Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

need major help [RESOLVED]


  • This topic is locked This topic is locked

#1
AznSkill2k

AznSkill2k

    New Member

  • Member
  • Pip
  • 8 posts
heres hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:58 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\WINDOWS\system32\file.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [nktqnofw] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\nktqnofw.dll"
O4 - HKLM\..\Run: [drmsrv32] C:\DOCUME~1\BRIANC~1\LOCALS~1\Temp\452c4a4hpc4a4a.exe
O4 - HKLM\..\Run: [5cf4bf9c] rundll32.exe "C:\WINDOWS\system32\hsupsaxn.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [1WcD0oSjmY] rundll32.exe "C:\WINDOWS\dutwtcbw.dll",DllCleanServer
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ӵQQ - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol....oach_core_1.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\SYSTEM32\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\SYSTEM32\KuGoo3DownXControl.ocx
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8739 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
AznSkill2k

AznSkill2k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is my ComboFix log:

ComboFix 08-02.05.3 - Brian Chen 2008-02-10 15:31:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.936.86.1033.18.538 [GMT -5:00]
Running from: C:\Documents and Settings\Brian Chen\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Brian Chen\Application Data\AntiSpywareBot
C:\Documents and Settings\Brian Chen\Application Data\AntiSpywareBot\Log\2007 Oct 14 - 03_21_36 PM_140.log
C:\Documents and Settings\Brian Chen\Application Data\AntiSpywareBot\Log\2007 Oct 14 - 03_21_38 PM_000.log
C:\Documents and Settings\Brian Chen\Application Data\AntiSpywareBot\Log\2007 Oct 14 - 03_27_03 PM_531.log
C:\Documents and Settings\Brian Chen\Application Data\AntiSpywareBot\Log\2007 Oct 14 - 03_27_03 PM_921.log
C:\Documents and Settings\Brian Chen\Application Data\AntiSpywareBot\Log\2007 Oct 14 - 03_27_38 PM_031.log
C:\Documents and Settings\Brian Chen\Application Data\AntiSpywareBot\Log\2007 Oct 14 - 03_27_38 PM_421.log
C:\Documents and Settings\Brian Chen\Application Data\AntiSpywareBot\Log\2007 Oct 14 - 03_28_17 PM_062.log
C:\Documents and Settings\Brian Chen\Application Data\AntiSpywareBot\Log\2007 Oct 14 - 03_28_17 PM_484.log
C:\Documents and Settings\Brian Chen\Application Data\AntiSpywareBot\Log\2007 Oct 14 - 04_19_04 PM_796.log
C:\Documents and Settings\Brian Chen\Application Data\AntiSpywareBot\Log\2007 Oct 14 - 04_20_01 PM_609.log
C:\Documents and Settings\Brian Chen\Application Data\AntiSpywareBot\Log\2007 Oct 14 - 05_27_38 PM_156.log
C:\Documents and Settings\Brian Chen\Application Data\AntiSpywareBot\rs.dat
C:\Documents and Settings\Brian Chen\Application Data\AntiSpywareBot\Settings\CustomScan.stg
C:\Documents and Settings\Brian Chen\Application Data\AntiSpywareBot\Settings\IgnoreList.stg
C:\Documents and Settings\Brian Chen\Application Data\AntiSpywareBot\Settings\ScanInfo.stg
C:\Documents and Settings\Brian Chen\Application Data\AntiSpywareBot\Settings\ScanResults.stg
C:\Documents and Settings\Brian Chen\Application Data\AntiSpywareBot\Settings\SelectedFolders.stg
C:\Documents and Settings\Brian Chen\Application Data\AntiSpywareBot\Settings\Settings.stg
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\Common Files\sogou pxp
C:\Program Files\Common Files\sogou pxp\p2psvr.exe
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\Helper
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\bck1.dat
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\flt.dll
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\ORUN32.EXE
C:\WINDOWS\pbar.dll
C:\WINDOWS\PerfInfo
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\CMMGR32.EXE
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\cwepmmsg.dll
C:\WINDOWS\system32\file.exe
C:\WINDOWS\SYSTEM32\gsmmpewc.ini
C:\WINDOWS\system32\gwhagnlj.dll
C:\WINDOWS\SYSTEM32\jlngahwg.ini
C:\WINDOWS\system32\njmjuxix.dll
C:\WINDOWS\system32\nupjwxdc.dll
C:\WINDOWS\system32\snmspykk.dllbox
C:\WINDOWS\system32\sojiodra.dll
C:\WINDOWS\system32\tuvwvsr.dll
C:\WINDOWS\system32\tvrqfsqj.dllbox
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\ykqsjubt.dll
C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ASC3550O
-------\LEGACY_P4P_SERVICE
-------\ApiMon
-------\P4P Service


((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-10 14:15 . 2008-02-10 14:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-10 14:14 . 2008-02-10 15:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-10 14:14 . 2008-02-10 14:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-10 14:14 . 2008-02-10 14:14 <DIR> d-------- C:\Documents and Settings\Brian Chen\Application Data\SUPERAntiSpyware.com
2008-02-10 14:07 . 2008-02-10 14:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-10 13:53 . 2008-02-10 13:53 4,960 --a------ C:\WINDOWS\SYSTEM32\xk4AbT.syz
2008-02-10 00:35 . 2008-02-10 13:52 1,220,590 ---hs---- C:\WINDOWS\SYSTEM32\nxaspush.ini
2008-02-10 00:32 . 2008-02-10 15:23 290,926 --ahs---- C:\WINDOWS\SYSTEM32\orqss.ini
2008-02-10 00:05 . 2008-02-10 00:05 10,752 --a------ C:\WINDOWS\SYSTEM32\worsock(2).dll
2008-02-10 00:05 . 2008-02-10 00:05 1 --a------ C:\WINDOWS\SYSTEM32\rc.dat
2008-02-10 00:05 . 2008-02-10 00:05 1 --a------ C:\WINDOWS\SYSTEM32\ps1.dat
2008-02-10 00:05 . 2008-02-10 00:05 1 --a------ C:\WINDOWS\SYSTEM32\cs.dat
2008-02-09 23:51 . 2008-02-09 23:51 3,795,158 --a------ C:\WINDOWS\1WcD0oSjmY.exe
2008-02-09 23:49 . 2008-02-09 23:49 4 --a------ C:\WINDOWS\SYSTEM32\winfrun32.bin
2008-02-09 23:48 . 2008-02-09 23:48 <DIR> d-------- C:\WINDOWS\qccwccfo
2008-02-09 23:48 . 2008-02-09 23:48 182,272 --a------ C:\WINDOWS\dutwtcbw.dll
2008-02-09 23:48 . 2008-02-09 23:48 58,368 --a------ C:\wpohl.exe~
2008-02-09 23:48 . 2008-02-09 23:48 58,368 --a------ C:\wpohl.exe
2008-02-09 23:48 . 2008-02-09 23:48 54,764 --a------ C:\WINDOWS\SYSTEM32\4fdw.dll
2008-02-09 23:48 . 2008-02-09 23:48 54,272 --a------ C:\WINDOWS\SYSTEM32\unifff.dll
2008-02-09 23:48 . 2008-02-09 23:48 54,272 --a------ C:\WINDOWS\SYSTEM32\condt32.dll
2008-02-09 23:48 . 2008-02-09 23:48 49,152 --a------ C:\WINDOWS\pcbyngna.exe
2008-02-09 23:48 . 2008-02-09 23:48 3,584 --a------ C:\qrwkjyd.exe
2008-02-09 23:48 . 2008-02-09 23:48 2 --a------ C:\1559543603
2008-02-09 22:20 . 2008-02-09 22:20 <DIR> d-------- C:\Documents and Settings\User 1\Application Data\TVU Networks
2008-02-09 22:20 . 2008-02-09 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-02-09 22:18 . 2008-02-09 22:18 <DIR> d-------- C:\Program Files\TVU Player
2008-02-05 20:07 . 2008-02-05 20:07 <DIR> d-------- C:\Program Files\Dopool
2008-02-02 14:12 . 2008-02-02 14:12 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-02-02 14:12 . 2008-02-02 14:12 13,044 --a------ C:\WINDOWS\scunin.dat
2008-02-02 14:12 . 2008-02-02 14:12 967 --a------ C:\WINDOWS\ScUnin.pif
2008-01-30 20:12 . 2008-01-30 20:13 <DIR> d-------- C:\Program Files\SopCast
2008-01-30 19:54 . 2008-01-30 20:03 <DIR> d-------- C:\Program Files\Sogou PXP
2008-01-30 19:54 . 2008-01-30 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\p3p
2008-01-30 16:10 . 2008-01-30 16:10 274,432 --a------ C:\WINDOWS\SYSTEM32\libcurl.dll
2008-01-30 15:23 . 2008-01-30 15:23 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-28 22:11 . 2008-01-28 22:11 256 --a------ C:\WINDOWS\p2plog.dat
2008-01-26 19:20 . 2008-02-10 00:21 268 --ah----- C:\sqmdata19.sqm
2008-01-26 19:20 . 2008-02-10 00:21 244 --ah----- C:\sqmnoopt19.sqm
2008-01-26 12:59 . 2008-01-26 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-26 12:58 . 2008-01-26 12:58 <DIR> d-------- C:\Program Files\Dell Support Center
2008-01-26 00:26 . 2008-02-09 00:43 268 --ah----- C:\sqmdata18.sqm
2008-01-26 00:26 . 2008-02-09 00:43 244 --ah----- C:\sqmnoopt18.sqm
2008-01-25 18:59 . 2008-02-10 15:08 <DIR> d-------- C:\Program Files\Starcraft
2008-01-24 23:41 . 2008-02-08 20:40 268 --ah----- C:\sqmdata17.sqm
2008-01-24 23:41 . 2008-02-08 20:40 244 --ah----- C:\sqmnoopt17.sqm
2008-01-24 10:31 . 2008-01-24 10:32 <DIR> d-------- C:\Documents and Settings\Brian Chen\Application Data\QQDoctor
2008-01-23 23:51 . 2008-02-06 00:00 268 --ah----- C:\sqmdata16.sqm
2008-01-23 23:51 . 2008-02-06 00:00 244 --ah----- C:\sqmnoopt16.sqm
2008-01-22 23:26 . 2008-02-04 23:33 268 --ah----- C:\sqmdata15.sqm
2008-01-22 23:26 . 2008-02-04 23:33 244 --ah----- C:\sqmnoopt15.sqm
2008-01-21 23:31 . 2008-02-03 23:05 268 --ah----- C:\sqmdata14.sqm
2008-01-21 23:31 . 2008-02-03 23:05 244 --ah----- C:\sqmnoopt14.sqm
2008-01-21 01:44 . 2008-02-03 00:32 268 --ah----- C:\sqmdata13.sqm
2008-01-21 01:44 . 2008-02-03 00:32 244 --ah----- C:\sqmnoopt13.sqm
2008-01-20 00:52 . 2008-02-02 22:31 268 --ah----- C:\sqmdata12.sqm
2008-01-20 00:52 . 2008-02-02 22:31 244 --ah----- C:\sqmnoopt12.sqm
2008-01-18 22:46 . 2008-02-01 22:56 268 --ah----- C:\sqmdata11.sqm
2008-01-18 22:46 . 2008-02-01 22:56 244 --ah----- C:\sqmnoopt11.sqm
2008-01-18 13:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-01-18 13:10 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
2008-01-18 13:10 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-01-17 23:58 . 2008-01-31 23:01 268 --ah----- C:\sqmdata10.sqm
2008-01-17 23:58 . 2008-01-31 23:01 244 --ah----- C:\sqmnoopt10.sqm
2008-01-17 16:10 . 2008-01-30 23:40 268 --ah----- C:\sqmdata09.sqm
2008-01-17 16:10 . 2008-01-30 23:40 244 --ah----- C:\sqmnoopt09.sqm
2008-01-17 15:49 . 2008-01-30 20:04 268 --ah----- C:\sqmdata08.sqm
2008-01-17 15:49 . 2008-01-30 20:04 244 --ah----- C:\sqmnoopt08.sqm
2008-01-17 15:40 . 2008-01-17 15:45 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-17 15:39 . 2008-01-17 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-17 14:23 . 2008-01-17 14:23 <DIR> d-------- C:\Documents and Settings\User 1\Application Data\AIMPro
2008-01-12 21:54 . 2008-01-12 21:54 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-01-12 21:54 . 2008-01-12 21:54 <DIR> d-------- C:\Documents and Settings\Brian Chen\Application Data\NHN Corporation
2008-01-12 21:37 . 2008-01-21 18:19 <DIR> d-------- C:\Program Files\DriftCity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 19:25 --------- d-----w C:\Program Files\NetWaiting
2008-02-03 03:37 --------- d-----w C:\Program Files\LimeWire
2008-01-26 19:42 --------- d-----w C:\Program Files\KuGoo2007
2008-01-26 17:58 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-01-26 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-24 15:32 --------- d-----w C:\Documents and Settings\Brian Chen\Application Data\QQUpdate
2008-01-24 15:32 --------- d-----w C:\Documents and Settings\Brian Chen\Application Data\QQ
2008-01-12 23:31 --------- d--h--w C:\Documents and Settings\Brian Chen\Application Data\ijjigame
2008-01-02 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\thunder_dctemp
2008-01-02 00:29 --------- d-----w C:\Program Files\BitLord
2007-12-30 17:37 --------- d-----w C:\Documents and Settings\User 1\Application Data\QQUpdate
2007-12-30 06:18 --------- d-----w C:\Program Files\MUSICMATCH
2007-12-30 06:14 --------- d-----w C:\Program Files\BitSpirit
2007-12-30 06:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\mvcache
2007-12-30 05:54 --------- d-----w C:\Program Files\Thunder Network
2007-12-30 05:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\thunder_vod_cache
2007-12-30 05:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Thunder Network
2007-12-30 04:51 --------- d-----w C:\Documents and Settings\Brian Chen\Application Data\BitSpirit
2007-12-28 04:08 --------- d-----w C:\Program Files\Thoosje Sidebar V2.3
2007-12-28 04:08 --------- d-----w C:\Program Files\FlashGet
2007-12-27 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tencent
2007-12-25 00:59 --------- d-----w C:\Program Files\鱼鱼软件
2007-12-24 03:23 --------- d-----w C:\Documents and Settings\User 1\Application Data\acccore
2007-12-23 03:52 --------- d-----w C:\Documents and Settings\User 1\Application Data\Unispim
2007-12-23 00:18 --------- d-----w C:\Documents and Settings\User 1\Application Data\QQ
2007-12-22 17:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 17:42 --------- d-----w C:\Program Files\VideoLAN
2007-12-22 17:42 --------- d-----w C:\Program Files\SwiftSwitch
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3f15e156-969c-4721-a5b7-e3ee10b1b382}]
C:\WINDOWS\system32\wcamqcca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6607E676-1BDE-4cb3-9913-4DC5EBCAE35E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9296002a-1dd2-11b2-b608-bc35e55a3e09}]
C:\WINDOWS\wruzybqh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 16:42 1404928]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 13:16 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 13:52 339968]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54 57344]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05 122939]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-10-08 08:49 131072]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 16:15 139264]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05 212992]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 17:55 180224]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-08-22 16:31 1327104]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:00 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 12:20 50744]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe" [2005-04-13 18:51 385024]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-11 21:20 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\snmspykk]
snmspykk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuustt]
vtuustt.dll

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S3 nenum13E;nenum13E;C:\DOCUME~1\BRIANC~1\LOCALS~1\Temp\nenum13E.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-06 21:58:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-08 23:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (BRIAN-Brian Chen).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 15:37:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\conime.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
.
**************************************************************************
.
Completion time: 2008-02-10 15:42:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-10 20:42:37
.
2008-01-19 03:46:21 --- E O F ---




Hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:33 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\conime.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {3f15e156-969c-4721-a5b7-e3ee10b1b382} - C:\WINDOWS\system32\wcamqcca.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - unifff.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9296002a-1dd2-11b2-b608-bc35e55a3e09} - C:\WINDOWS\wruzybqh.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol....oach_core_1.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\SYSTEM32\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\SYSTEM32\KuGoo3DownXControl.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: snmspykk - snmspykk.dll (file missing)
O20 - Winlogon Notify: vtuustt - vtuustt.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8983 bytes

Edited by AznSkill2k, 10 February 2008 - 02:51 PM.

  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\SYSTEM32\xk4AbT.syz
C:\WINDOWS\SYSTEM32\nxaspush.ini
C:\WINDOWS\SYSTEM32\orqss.ini
C:\WINDOWS\1WcD0oSjmY.exe
C:\WINDOWS\SYSTEM32\winfrun32.bin
C:\WINDOWS\dutwtcbw.dll
C:\wpohl.exe~
C:\wpohl.exe
C:\WINDOWS\SYSTEM32\4fdw.dll
C:\WINDOWS\SYSTEM32\unifff.dll
C:\WINDOWS\SYSTEM32\condt32.dll
C:\WINDOWS\pcbyngna.exe
C:\qrwkjyd.exe
C:\WINDOWS\system32\wcamqcca.dll
C:\WINDOWS\wruzybqh.dll

Folder::
C:\1559543603
C:\WINDOWS\qccwccfo

Driver::
nenum13E


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\WINDOWS\SYSTEM32\worsock(2).dll

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


Also post a new HijackThis log
  • 0

#5
AznSkill2k

AznSkill2k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
File worsock_2_.dll received on 02.03.2008 22:27:42 (CET)Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - Trojan-Spy.Finanz.J
Kaspersky - - -
McAfee - - -
Microsoft - - TrojanSpy:Win32/Glaze.B
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -

Additional information
MD5: 6c7726cd91afc08bb44f98ab7dd41ff9
SHA1: 6501de01a205174f95ba93f1902a6d4107d2b3f5
SHA256: cfd3e9c71080ce5bf1dc85f70404efe1470617d66b07813d4a4d2543d62ac026
SHA512: 2dc10cb3dab49c33215dfc615c276c839f29392c05ce4386f073cab7508eb95b d30877800629c9ef409234aa919439923c18534933f40d8b51182d9945800a66




ComboFix 08-02.05.3 - Brian Chen 2008-02-10 15:58:27.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.936.86.1033.18.586 [GMT -5:00]
Running from: C:\Documents and Settings\Brian Chen\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brian Chen\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\qrwkjyd.exe
C:\WINDOWS\1WcD0oSjmY.exe
C:\WINDOWS\dutwtcbw.dll
C:\WINDOWS\pcbyngna.exe
C:\WINDOWS\SYSTEM32\4fdw.dll
C:\WINDOWS\SYSTEM32\condt32.dll
C:\WINDOWS\SYSTEM32\nxaspush.ini
C:\WINDOWS\SYSTEM32\orqss.ini
C:\WINDOWS\SYSTEM32\unifff.dll
C:\WINDOWS\system32\wcamqcca.dll
C:\WINDOWS\SYSTEM32\winfrun32.bin
C:\WINDOWS\SYSTEM32\xk4AbT.syz
C:\WINDOWS\wruzybqh.dll
C:\wpohl.exe
C:\wpohl.exe~
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\4fdw.dll
C:\1559543603\
C:\qrwkjyd.exe
C:\WINDOWS\1WcD0oSjmY.exe
C:\WINDOWS\dutwtcbw.dll
C:\WINDOWS\pcbyngna.exe
C:\WINDOWS\qccwccfo
C:\WINDOWS\qccwccfo\1.png
C:\WINDOWS\qccwccfo\2.png
C:\WINDOWS\qccwccfo\3.png
C:\WINDOWS\qccwccfo\4.png
C:\WINDOWS\qccwccfo\5.png
C:\WINDOWS\qccwccfo\6.png
C:\WINDOWS\qccwccfo\7.png
C:\WINDOWS\qccwccfo\8.png
C:\WINDOWS\qccwccfo\9.png
C:\WINDOWS\qccwccfo\bottom-rc.gif
C:\WINDOWS\qccwccfo\config.png
C:\WINDOWS\qccwccfo\content.png
C:\WINDOWS\qccwccfo\download.gif
C:\WINDOWS\qccwccfo\frame-bg.gif
C:\WINDOWS\qccwccfo\frame-bottom-left.gif
C:\WINDOWS\qccwccfo\frame-h1bg.gif
C:\WINDOWS\qccwccfo\head.png
C:\WINDOWS\qccwccfo\icon.png
C:\WINDOWS\qccwccfo\indexwp.html
C:\WINDOWS\qccwccfo\main.css
C:\WINDOWS\qccwccfo\memory-prots.png
C:\WINDOWS\qccwccfo\net.png
C:\WINDOWS\qccwccfo\pc-mag.gif
C:\WINDOWS\qccwccfo\pc.gif
C:\WINDOWS\qccwccfo\poloska1.png
C:\WINDOWS\qccwccfo\poloska2.png
C:\WINDOWS\qccwccfo\poloska3.png
C:\WINDOWS\qccwccfo\promowp1.html
C:\WINDOWS\qccwccfo\promowp2.html
C:\WINDOWS\qccwccfo\promowp3.html
C:\WINDOWS\qccwccfo\promowp4.html
C:\WINDOWS\qccwccfo\promowp5.html
C:\WINDOWS\qccwccfo\reg.png
C:\WINDOWS\qccwccfo\repair.png
C:\WINDOWS\qccwccfo\scr-1.png
C:\WINDOWS\qccwccfo\scr-2.png
C:\WINDOWS\qccwccfo\start.png
C:\WINDOWS\qccwccfo\styles.css
C:\WINDOWS\qccwccfo\Thumbs.db
C:\WINDOWS\qccwccfo\top-rc.gif
C:\WINDOWS\qccwccfo\vline.gif
C:\WINDOWS\qccwccfo\wp.png
C:\WINDOWS\SYSTEM32\4fdw.dll
C:\WINDOWS\SYSTEM32\condt32.dll
C:\WINDOWS\SYSTEM32\nxaspush.ini
C:\WINDOWS\SYSTEM32\orqss.ini
C:\WINDOWS\SYSTEM32\unifff.dll
C:\WINDOWS\SYSTEM32\winfrun32.bin
C:\WINDOWS\SYSTEM32\xk4AbT.syz
C:\wpohl.exe
C:\wpohl.exe~

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NENUM13E
-------\nenum13E


((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-10 14:15 . 2008-02-10 14:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-10 14:14 . 2008-02-10 15:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-10 14:14 . 2008-02-10 14:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-10 14:14 . 2008-02-10 14:14 <DIR> d-------- C:\Documents and Settings\Brian Chen\Application Data\SUPERAntiSpyware.com
2008-02-10 14:07 . 2008-02-10 14:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-10 00:05 . 2008-02-10 00:05 10,752 --a------ C:\WINDOWS\SYSTEM32\worsock(2).dll
2008-02-10 00:05 . 2008-02-10 00:05 1 --a------ C:\WINDOWS\SYSTEM32\rc.dat
2008-02-10 00:05 . 2008-02-10 00:05 1 --a------ C:\WINDOWS\SYSTEM32\ps1.dat
2008-02-10 00:05 . 2008-02-10 00:05 1 --a------ C:\WINDOWS\SYSTEM32\cs.dat
2008-02-09 23:48 . 2008-02-09 23:48 2 --a------ C:\1559543603
2008-02-09 22:20 . 2008-02-09 22:20 <DIR> d-------- C:\Documents and Settings\User 1\Application Data\TVU Networks
2008-02-09 22:20 . 2008-02-09 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-02-09 22:18 . 2008-02-09 22:18 <DIR> d-------- C:\Program Files\TVU Player
2008-02-05 20:07 . 2008-02-05 20:07 <DIR> d-------- C:\Program Files\Dopool
2008-02-02 14:12 . 2008-02-02 14:12 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-02-02 14:12 . 2008-02-02 14:12 13,044 --a------ C:\WINDOWS\scunin.dat
2008-02-02 14:12 . 2008-02-02 14:12 967 --a------ C:\WINDOWS\ScUnin.pif
2008-01-30 20:12 . 2008-01-30 20:13 <DIR> d-------- C:\Program Files\SopCast
2008-01-30 19:54 . 2008-01-30 20:03 <DIR> d-------- C:\Program Files\Sogou PXP
2008-01-30 19:54 . 2008-01-30 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\p3p
2008-01-30 16:10 . 2008-01-30 16:10 274,432 --a------ C:\WINDOWS\SYSTEM32\libcurl.dll
2008-01-30 15:23 . 2008-01-30 15:23 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-28 22:11 . 2008-01-28 22:11 256 --a------ C:\WINDOWS\p2plog.dat
2008-01-26 19:20 . 2008-02-10 00:21 268 --ah----- C:\sqmdata19.sqm
2008-01-26 19:20 . 2008-02-10 00:21 244 --ah----- C:\sqmnoopt19.sqm
2008-01-26 12:59 . 2008-01-26 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-26 12:58 . 2008-01-26 12:58 <DIR> d-------- C:\Program Files\Dell Support Center
2008-01-26 00:26 . 2008-02-09 00:43 268 --ah----- C:\sqmdata18.sqm
2008-01-26 00:26 . 2008-02-09 00:43 244 --ah----- C:\sqmnoopt18.sqm
2008-01-25 18:59 . 2008-02-10 15:08 <DIR> d-------- C:\Program Files\Starcraft
2008-01-24 23:41 . 2008-02-08 20:40 268 --ah----- C:\sqmdata17.sqm
2008-01-24 23:41 . 2008-02-08 20:40 244 --ah----- C:\sqmnoopt17.sqm
2008-01-24 10:31 . 2008-01-24 10:32 <DIR> d-------- C:\Documents and Settings\Brian Chen\Application Data\QQDoctor
2008-01-23 23:51 . 2008-02-06 00:00 268 --ah----- C:\sqmdata16.sqm
2008-01-23 23:51 . 2008-02-06 00:00 244 --ah----- C:\sqmnoopt16.sqm
2008-01-22 23:26 . 2008-02-04 23:33 268 --ah----- C:\sqmdata15.sqm
2008-01-22 23:26 . 2008-02-04 23:33 244 --ah----- C:\sqmnoopt15.sqm
2008-01-21 23:31 . 2008-02-03 23:05 268 --ah----- C:\sqmdata14.sqm
2008-01-21 23:31 . 2008-02-03 23:05 244 --ah----- C:\sqmnoopt14.sqm
2008-01-21 01:44 . 2008-02-03 00:32 268 --ah----- C:\sqmdata13.sqm
2008-01-21 01:44 . 2008-02-03 00:32 244 --ah----- C:\sqmnoopt13.sqm
2008-01-20 00:52 . 2008-02-02 22:31 268 --ah----- C:\sqmdata12.sqm
2008-01-20 00:52 . 2008-02-02 22:31 244 --ah----- C:\sqmnoopt12.sqm
2008-01-18 22:46 . 2008-02-01 22:56 268 --ah----- C:\sqmdata11.sqm
2008-01-18 22:46 . 2008-02-01 22:56 244 --ah----- C:\sqmnoopt11.sqm
2008-01-18 13:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-01-18 13:10 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
2008-01-18 13:10 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-01-17 23:58 . 2008-01-31 23:01 268 --ah----- C:\sqmdata10.sqm
2008-01-17 23:58 . 2008-01-31 23:01 244 --ah----- C:\sqmnoopt10.sqm
2008-01-17 16:10 . 2008-01-30 23:40 268 --ah----- C:\sqmdata09.sqm
2008-01-17 16:10 . 2008-01-30 23:40 244 --ah----- C:\sqmnoopt09.sqm
2008-01-17 15:49 . 2008-01-30 20:04 268 --ah----- C:\sqmdata08.sqm
2008-01-17 15:49 . 2008-01-30 20:04 244 --ah----- C:\sqmnoopt08.sqm
2008-01-17 15:40 . 2008-01-17 15:45 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-17 15:39 . 2008-01-17 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-17 14:23 . 2008-01-17 14:23 <DIR> d-------- C:\Documents and Settings\User 1\Application Data\AIMPro
2008-01-12 21:54 . 2008-01-12 21:54 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-01-12 21:54 . 2008-01-12 21:54 <DIR> d-------- C:\Documents and Settings\Brian Chen\Application Data\NHN Corporation
2008-01-12 21:37 . 2008-01-21 18:19 <DIR> d-------- C:\Program Files\DriftCity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 19:25 --------- d-----w C:\Program Files\NetWaiting
2008-02-03 03:37 --------- d-----w C:\Program Files\LimeWire
2008-01-26 19:42 --------- d-----w C:\Program Files\KuGoo2007
2008-01-26 17:58 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-01-26 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-24 15:32 --------- d-----w C:\Documents and Settings\Brian Chen\Application Data\QQUpdate
2008-01-24 15:32 --------- d-----w C:\Documents and Settings\Brian Chen\Application Data\QQ
2008-01-12 23:31 --------- d--h--w C:\Documents and Settings\Brian Chen\Application Data\ijjigame
2008-01-02 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\thunder_dctemp
2008-01-02 00:29 --------- d-----w C:\Program Files\BitLord
2007-12-30 17:37 --------- d-----w C:\Documents and Settings\User 1\Application Data\QQUpdate
2007-12-30 06:18 --------- d-----w C:\Program Files\MUSICMATCH
2007-12-30 06:14 --------- d-----w C:\Program Files\BitSpirit
2007-12-30 06:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\mvcache
2007-12-30 05:54 --------- d-----w C:\Program Files\Thunder Network
2007-12-30 05:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\thunder_vod_cache
2007-12-30 05:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Thunder Network
2007-12-30 04:51 --------- d-----w C:\Documents and Settings\Brian Chen\Application Data\BitSpirit
2007-12-28 04:08 --------- d-----w C:\Program Files\Thoosje Sidebar V2.3
2007-12-28 04:08 --------- d-----w C:\Program Files\FlashGet
2007-12-27 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tencent
2007-12-25 00:59 --------- d-----w C:\Program Files\鱼鱼软件
2007-12-24 03:23 --------- d-----w C:\Documents and Settings\User 1\Application Data\acccore
2007-12-23 03:52 --------- d-----w C:\Documents and Settings\User 1\Application Data\Unispim
2007-12-23 00:18 --------- d-----w C:\Documents and Settings\User 1\Application Data\QQ
2007-12-22 17:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 17:42 --------- d-----w C:\Program Files\VideoLAN
2007-12-22 17:42 --------- d-----w C:\Program Files\SwiftSwitch
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3f15e156-969c-4721-a5b7-e3ee10b1b382}]
C:\WINDOWS\system32\wcamqcca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6607E676-1BDE-4cb3-9913-4DC5EBCAE35E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9296002a-1dd2-11b2-b608-bc35e55a3e09}]
C:\WINDOWS\wruzybqh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 16:42 1404928]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 13:16 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 13:52 339968]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54 57344]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05 122939]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-10-08 08:49 131072]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 16:15 139264]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05 212992]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 17:55 180224]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-08-22 16:31 1327104]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:00 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 12:20 50744]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe" [2005-04-13 18:51 385024]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-11 21:20 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\snmspykk]
snmspykk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuustt]
vtuustt.dll

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S1 4fdw;4fdw;C:\WINDOWS\system32\4fdw.dll []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-06 21:58:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-08 23:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (BRIAN-Brian Chen).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 16:01:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\conime.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
.
**************************************************************************
.
Completion time: 2008-02-10 16:05:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-10 21:05:54
ComboFix2.txt 2008-02-10 20:42:40
.
2008-01-19 03:46:21 --- E O F ---



the hijack from last time is posted in my other reply
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\SYSTEM32\worsock(2).dll
C:\WINDOWS\SYSTEM32\rc.dat
C:\WINDOWS\SYSTEM32\ps1.dat
C:\WINDOWS\SYSTEM32\cs.dat

Driver::
4fdw


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

  • 0

#7
AznSkill2k

AznSkill2k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ComboFix 08-02.05.3 - Brian Chen 2008-02-10 17:12:15.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.936.86.1033.18.639 [GMT -5:00]
Running from: C:\Documents and Settings\Brian Chen\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brian Chen\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\SYSTEM32\cs.dat
C:\WINDOWS\SYSTEM32\ps1.dat
C:\WINDOWS\SYSTEM32\rc.dat
C:\WINDOWS\SYSTEM32\worsock(2).dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\cs.dat
C:\WINDOWS\SYSTEM32\ps1.dat
C:\WINDOWS\SYSTEM32\rc.dat
C:\WINDOWS\SYSTEM32\worsock(2).dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\4fdw


((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-10 15:58 . 2004-08-04 06:00 388,608 --a------ C:\kmd.exe
2008-02-10 14:15 . 2008-02-10 14:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-10 14:14 . 2008-02-10 15:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-10 14:14 . 2008-02-10 14:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-10 14:14 . 2008-02-10 14:14 <DIR> d-------- C:\Documents and Settings\Brian Chen\Application Data\SUPERAntiSpyware.com
2008-02-10 14:07 . 2008-02-10 14:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-09 23:48 . 2008-02-09 23:48 2 --a------ C:\1559543603
2008-02-09 22:20 . 2008-02-09 22:20 <DIR> d-------- C:\Documents and Settings\User 1\Application Data\TVU Networks
2008-02-09 22:20 . 2008-02-09 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-02-09 22:18 . 2008-02-09 22:18 <DIR> d-------- C:\Program Files\TVU Player
2008-02-05 20:07 . 2008-02-05 20:07 <DIR> d-------- C:\Program Files\Dopool
2008-02-02 14:12 . 2008-02-02 14:12 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-02-02 14:12 . 2008-02-02 14:12 13,044 --a------ C:\WINDOWS\scunin.dat
2008-02-02 14:12 . 2008-02-02 14:12 967 --a------ C:\WINDOWS\ScUnin.pif
2008-01-30 20:12 . 2008-01-30 20:13 <DIR> d-------- C:\Program Files\SopCast
2008-01-30 19:54 . 2008-01-30 20:03 <DIR> d-------- C:\Program Files\Sogou PXP
2008-01-30 19:54 . 2008-01-30 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\p3p
2008-01-30 16:10 . 2008-01-30 16:10 274,432 --a------ C:\WINDOWS\SYSTEM32\libcurl.dll
2008-01-30 15:23 . 2008-01-30 15:23 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-28 22:11 . 2008-01-28 22:11 256 --a------ C:\WINDOWS\p2plog.dat
2008-01-26 19:20 . 2008-02-10 00:21 268 --ah----- C:\sqmdata19.sqm
2008-01-26 19:20 . 2008-02-10 00:21 244 --ah----- C:\sqmnoopt19.sqm
2008-01-26 12:59 . 2008-01-26 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-26 12:58 . 2008-01-26 12:58 <DIR> d-------- C:\Program Files\Dell Support Center
2008-01-26 00:26 . 2008-02-09 00:43 268 --ah----- C:\sqmdata18.sqm
2008-01-26 00:26 . 2008-02-09 00:43 244 --ah----- C:\sqmnoopt18.sqm
2008-01-25 18:59 . 2008-02-10 15:08 <DIR> d-------- C:\Program Files\Starcraft
2008-01-24 23:41 . 2008-02-08 20:40 268 --ah----- C:\sqmdata17.sqm
2008-01-24 23:41 . 2008-02-08 20:40 244 --ah----- C:\sqmnoopt17.sqm
2008-01-24 10:31 . 2008-01-24 10:32 <DIR> d-------- C:\Documents and Settings\Brian Chen\Application Data\QQDoctor
2008-01-23 23:51 . 2008-02-06 00:00 268 --ah----- C:\sqmdata16.sqm
2008-01-23 23:51 . 2008-02-06 00:00 244 --ah----- C:\sqmnoopt16.sqm
2008-01-22 23:26 . 2008-02-04 23:33 268 --ah----- C:\sqmdata15.sqm
2008-01-22 23:26 . 2008-02-04 23:33 244 --ah----- C:\sqmnoopt15.sqm
2008-01-21 23:31 . 2008-02-03 23:05 268 --ah----- C:\sqmdata14.sqm
2008-01-21 23:31 . 2008-02-03 23:05 244 --ah----- C:\sqmnoopt14.sqm
2008-01-21 01:44 . 2008-02-03 00:32 268 --ah----- C:\sqmdata13.sqm
2008-01-21 01:44 . 2008-02-03 00:32 244 --ah----- C:\sqmnoopt13.sqm
2008-01-20 00:52 . 2008-02-02 22:31 268 --ah----- C:\sqmdata12.sqm
2008-01-20 00:52 . 2008-02-02 22:31 244 --ah----- C:\sqmnoopt12.sqm
2008-01-18 22:46 . 2008-02-01 22:56 268 --ah----- C:\sqmdata11.sqm
2008-01-18 22:46 . 2008-02-01 22:56 244 --ah----- C:\sqmnoopt11.sqm
2008-01-18 13:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-01-18 13:10 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
2008-01-18 13:10 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-01-17 23:58 . 2008-01-31 23:01 268 --ah----- C:\sqmdata10.sqm
2008-01-17 23:58 . 2008-01-31 23:01 244 --ah----- C:\sqmnoopt10.sqm
2008-01-17 16:10 . 2008-01-30 23:40 268 --ah----- C:\sqmdata09.sqm
2008-01-17 16:10 . 2008-01-30 23:40 244 --ah----- C:\sqmnoopt09.sqm
2008-01-17 15:49 . 2008-01-30 20:04 268 --ah----- C:\sqmdata08.sqm
2008-01-17 15:49 . 2008-01-30 20:04 244 --ah----- C:\sqmnoopt08.sqm
2008-01-17 15:40 . 2008-01-17 15:45 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-17 15:39 . 2008-01-17 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-17 14:23 . 2008-01-17 14:23 <DIR> d-------- C:\Documents and Settings\User 1\Application Data\AIMPro
2008-01-12 21:54 . 2008-01-12 21:54 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-01-12 21:54 . 2008-01-12 21:54 <DIR> d-------- C:\Documents and Settings\Brian Chen\Application Data\NHN Corporation
2008-01-12 21:37 . 2008-01-21 18:19 <DIR> d-------- C:\Program Files\DriftCity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 19:25 --------- d-----w C:\Program Files\NetWaiting
2008-02-03 03:37 --------- d-----w C:\Program Files\LimeWire
2008-01-26 19:42 --------- d-----w C:\Program Files\KuGoo2007
2008-01-26 17:58 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-01-26 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-24 15:32 --------- d-----w C:\Documents and Settings\Brian Chen\Application Data\QQUpdate
2008-01-24 15:32 --------- d-----w C:\Documents and Settings\Brian Chen\Application Data\QQ
2008-01-12 23:31 --------- d--h--w C:\Documents and Settings\Brian Chen\Application Data\ijjigame
2008-01-02 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\thunder_dctemp
2008-01-02 00:29 --------- d-----w C:\Program Files\BitLord
2007-12-30 17:37 --------- d-----w C:\Documents and Settings\User 1\Application Data\QQUpdate
2007-12-30 06:18 --------- d-----w C:\Program Files\MUSICMATCH
2007-12-30 06:14 --------- d-----w C:\Program Files\BitSpirit
2007-12-30 06:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\mvcache
2007-12-30 05:54 --------- d-----w C:\Program Files\Thunder Network
2007-12-30 05:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\thunder_vod_cache
2007-12-30 05:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Thunder Network
2007-12-30 04:51 --------- d-----w C:\Documents and Settings\Brian Chen\Application Data\BitSpirit
2007-12-28 04:08 --------- d-----w C:\Program Files\Thoosje Sidebar V2.3
2007-12-28 04:08 --------- d-----w C:\Program Files\FlashGet
2007-12-27 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tencent
2007-12-25 00:59 --------- d-----w C:\Program Files\鱼鱼软件
2007-12-24 03:23 --------- d-----w C:\Documents and Settings\User 1\Application Data\acccore
2007-12-23 03:52 --------- d-----w C:\Documents and Settings\User 1\Application Data\Unispim
2007-12-23 00:18 --------- d-----w C:\Documents and Settings\User 1\Application Data\QQ
2007-12-22 17:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 17:42 --------- d-----w C:\Program Files\VideoLAN
2007-12-22 17:42 --------- d-----w C:\Program Files\SwiftSwitch
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3f15e156-969c-4721-a5b7-e3ee10b1b382}]
C:\WINDOWS\system32\wcamqcca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6607E676-1BDE-4cb3-9913-4DC5EBCAE35E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9296002a-1dd2-11b2-b608-bc35e55a3e09}]
C:\WINDOWS\wruzybqh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 16:42 1404928]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 13:16 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 13:52 339968]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54 57344]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05 122939]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-10-08 08:49 131072]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 16:15 139264]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05 212992]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 17:55 180224]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-08-22 16:31 1327104]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:00 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 12:20 50744]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe" [2005-04-13 18:51 385024]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-11 21:20 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\snmspykk]
snmspykk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuustt]
vtuustt.dll

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-06 21:58:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-08 23:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (BRIAN-Brian Chen).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 17:19:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\conime.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
.
**************************************************************************
.
Completion time: 2008-02-10 17:23:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-10 22:23:09
ComboFix2.txt 2008-02-10 21:05:57
ComboFix3.txt 2008-02-10 20:42:40
.
2008-01-19 03:46:21 --- E O F ---
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also post a new HijackThis log
  • 0

#9
AznSkill2k

AznSkill2k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 10, 2008 8:09:42 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/02/2008
Kaspersky Anti-Virus database records: 556170
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 132238
Number of viruses found: 14
Number of infected objects: 51
Number of suspicious objects: 0
Duration of the scan process: 01:24:47

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd002.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Brian Chen\.housecall6.6\Quarantine\bf[1].htm.bac_a01932 Infected: Exploit.JS.Agent.am skipped
C:\Documents and Settings\Brian Chen\.housecall6.6\Quarantine\bf[2].htm.bac_a01932 Infected: Exploit.JS.Agent.ar skipped
C:\Documents and Settings\Brian Chen\Application Data\Sun\Java\Deployment\cache\6.0\25\2138d899-203e186d/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Brian Chen\Application Data\Sun\Java\Deployment\cache\6.0\25\2138d899-203e186d ZIP: infected - 1 skipped
C:\Documents and Settings\Brian Chen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-2e8f809-3af4ec2a.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Brian Chen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-2e8f809-3af4ec2a.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Brian Chen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Brian Chen\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Brian Chen\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Brian Chen\Local Settings\Application Data\AOL OCP\AIM\Storage\data\aznboii92\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Brian Chen\Local Settings\Application Data\AOL OCP\AIM\Storage\data\aznskill2k\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Brian Chen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Brian Chen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Brian Chen\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brian Chen\Local Settings\Temp\bbassistant.log Object is locked skipped
C:\Documents and Settings\Brian Chen\Local Settings\Temp\~DF1CB3.tmp Object is locked skipped
C:\Documents and Settings\Brian Chen\Local Settings\Temp\~DF1CC4.tmp Object is locked skipped
C:\Documents and Settings\Brian Chen\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brian Chen\My Documents\keygen.exe Infected: Trojan-Downloader.Win32.Small.ieg skipped
C:\Documents and Settings\Brian Chen\My Documents\winrar_key.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Brian Chen\My Documents\winrar_key.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Small.ieg skipped
C:\Documents and Settings\Brian Chen\My Documents\winrar_key.exe/data.rar Infected: Trojan-Downloader.Win32.Small.ieg skipped
C:\Documents and Settings\Brian Chen\My Documents\winrar_key.exe RarSFX: infected - 3 skipped
C:\Documents and Settings\Brian Chen\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Brian Chen\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Verizon Online\ConnMgr\VZLog Object is locked skipped
C:\Program Files\Starcraft\bncache.dat Object is locked skipped
C:\Program Files\Starcraft\BnetLog.txt Object is locked skipped
C:\Program Files\Verizon Online\Help Support\SmartBridge\AlertFilter.log Object is locked skipped
C:\Program Files\Verizon Online\Help Support\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\Verizon Online\Help Support\SmartBridge\SmartBridge.log Object is locked skipped
C:\QooBox\Quarantine\C\qrwkjyd.exe.vir Infected: Trojan-Downloader.Win32.Agent.hyy skipped
C:\QooBox\Quarantine\C\WINDOWS\bck1.dat.vir Infected: Trojan-Proxy.Win32.Agent.rz skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cwepmmsg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gwhagnlj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\njmjuxix.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nupjwxdc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\sojiodra.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tuvwvsr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\windows.vir Infected: Trojan.Win32.Zapchast.dt skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ykqsjubt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\wpohl.exe.vir Infected: Backdoor.Win32.Agobot.app skipped
C:\QooBox\Quarantine\C\wpohl.exe~.vir Infected: Backdoor.Win32.Agobot.app skipped
C:\QooBox\Quarantine\catchme2008-02-10_160134.23.zip/4fdw.dll Infected: Trojan.Win32.Agent.fcn skipped
C:\QooBox\Quarantine\catchme2008-02-10_160134.23.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP881\A0113280.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP881\A0113347.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP881\A0113348.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP881\A0113349.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP881\A0113350.exe Infected: Trojan-Dropper.Win32.Nulprot.q skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP884\A0113389.dll Infected: not-a-virus:AdWare.Win32.E404.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP884\A0113390.dll Infected: not-a-virus:AdWare.Win32.E404.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP884\A0113391.dll Infected: not-a-virus:AdWare.Win32.E404.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP884\A0113392.dll Infected: not-a-virus:AdWare.Win32.E404.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP884\A0113416.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP884\A0113417.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP884\A0113421.dll Infected: not-a-virus:AdWare.Win32.MyWay.v skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP884\A0113422.dll Infected: not-a-virus:AdWare.Win32.E404.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP884\A0113423.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP884\A0113424.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP884\A0113425.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0113488.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0113489.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0113490.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0113491.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0113492.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0113493.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0113494.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP886\A0113558.exe Infected: Trojan-Downloader.Win32.Agent.hyy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP886\A0113566.exe Infected: Backdoor.Win32.Agobot.app skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SYSTEM32\acecpxex.dll Infected: Trojan.Win32.Crypt.o skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:15 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\conime.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {3f15e156-969c-4721-a5b7-e3ee10b1b382} - C:\WINDOWS\system32\wcamqcca.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - unifff.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9296002a-1dd2-11b2-b608-bc35e55a3e09} - C:\WINDOWS\wruzybqh.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol....oach_core_1.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\SYSTEM32\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\SYSTEM32\KuGoo3DownXControl.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: snmspykk - snmspykk.dll (file missing)
O20 - Winlogon Notify: vtuustt - vtuustt.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9145 bytes
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {3f15e156-969c-4721-a5b7-e3ee10b1b382} - C:\WINDOWS\system32\wcamqcca.dll (file missing)
O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - unifff.dll (file missing)
O2 - BHO: (no name) - {9296002a-1dd2-11b2-b608-bc35e55a3e09} - C:\WINDOWS\wruzybqh.dll (file missing)
O20 - Winlogon Notify: snmspykk - snmspykk.dll (file missing)
O20 - Winlogon Notify: vtuustt - vtuustt.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\Brian Chen\My Documents\keygen.exe
    C:\Documents and Settings\Brian Chen\My Documents\winrar_key.exe
    C:\WINDOWS\SYSTEM32\acecpxex.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Reboot and post a new HijackThis log and tell me how your PC is running
  • 0

Advertisements


#11
AznSkill2k

AznSkill2k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
File/Folder C:\Documents and Settings\Brian Chen\My Documents\keygen.exe not found.
File/Folder C:\Documents and Settings\Brian Chen\My Documents\winrar_key.exe not found.
C:\WINDOWS\SYSTEM32\acecpxex.dll unregistered successfully.
C:\WINDOWS\SYSTEM32\acecpxex.dll moved successfully.
[Custom Input]
< purity >

OTMoveIt2 v1.0.19 log created on 02112008_191854


Hijackthis report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:33 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {3f15e156-969c-4721-a5b7-e3ee10b1b382} - C:\WINDOWS\SYSTEM32\acecpxex.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol....oach_core_1.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\SYSTEM32\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\SYSTEM32\KuGoo3DownXControl.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8740 bytes
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {3f15e156-969c-4721-a5b7-e3ee10b1b382} - C:\WINDOWS\SYSTEM32\acecpxex.dll (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Reboot and post a new HijackThis log
  • 0

#13
AznSkill2k

AznSkill2k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:12 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol....oach_core_1.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\SYSTEM32\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\SYSTEM32\KuGoo3DownXControl.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8578 bytes
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

Now lets uninstall Combofix:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
The above procedure will do the following:
  • Delete ComboFix and its associated files and folders.
  • Delete VundoFix backups, if present
  • Delete the C:\Deckard folder, if present
  • Delete the C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.



  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Kleins article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#15
AznSkill2k

AznSkill2k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you, is that all I need to do? Also can you recommend a java that I should download.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP