Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Help

Started by ccmel45 , Dec 10 2007 08:50 PM

  • Please log in to reply

#1
ccmel45
Posted 10 December 2007 - 08:50 PM

ccmel45

    New Member

  • Member
  • Pip
  • 1 posts
Hi, I found this page while trying to delete a spyware that oe of my sons seem to have gotten on to my system... I read you post pertaining to trojan.win32.obfuscated.gx, I followed the steps in that post up to the combofix and hijackthis second log... however the problem still exists. so here is the info from combo fix and hijack this...

I need help and ridding my comp of this, please assist...


ComboFix 07-12-09.1 - the only boss 2007-12-10 22:02:16.1 - NTFSx86
Running from: C:\Documents and Settings\the only boss\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Rakim\Application Data\macromedia\Flash Player\#SharedObjects\V4DP2PM3\www.broadcaster.com
C:\Documents and Settings\Rakim\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Rakim\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Rakim\Desktop\IE Defender 2.4.lnk
C:\Documents and Settings\the only boss\My Documents\SEMBLY~1
C:\Documents and Settings\the only boss\Start Menu\Programs\Outerinfo
C:\Documents and Settings\the only boss\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\the only boss\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Twigman\Application Data\ASKS~1
C:\Documents and Settings\Twigman\Application Data\macromedia\Flash Player\#SharedObjects\5YUCMBSY\www.broadcaster.com
C:\Documents and Settings\Twigman\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Twigman\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Twigman\Application Data\SystemDoctor 2006 Free
C:\Documents and Settings\Twigman\Application Data\SystemDoctor 2006 Free\Logs\update.log
C:\Documents and Settings\Twigman\err.log
C:\Documents and Settings\Twigman\My Documents\SCURIT~1
C:\Documents and Settings\Twigman\My Documents\SCURIT~1\s?curity\
C:\Documents and Settings\Twigman\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Twigman\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Twigman\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\{38F80~1
C:\Program Files\Common Files\{38F80~1\UnInstall.exe
C:\Program Files\Common Files\{38F80~2
C:\Program Files\Common Files\{38F80~2\Bar888.dll
C:\Program Files\Common Files\{38F80~2\UnInstall.exe
C:\Program Files\Common Files\{A8F80~1
C:\Program Files\Common Files\{A8F80~2
C:\Program Files\Common Files\Yazzle1396OinUninstaller.exe
C:\Program Files\dobe~1
C:\Program Files\dobe~1\?dobe\
C:\Program Files\inetget2
C:\Program Files\ipwindows
C:\Program Files\ipwindows\pop1D.tmp
C:\Program Files\ipwindows\pop3.tmp
C:\Program Files\ipwindows\pop4.tmp
C:\Program Files\ipwindows\pop5.tmp
C:\Program Files\ipwindows\pop6.tmp
C:\Program Files\ipwindows\pop7.tmp
C:\Program Files\ipwindows\pop8D.tmp
C:\Program Files\ipwindows\pop9E.tmp
C:\Program Files\ipwindows\popC4.tmp
C:\Program Files\ipwindows\popD.tmp
C:\Program Files\ipwindows\set1.tmp
C:\Program Files\ipwindows\set2.tmp
C:\Program Files\ipwindows\Uninst.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\outlook
C:\Program Files\vsadd-in
C:\Program Files\winupdates
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\auxfndop.dll
C:\WINDOWS\system32\awtspqq.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\byxxuvs.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\danyxfuu.dll
C:\WINDOWS\system32\ddcccca.dll
C:\WINDOWS\system32\eeksdygi.dll
C:\WINDOWS\system32\elwmmnnr.dll
C:\WINDOWS\system32\ewfwcdvk.dll
C:\WINDOWS\system32\fawcqstd.dll
C:\WINDOWS\system32\fgonslvw.dll
C:\WINDOWS\system32\horkpphb.dll
C:\WINDOWS\system32\ietbdotw.dll
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\jdehlmqt.dll
C:\WINDOWS\system32\kqwvbawv.dll
C:\WINDOWS\system32\moxdislt.dll
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\nosxqcoy.dll
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\ptukrdmm.dll
C:\WINDOWS\system32\qklqfcei.dll
C:\WINDOWS\system32\qoklvvif.dll
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\rnnmmwle.ini
C:\WINDOWS\system32\scdyycee.dll
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\ssqnmkl.dll
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tftujhqc.dll
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tyfuiilg.dll
C:\WINDOWS\system32\unsvchosts.exe
C:\WINDOWS\system32\UpMedia
C:\WINDOWS\system32\uulilakp.dll
C:\WINDOWS\system32\vxarfoew.dll
C:\WINDOWS\system32\wnsapiit.exe
C:\WINDOWS\system32\wuggtwrx.dll
C:\WINDOWS\system32\xfjhmjeq.dll
C:\WINDOWS\system32\xxyyxxx.dll
C:\WINDOWS\system32\yfeujyln.dll
C:\WINDOWS\system32\ynhlnhck.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CLIENT_IP-IPX


((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))
.

2007-12-10 21:42 . 2007-12-10 21:42 <DIR> d-------- C:\Deckard
2007-12-09 12:25 . 2007-12-09 12:25 233,472 --a------ C:\WINDOWS\windivx.dll
2007-12-06 23:09 . 2007-12-06 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Musicnotes
2007-12-01 03:06 . 2007-12-01 03:06 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-11-19 18:06 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-11-19 18:06 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-19 18:06 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-19 18:06 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 00:13 --------- d-----w C:\Documents and Settings\the only boss\Application Data\LimeWire
2007-12-07 22:06 --------- d-----w C:\Documents and Settings\Rakim\Application Data\LimeWire
2007-12-01 15:59 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-10-22 23:49 --------- d-----w C:\Program Files\LimeWire
2007-05-16 20:11 2,642,429 ----a-w C:\Documents and Settings\Twigman\Matrix_v2[1]0.zip
2007-05-16 20:06 493,161 ----a-w C:\Documents and Settings\Twigman\dg.zip
2007-04-28 15:51 92,064 -c--a-r C:\Documents and Settings\Twigman\mqdmmdm.sys
2007-04-28 15:51 9,232 -c--a-r C:\Documents and Settings\Twigman\mqdmmdfl.sys
2007-04-28 15:51 79,328 -c--a-r C:\Documents and Settings\Twigman\mqdmserd.sys
2007-04-28 15:51 66,656 -c--a-r C:\Documents and Settings\Twigman\mqdmbus.sys
2007-04-28 15:51 6,208 -c--a-r C:\Documents and Settings\Twigman\mqdmcmnt.sys
2007-04-28 15:51 5,936 -c--a-r C:\Documents and Settings\Twigman\mqdmwhnt.sys
2007-04-28 15:51 4,048 -c--a-r C:\Documents and Settings\Twigman\mqdmcr.sys
2007-04-28 15:51 25,600 -c--a-r C:\Documents and Settings\Twigman\usbsermptxp.sys
2007-04-28 15:51 22,768 -c--a-r C:\Documents and Settings\Twigman\usbsermpt.sys
2007-03-17 18:10 49 -c--a-r C:\Documents and Settings\Twigman\Application Data\internaldb41.dat
2007-03-17 18:10 337 -c--a-r C:\Documents and Settings\Twigman\Application Data\internaldb1942.dat
2007-03-17 18:10 13,046 -c--a-r C:\Documents and Settings\Twigman\Application Data\internaldb5436.dat
2007-03-17 18:10 0 -c--a-r C:\Documents and Settings\Twigman\Application Data\internaldb4604.dat
2007-03-12 00:01 179,200 -c--a-r C:\Documents and Settings\Twigman\Application Data\internaldb4827.dat
2007-03-11 22:48 334 -c--a-w C:\Documents and Settings\Rakim\Application Data\internaldb41.dat
2007-03-11 22:48 13,046 -c--a-w C:\Documents and Settings\Rakim\Application Data\internaldb7752.dat
2007-03-11 22:48 0 -c--a-w C:\Documents and Settings\Rakim\Application Data\internaldb4668.dat
2007-03-11 22:47 20,480 -c--a-w C:\Documents and Settings\Rakim\Application Data\internaldb3482.dat
2007-03-05 21:54 25,214 ----a-w C:\Program Files\B.ico
2007-03-05 21:54 25,214 ----a-w C:\Program Files\A.ico
2006-12-23 02:17 20,480 -c--a-r C:\Documents and Settings\Twigman\Application Data\internaldb1869.dat
2006-12-16 12:29 6,144 -c--a-w C:\Documents and Settings\Rakim\Application Data\internaldb7827.dat
2006-12-16 12:29 0 -c--a-w C:\Documents and Settings\Rakim\Application Data\internaldb5205.dat
2006-12-16 12:29 0 -c--a-w C:\Documents and Settings\Rakim\Application Data\internaldb3524.dat
2006-12-16 12:29 0 -c--a-w C:\Documents and Settings\Rakim\Application Data\internaldb1881.dat
2006-12-16 12:29 0 -c--a-w C:\Documents and Settings\Rakim\Application Data\internaldb1332.dat
2006-11-18 03:55 0 -c--a-r C:\Documents and Settings\Twigman\Application Data\internaldb2391.dat
2006-11-16 01:53 0 -c--a-r C:\Documents and Settings\Twigman\Application Data\internaldb153.dat
2006-11-13 20:58 0 -c--a-r C:\Documents and Settings\Twigman\Application Data\internaldb8253.dat
2006-11-13 20:58 0 -c--a-r C:\Documents and Settings\Twigman\Application Data\internaldb3902.dat
2006-11-09 20:16 151 -c--a-r C:\Documents and Settings\Twigman\Application Data\internaldb7738.dat
2006-10-20 17:48 9,216 -c--a-r C:\Documents and Settings\Twigman\Application Data\internaldb8467.dat
2006-10-20 17:48 0 -c--a-r C:\Documents and Settings\Twigman\Application Data\internaldb6334.dat
2007-04-28 02:23 492,388 -csh--w C:\WINDOWS\system32\opqss.bak1
2007-05-02 21:35 494,063 -csh--w C:\WINDOWS\system32\opqss.bak2
2007-03-08 15:51 462,947 -csha-w C:\WINDOWS\system32\yybeg.bak1
2007-03-25 16:11 443,108 -csha-w C:\WINDOWS\system32\yybeg.bak2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0204FD8F-7C52-4935-A48A-2A179F9904E6}]
C:\WINDOWS\system32\ssqpo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4865F155-CE00-4E93-A414-147844D7C81A}]
2006-11-09 16:18 417792 --a------ C:\WINDOWS\system32\tcblffzj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d08ea1c-89e9-4560-8b38-84168d00d69b}]
2007-07-31 16:33 1391640 --a------ C:\Program Files\TriniPulse\tbTrin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0995F82-90C7-4C78-9B4C-C1700FB8B120}]
2007-12-09 12:25 233472 --a------ C:\WINDOWS\windivx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E44527F6-1296-4A84-B67D-A6CEA6ED4B69}]
C:\WINDOWS\system32\ddcccdb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED56A79C-45C6-4FA9-94DC-83704589A2CB}]
C:\WINDOWS\system32\gebyy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6D08EA1C-89E9-4560-8B38-84168D00D69B}"= C:\Program Files\TriniPulse\tbTrin.dll [2007-07-31 16:33 1391640]

[HKEY_CLASSES_ROOT\clsid\{6d08ea1c-89e9-4560-8b38-84168d00d69b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-11 06:40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 18:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NI.USYP_0002_N91M1708"="C:\Documents and Settings\Twigman\Local Settings\Temporary Internet Files\Content.IE5\WT5LBB6E\SysProtectScannerInstall[1].exe" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:00 C:\WINDOWS\system32\bthprops.cpl]

C:\Documents and Settings\Rakim\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-06-01 18:06:41]

C:\Documents and Settings\the only boss\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-06-01 18:06:41]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E44527F6-1296-4A84-B67D-A6CEA6ED4B69}"= C:\WINDOWS\system32\ddcccdb.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcccdb]
ddcccdb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyy]
C:\WINDOWS\system32\gebyy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpo]
C:\WINDOWS\system32\ssqpo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
iexplore.exe http://iesettingsupdate

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aeco]
C:\PROGRA~1\DOBE~1\dvdplay.exe -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blubster]
C:\PROGRA~1\Blubster\Blubster.exe SILENT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cjcl]
C:\Documents and Settings\the only boss\My Documents\??sembly\n?pdb.exe 99001396

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pas_check]
C:\Program Files\SystemDoctor 2006 Free\pasmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-10-11 06:40 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USDR6cw]
C:\Program Files\SystemDoctor 2006 Free\USDR6cw.exe -c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\mobile PhoneTools\WatchDog.exe

S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1210385-4862-11dc-87e2-0011f6000006}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-11 01:51:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\THEONL~1\LOCALS~1\Temp\sofhllfp.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 22:14:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-10 22:19:24 - machine was rebooted
.
--- E O F ---






Logfile of HijackThis v1.99.1
Scan saved at 10:27:50 PM, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\THEONL~1\LOCALS~1\Temp\Rar$EX00.672\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://iesettingsupdate/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {0204FD8F-7C52-4935-A48A-2A179F9904E6} - C:\WINDOWS\system32\ssqpo.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcblffzj.dll
O2 - BHO: TriniPulse Toolbar - {6d08ea1c-89e9-4560-8b38-84168d00d69b} - C:\Program Files\TriniPulse\tbTrin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Video - {D0995F82-90C7-4C78-9B4C-C1700FB8B120} - C:\WINDOWS\windivx.dll
O2 - BHO: (no name) - {E44527F6-1296-4A84-B67D-A6CEA6ED4B69} - C:\WINDOWS\system32\ddcccdb.dll (file missing)
O2 - BHO: (no name) - {ED56A79C-45C6-4FA9-94DC-83704589A2CB} - C:\WINDOWS\system32\gebyy.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: TriniPulse Toolbar - {6d08ea1c-89e9-4560-8b38-84168d00d69b} - C:\Program Files\TriniPulse\tbTrin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NI.USYP_0002_N91M1708] "C:\Documents and Settings\Twigman\Local Settings\Temporary Internet Files\Content.IE5\WT5LBB6E\SysProtectScannerInstall[1].exe" -nag
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89C11E45-F64F-4BDE-8B7D-D22B55B62603}: NameServer = 200.12.240.9,80.235.35.18
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcccdb - ddcccdb.dll (file missing)
O20 - Winlogon Notify: gebyy - C:\WINDOWS\system32\gebyy.dll (file missing)
O20 - Winlogon Notify: ssqpo - C:\WINDOWS\system32\ssqpo.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe



Any assistance you can give from this point on would be helpful..


Thank you
ccmel45
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP