007-09-06 08:05:29 C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
-c--a-r 294,912 2007-09-06 08:25:10 C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pptico.exe
-c--a-r 331,776 2007-09-06 08:25:10 C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
-c--a-r 454,656 2007-09-06 08:25:10 C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
-c--a-r 68,608 2007-09-06 08:05:58 C:\WINDOWS\Installer\{F8BA8B13-856D-4DFB-A28F-7EC868142453}\IconF8BA8B132.exe
-c--a-w 143,360 2004-08-03 23:56:52 C:\WINDOWS\system32\mobsync.exe
-c--a-w 35,840 2004-08-03 23:56:56 C:\WINDOWS\system32\rcimlby.exe
-c--a-w 10,752 2004-08-03 23:56:52 C:\WINDOWS\system32\dllcache\hh.exe
-c--a-w 143,360 2004-08-03 23:56:52 C:\WINDOWS\system32\dllcache\mobsync.exe
-c--a-w 60,416 2004-08-03 23:56:54 C:\WINDOWS\system32\dllcache\msimn.exe
-c--a-w 35,840 2004-08-03 23:56:56 C:\WINDOWS\system32\dllcache\rcimlby.exe
-c--atw 16,384 2007-09-06 16:12:54 C:\WINDOWS\Temp\Perflib_Perfdata_194.dat
-c--atw 16,384 2007-09-06 07:57:53 C:\WINDOWS\Temp\Perflib_Perfdata_528.dat
-c--a-r 13,312 2007-09-06 07:31:50 C:\WINDOWS\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
-c--a-r 192,512 2007-09-06 07:32:15 C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
-c--a-r 45,056 2007-09-06 07:31:49 C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
-c--a-r 22,016 2007-09-06 07:32:11 C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
-c--a-r 37,888 2007-09-06 07:32:13 C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
-c--a-r 14,848 2007-09-06 07:32:07 C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
-c--a-r 294,912 2007-09-06 07:31:59 C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pptico.exe
-c--a-r 331,776 2007-09-06 07:32:31 C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
-c--a-r 454,656 2007-09-06 07:31:56 C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
-c--a-r 68,608 2007-09-06 07:32:51 C:\WINDOWS\Installer\{F8BA8B13-856D-4DFB-A28F-7EC868142453}\IconF8BA8B132.exe
-c--a-w 154,112 2004-08-03 23:56:52 C:\WINDOWS\system32\mobsync.exe
-c--a-w 79,360 2004-08-03 23:56:56 C:\WINDOWS\system32\rcimlby.exe
*Note* empty entries & legit default entries are not shown
2007-09-04 19:18 43542 -----c--- C:\WINDOWS\system32\mljkigh.dll
C:\WINDOWS\system32\95155215.dll
2007-09-06 09:04 244832 --a--c--- C:\WINDOWS\system32\ssqpp.dll
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-15 00:59]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [2003-08-17 23:33]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-05 17:53]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-06 07:15]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-21 16:24]
"WhenUSave"="C:\Program Files\Save\Save.exe" [2003-01-17 13:00]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-09-06 07:15]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"TheLionCluster"="C:\Program Files\The Lion\skinkers.exe" [2007-09-06 07:15]
"WeatherCast"="C:\PROGRA~1\WEATHE~1\Weather.exe" [2007-09-06 07:19]
GraphicsPlus.lnk - C:\Program Files\Serif\GraphicsPlus\GpStart.exe [2004-09-28 21:03:15]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]
WlanUtility.lnk - C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe [2003-08-25 10:50:22]
BBC News Alerts.lnk - C:\Program Files\BBC News Alerts\skinkers.exe [2005-04-04 14:35:06]
BBC Sports Alerts.lnk - C:\Program Files\BBC Sports Alerts\skinkers.exe [2004-07-06 09:05:30]
Cricinfo Desktop Alerts.lnk - C:\Program Files\Cricinfo Desktop Alerts\Cricinfo_Desktop_Alerts.exe [2006-11-08 19:31:44]
Desktop Boycott.lnk - C:\DOCUME~1\TKBIRD~1.BIR\APPLIC~1\Microsoft\Installer\{29F6B9DD-26EA-432A-B4EE-E26006114F67}\_bb32ea6.exe [2007-05-29 19:22:04]
Leeds United FC Alerts.lnk - C:\Program Files\Leeds United FC - DNA\launch.exe [2007-06-07 10:11:52]
Mini Motty.lnk - C:\Program Files\Mini Motty\skinkers.exe [2004-07-06 09:05:30]
NoAdware .lnk - C:\Program Files\NoAdware4\NoAdware4.exe [2006-09-15 11:06:21]
Sky Alerts.lnk - C:\Program Files\Sky Alerts\skinker.exe [2005-08-01 14:45:50]
The Lion.lnk - C:\Program Files\The Lion\skinkers.exe [2003-03-24 10:32:41]
United Alerts.lnk - C:\Program Files\United Alerts\UnitedAlerts.exe [2005-01-25 13:25:08]
WeatherCast.lnk - C:\Program Files\WeatherCast\Weather.exe [2006-09-07 17:33:02]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 11:58 77824]
"{4AA7B12D-AB2C-4D16-BCFB-704945A98FDD}"= C:\WINDOWS\system32\mljkigh.dll [2007-09-04 19:18 43542]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2007-02-27 11:24 159744 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
mljkigh.dll 2007-09-04 19:18 43542 C:\WINDOWS\system32\mljkigh.dll
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Broadband Medic.lnk
backup=C:\WINDOWS\pss\Broadband Medic.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
path=C:\Documents and Settings\T K Birdi.BIRDIFAMILY\Start Menu\Programs\Startup\Desktop Boycott.lnk
backup=C:\WINDOWS\pss\Desktop Boycott.lnkStartup
path=C:\Documents and Settings\T K Birdi\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
"C:\Program Files\Cricinfo Desktop Alerts\Cricinfo_Desktop_Alerts.exe"
C:\Program Files\DA Group\Desktop Boycott\DesktopBoycott.exe
C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
"C:\Program Files\Five Live Flash\FiveLiveFlash.exe"
C:\Program Files\HELLO! Tickertape\HELLO! Tickertape.lnk
"C:\Program Files\iTunes\iTunesHelper.exe"
C:\WINDOWS\kdx\KHost.exe -all
C:\Program Files\Leeds United FC - DNA\launch.exe
C:\WINDOWS\system32\LXSUPMON.EXE RUN
C:\Program Files\Nike JogaTV\bin\NikeJogaTV.exe
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
"C:\Program Files\Messenger\msmsgs.exe" /background
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
rundll32 C:\PROGRA~1\MYWEBS~1\bar\14.bin\MWSBAR.DLL,S
"C:\PROGRA~1\MYWEBS~1\BAR\16.BIN\m3SrchMn.exe" /m=0
C:\PROGRA~1\MYWEBS~1\bar\16.bin\mwsoemon.exe
"C:\Program Files\Common Files\DriveCleaner Free\udcpas.exe"
C:\Program Files\Picasa2\PicasaMediaDetector.exe
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
"C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe"
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
C:\Program Files\SuperAdBlocker.com\Sponsored Ad Blocker\SCHBlock.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\The Lion\skinkers.exe
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
C:\Program Files\VVSN\VVSN.exe
C:\PROGRA~1\WEATHE~1\Weather.exe /q
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 SABKUTIL;SABKUTIL;\??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 ms6823;IEEE802.11b Wireless USB Adapter;C:\WINDOWS\system32\DRIVERS\ms6823.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
R3 tbcspud;Santa Cruz Driver;C:\WINDOWS\system32\drivers\tbcspud.sys
R3 tbcwdm;Santa Cruz WDM Driver;C:\WINDOWS\system32\drivers\tbcwdm.sys
S1 SABDIFSV;SABDIFSV;\??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Port II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
S3 vtdg46xx;vtdg46xx;\??\C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
Contents of the 'Scheduled Tasks' folder
"2007-08-15 14:15:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-05 16:44:57 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
"2007-09-06 16:16:36 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-09-06 16:25:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{492827B2-2AF5-4AF1-8FC1-1589160A3476}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2007-09-06 16:25:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{6DD2952F-AE0D-4305-B1FB-FFB5F054156C}.job"
"2007-09-06 16:22:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{726016E8-6372-4311-8564-68D6A63FF720}.job"
- C:\WINDOWS\system32\msfeedssync.exe
Rootkit scan 2007-09-06 17:15:30
Windows 5.1.2600 Service Pack 2 NTFS
hidden files: 0
C:\ComboFix-quarantined-files.txt ... 2007-09-06 17:26
C:\ComboFix2.txt ... 2007-09-06 08:40
bamajim
10.4K Posts
0
September 6th, 2007 17:00
It's trying to be difficult, but we will get it. I need a couple of file samples please.
Rt Click and delete CFScript.txt, we are going to make another one.
1. Open NotePad (not wordpad). Copy and paste the following into Notepad
Collect::
C:\WINDOWS\system32\wpmaimje.dll
C:\WINDOWS\system32\cplptetd.exe
C:\WINDOWS\system32\idtkyyuc.dll
C:\WINDOWS\system32\mljkigh.dll
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop
Using the Image as a reference, drag CFScript into ComboFix.exe
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
Note: When you run CFScript to collect malware samples,
* another file will be created on the desktop - CF-Submit.htm
* the creation of thesse files is normal
* When Combofix finishes running, it creates the Combofix log.
* Then a message box will appear entitled " Submit Files for further analysis"
* Select Yes
* Another Window will open as well as your Internet Explorer Browser
* Following the prompts, copy and paste the requested file path into the box and Select " Send File"
Once done, we will proceed on with removal of the infection
CastleCops Instructor
MRU Graduate
"The world is what you make of it"
tkbirdie
2 Intern
•
181 Posts
0
September 6th, 2007 18:00
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
"C:\Program Files\Cricinfo Desktop Alerts\Cricinfo_Desktop_Alerts.exe"
C:\Program Files\DA Group\Desktop Boycott\DesktopBoycott.exe
C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
"C:\Program Files\Five Live Flash\FiveLiveFlash.exe"
C:\Program Files\HELLO! Tickertape\HELLO! Tickertape.lnk
"C:\Program Files\iTunes\iTunesHelper.exe"
C:\WINDOWS\kdx\KHost.exe -all
C:\Program Files\Leeds United FC - DNA\launch.exe
C:\WINDOWS\system32\LXSUPMON.EXE RUN
C:\Program Files\Nike JogaTV\bin\NikeJogaTV.exe
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
"C:\Program Files\Messenger\msmsgs.exe" /background
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
rundll32 C:\PROGRA~1\MYWEBS~1\bar\14.bin\MWSBAR.DLL,S
"C:\PROGRA~1\MYWEBS~1\BAR\16.BIN\m3SrchMn.exe" /m=0
C:\PROGRA~1\MYWEBS~1\bar\16.bin\mwsoemon.exe
"C:\Program Files\Common Files\DriveCleaner Free\udcpas.exe"
C:\Program Files\Picasa2\PicasaMediaDetector.exe
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
"C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe"
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
C:\Program Files\SuperAdBlocker.com\Sponsored Ad Blocker\SCHBlock.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\The Lion\skinkers.exe
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
C:\Program Files\VVSN\VVSN.exe
C:\PROGRA~1\WEATHE~1\Weather.exe /q
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 SABKUTIL;SABKUTIL;\??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 ms6823;IEEE802.11b Wireless USB Adapter;C:\WINDOWS\system32\DRIVERS\ms6823.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
R3 tbcspud;Santa Cruz Driver;C:\WINDOWS\system32\drivers\tbcspud.sys
R3 tbcwdm;Santa Cruz WDM Driver;C:\WINDOWS\system32\drivers\tbcwdm.sys
S1 SABDIFSV;SABDIFSV;\??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Port II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
S3 vtdg46xx;vtdg46xx;\??\C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
Contents of the 'Scheduled Tasks' folder
"2007-08-15 14:15:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-05 16:44:57 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
"2007-09-06 19:22:23 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-09-06 19:30:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{492827B2-2AF5-4AF1-8FC1-1589160A3476}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2007-09-06 19:30:01 C:\WINDOWS\Tasks\User_Feed_Synchronization-{6DD2952F-AE0D-4305-B1FB-FFB5F054156C}.job"
"2007-09-06 19:32:05 C:\WINDOWS\Tasks\User_Feed_Synchronization-{726016E8-6372-4311-8564-68D6A63FF720}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2007-09-06 18:26:27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D60060C7-5048-4541-B19D-D82CC7BAA553}.job"
Rootkit scan 2007-09-06 20:20:38
Windows 5.1.2600 Service Pack 2 NTFS
hidden files: 0
C:\ComboFix-quarantined-files.txt ... 2007-09-06 20:33
C:\ComboFix2.txt ... 2007-09-06 17:26
C:\ComboFix3.txt ... 2007-09-06 08:40
tkbirdie
2 Intern
•
181 Posts
0
September 6th, 2007 18:00
tkbirdie
2 Intern
•
181 Posts
0
September 6th, 2007 18:00
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.396 [GMT 1:00]
Command switches used :: C:\Documents and Settings\T K Birdi.BIRDIFAMILY\Desktop\CFScript.txt
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\jkklj.dll
((((((((((((((((((((((((( Files Created from 2007-08-06 to 2007-09-06 )))))))))))))))))))))))))))))))
2007-09-06 19:19
2007-09-06 19:04 125,504 --a--c--- C:\WINDOWS\system32\dnppltiw.dll
2007-09-06 18:59 1,312,519 ---hsc--- C:\WINDOWS\system32\ppqss.bak2
2007-09-06 09:45
2007-09-06 09:04 6,448 ---hsc--- C:\WINDOWS\system32\ppqss.bak1
2007-09-06 09:04 244,832 --a--c--- C:\WINDOWS\system32\ssqpp.dll
2007-09-06 07:45 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
2007-09-06 07:35
2007-09-06 07:34 812,344 --a--c--- C:\DOCUME~1\ALLUSE~1\HJTInstall.exe
2007-09-06 07:33 19,189,400 --a--c--- C:\DOCUME~1\ALLUSE~1\nsb-install-8-1-3.exe
2007-09-06 07:23
2007-09-06 07:10
2007-09-06 07:09
2007-09-06 07:02
2007-09-05 19:29
2007-09-05 17:53
2007-09-05 17:42 34,578 --a--c--- C:\WINDOWS\system32\drivers\NPDRIVER.SYS
2007-09-05 17:26
2007-09-05 17:25 83,208 --a--c--- C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-05 17:25 82,136 --a--c--- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-05 17:24
2007-09-05 10:14 69,184 --a--c--- C:\WINDOWS\system32\wpmaimje.dll
2007-09-05 10:09 122,432 --a--c--- C:\WINDOWS\system32\cplptetd.exe
2007-09-05 09:44 2,585,872 --a--c--- C:\DOCUME~1\ALLUSE~1\WindowsInstaller-KB893803-v2-x86.exe
2007-09-05 09:37
2007-09-05 09:34 822,784 --a--c--- C:\WINDOWS\system32\mininet.dll
2007-09-05 09:01 125,504 --a--c--- C:\WINDOWS\system32\idtkyyuc.dll
2007-09-05 09:00 1,000,792 --a--c--- C:\DOCUME~1\ALLUSE~1\Norton_Removal_Tool.exe
2007-09-04 19:18 43,542 -----c--- C:\WINDOWS\system32\mljkigh.dll
2007-09-04 19:14 782,336 --a--c--- C:\WINDOWS\iun6002.exe
2007-09-04 19:14 135,168 --a--c--- C:\WINDOWS\system32\DSKernel2.dll
2007-09-04 19:14 1,936,528 --a--c--- C:\WINDOWS\system32\ltmm15.dll
2007-09-04 19:13
2007-09-04 19:08 25,990,432 --a--c--- C:\DOCUME~1\ALLUSE~1\RCSetup.exe
2007-09-04 19:05 411,248 --a--c--- C:\DOCUME~1\ALLUSE~1\RCSetupG.exe
2007-09-03 18:39 140,644 --a--c--- C:\DOCUME~1\ALLUSE~1\TruePokerSetupHigh.exe
2007-09-03 18:39
2007-08-30 21:03
2007-08-30 17:00
2007-08-29 14:58
2007-08-29 10:37
2007-08-29 09:11
2007-08-28 21:13
2007-08-26 13:31
2007-08-26 13:30
2007-08-26 13:29
2007-08-26 13:28
2007-08-26 13:28
2007-08-26 13:27
2007-08-26 13:27
2007-08-22 21:18
2007-08-21 16:25
2007-08-21 11:23 271,648 --a--c--- C:\DOCUME~1\ALLUSE~1\RealPlayer11BETA.exe
2007-08-15 15:31
2007-08-15 15:31
2007-08-15 15:14
2007-08-15 15:12
2007-08-15 15:12
2007-08-11 10:27
2007-08-06 12:34
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-06 09:36 --------- d----c--- C:\DOCUME~1\TKBIRD~1.BIR\APPLIC~1\Azureus
2007-09-06 08:18 77824 -----c--- C:\WINDOWS\system32\nvsvc32.exe
2007-09-06 08:18 57856 -----c--- C:\WINDOWS\system32\spoolsv.exe
2007-09-06 08:18 53248 -----c--- C:\WINDOWS\system32\MsPMSPSv.exe
2007-09-06 08:18 33280 -----c--- C:\WINDOWS\system32\snmp.exe
2007-09-06 08:18 298496 -----c--- C:\WINDOWS\system32\LEXBCES.EXE
2007-09-06 08:18 19456 -----c--- C:\WINDOWS\system32\tcpsvcs.exe
2007-09-06 07:49 47104 --a--c--- C:\WINDOWS\system32\ssmypics.scr
2007-09-06 07:48 220672 --a--c--- C:\WINDOWS\system32\logon.scr
2007-09-06 07:42 10752 --a--c--- C:\WINDOWS\system32\dumprep.exe
2007-09-06 07:40 388608 --a--c--- C:\WINDOWS\system32\cmd.exe
2007-09-06 07:40 --------- d----c--- C:\Program Files\Opera754
2007-09-06 07:36 44544 --a--c--- C:\WINDOWS\system32\alg.exe
2007-09-06 07:36 267776 --a--c--- C:\WINDOWS\system32\fxssvc.exe
2007-09-06 07:34 55296 --a--c--- C:\WINDOWS\system32\freecell.exe
2007-09-06 07:34 126976 --a--c--- C:\WINDOWS\system32\mshearts.exe
2007-09-06 07:34 119808 --a--c--- C:\WINDOWS\system32\winmine.exe
2007-09-06 07:33 343040 --a--c--- C:\WINDOWS\system32\mspaint.exe
2007-09-06 07:24 69120 --a--c--- C:\WINDOWS\system32\notepad.exe
2007-09-06 07:23 5632 --a--c--- C:\WINDOWS\system32\write.exe
2007-09-06 07:20 78848 --a--c--- C:\WINDOWS\system32\msiexec.exe
2007-09-06 07:20 538624 --a--c--- C:\WINDOWS\system32\spider.exe
2007-09-06 07:19 80384 --a--c--- C:\WINDOWS\system32\charmap.exe
2007-09-06 07:19 64000 --a--c--- C:\WINDOWS\system32\cleanmgr.exe
2007-09-06 07:19 600576 --a--c--- C:\WINDOWS\system32\mstsc.exe
2007-09-06 07:19 32768 --a--c--- C:\WINDOWS\system32\odbcad32.exe
2007-09-06 07:19 229376 --a--c--- C:\WINDOWS\system32\fxscover.exe
2007-09-06 07:19 183808 --a--c--- C:\WINDOWS\system32\accwiz.exe
2007-09-06 07:19 138752 --a--c--- C:\WINDOWS\system32\sndvol32.exe
2007-09-06 07:19 135680 -----c--- C:\WINDOWS\system32\taskmgr.exe
2007-09-06 07:19 131584 --a--c--- C:\WINDOWS\system32\sndrec32.exe
2007-09-06 07:19 1135616 --a--c--- C:\WINDOWS\system32\ntbackup.exe
2007-09-06 07:19 11264 --a--c--- C:\WINDOWS\system32\fxssend.exe
2007-09-06 07:18 180224 --a--c--- C:\WINDOWS\system32\dwwin.exe
2007-09-06 07:16 679936 --a--c--- C:\WINDOWS\system32\sstext3d.scr
2007-09-06 07:16 347136 --a--c--- C:\WINDOWS\system32\tourstart.exe
2007-09-06 07:16 150016 --a--c--- C:\WINDOWS\system32\imapi.exe
2007-09-06 07:15 28672 -----c--- C:\WINDOWS\system32\verclsid.exe
2007-09-06 07:15 169984 --a--c--- C:\WINDOWS\system32\LEXPPS.EXE
2007-09-06 07:15 15360 --a--c--- C:\WINDOWS\system32\ctfmon.exe
2007-09-06 07:15 114688 -----c--- C:\WINDOWS\system32\calc.exe
2007-09-06 07:15 1032192 -----c--- C:\WINDOWS\explorer.exe
2007-09-06 07:14 514560 --a--c--- C:\WINDOWS\system32\logonui.exe
2007-09-06 07:08 32256 --a--c--- C:\WINDOWS\system32\wupdmgr.exe
2007-09-06 07:06 33280 --a--c--- C:\WINDOWS\system32\rundll32.exe
2007-09-05 17:54 --------- d----c--- C:\Program Files\Symantec
2007-09-05 17:51 --------- d----c--- C:\Program Files\Common Files\Symantec Shared
2007-09-05 16:50 400768 --a--c--- C:\WINDOWS\system32\drivers\tcpip.sys
2007-09-05 12:02 --------- d----c--- C:\Program Files\NoAdware4
2007-08-31 20:17 --------- d----c--- C:\Program Files\Diamond Caves 3
2007-08-29 09:10 --------- d----c--- C:\Program Files\CCleaner
2007-08-22 15:43 --------- d----c--- C:\Program Files\LimeWire
2007-08-21 16:25 --------- d----c--- C:\Program Files\Common Files\Real
2007-08-18 22:22 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-08-18 15:18 --------- d----c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\LimeWire
2007-08-15 15:31 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-15 15:27 --------- d----c--- C:\Program Files\QuickTime
2007-08-06 13:12 --------- d----c--- C:\DOCUME~1\HPSBIR~1\APPLIC~1\ConvertTemp
2007-08-03 22:21 --------- d----c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\MSN6
2007-07-26 15:33 --------- d----c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\TransRender
2007-07-26 15:22 --------- d----c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\Temporary
2007-07-20 18:47 --------- d----c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\Teleca
2007-07-20 18:18 --------- d----c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\Sony Ericsson
2007-07-20 18:10 --------- d----c--- C:\Program Files\Common Files\Teleca Shared
2007-07-20 18:10 --------- d----c--- C:\Program Files\Common Files\Sony Ericsson Shared
2007-07-20 18:10 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
2007-07-20 18:10 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2007-07-20 18:08 --------- d----c--- C:\Program Files\Sony Ericsson
2007-07-10 23:18 --------- dr-h-c--- C:\DOCUME~1\ASBIRD~1\APPLIC~1\yahoo!
2007-07-10 23:17 --------- d----c--- C:\Program Files\Yahoo!
2007-07-10 23:17 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
2007-06-24 21:18 561152 --a--c--- C:\WINDOWS\AJScreensaver.scr
2007-03-02 09:25 5572184 --a--c--- C:\DOCUME~1\ALLUSE~1\MsgPlusLive-4.20.262.exe
2006-12-24 20:26 2615024 --a--c--- C:\DOCUME~1\ALLUSE~1\SmileyCentralSetup2.2.60.4.exe
2006-09-22 12:12 12842560 --a--c--- C:\DOCUME~1\ALLUSE~1\RealPlayer10-5GOLD.exe
2006-08-09 19:05 16332072 --a--c--- C:\DOCUME~1\ALLUSE~1\msn8.0.0812.exe
2006-02-01 17:33 7037280 --a--c--- C:\DOCUME~1\ALLUSE~1\iaplayer_2.60.12.0112.exe
2005-07-10 09:10 17416153 --a--c--- C:\DOCUME~1\ALLUSE~1\ow32enen754u1j.exe
2004-12-21 20:41 1164112 --a--c--- C:\DOCUME~1\ALLUSE~1\wrar341.exe
2004-09-29 22:40 2421920 --a--c--- C:\DOCUME~1\ALLUSE~1\winzip90.exe
2004-08-31 11:30 5928717 --a--c--- C:\DOCUME~1\ALLUSE~1\dc3Setup.exe
2003-10-05 11:45 391336 --a--c--- C:\DOCUME~1\ALLUSE~1\WeatherInstCAST3103.exe
1999-06-25 11:55 149504 --a--c--- C:\Program Files\UNWISE.EXE
2007-03-09 07:12:32 27,648 -csha-w C:\WINDOWS\system32\AVSredirect.dll
Message Edited by tkbirdie on 09-06-2007 08:40 PM