Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

updated hijack, smithfraud, deckard scanner, combofix logs


  • Please log in to reply

#1
fluffy0123

fluffy0123

    New Member

  • Member
  • Pip
  • 2 posts
Sorry, I guess I went out of what I should of ran first and stuff like that, so here are my undated logs files and still have the darn trojan and who knows what else. As always thank you so much for your time and effort with my distress. Hope to here from you soon.....Please :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:07 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\mrofinu.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\logon.scr
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {08A3084E-E8C8-4DE1-9FB4-48179982C8DE} - C:\WINDOWS\system32\khfcabc.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndFibu7 IE Helper - {8041E642-8CFC-4720-BC9D-D2DB8904286F} - C:\Program Files\QdrDrive\QdrDrive12.dll (file missing)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {D4AC3A2F-EA82-4C95-8797-EF88493C5207} - C:\WINDOWS\system32\pmnlk.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\WINDOWS\system32\marwin32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7062] command /c del "C:\WINDOWS\system32\pmnlk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5385] cmd /c del "C:\WINDOWS\system32\pmnlk.dll_old"
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesga...om/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesga...om/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: khfcabc - C:\WINDOWS\SYSTEM32\khfcabc.dll
O22 - SharedTaskScheduler: hemoglobinometries - {c7cd9e83-3bf6-47f8-b2e2-b114c96c1888} - (no file)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

--
End of file - 10820 bytes


SmitFraudFix v2.301

Scan done at 14:00:47.82, Tue 03/11/2008
Run from C:\Documents and Settings\AnnaRoy\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\mrofinu.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\764.exe FOUND !
C:\WINDOWS\7search.dll FOUND !
C:\WINDOWS\absolute key logger.lnk FOUND !
C:\WINDOWS\aconti.exe FOUND !
C:\WINDOWS\aconti.ini FOUND !
C:\WINDOWS\aconti.log FOUND !
C:\WINDOWS\aconti.sdb FOUND !
C:\WINDOWS\acontidialer.txt FOUND !
C:\WINDOWS\adbar.dll FOUND !
C:\WINDOWS\cbinst$.exe FOUND !
C:\WINDOWS\daxtime.dll FOUND !
C:\WINDOWS\default.htm FOUND !
C:\WINDOWS\dp0.dll FOUND !
C:\WINDOWS\eventlowg.dll FOUND !
C:\WINDOWS\fhfmm-Uninstaller.exe FOUND !
C:\WINDOWS\fhfmm.exe FOUND !
C:\WINDOWS\flt.dll FOUND !
C:\WINDOWS\hcwprn.exe FOUND !
C:\WINDOWS\hotporn.exe FOUND !
C:\WINDOWS\iexplorr23.dll FOUND !
C:\WINDOWS\ie_32.exe FOUND !
C:\WINDOWS\jd2002.dll FOUND !
C:\WINDOWS\kkcomp$.exe FOUND !
C:\WINDOWS\kkcomp.dll FOUND !
C:\WINDOWS\kkcomp.exe FOUND !
C:\WINDOWS\kvnab$.exe FOUND !
C:\WINDOWS\kvnab.dll FOUND !
C:\WINDOWS\kvnab.exe FOUND !
C:\WINDOWS\liqad$.exe FOUND !
C:\WINDOWS\liqad.dll FOUND !
C:\WINDOWS\liqad.exe FOUND !
C:\WINDOWS\liqui-Uninstaller.exe FOUND !
C:\WINDOWS\liqui.dll FOUND !
C:\WINDOWS\liqui.exe FOUND !
C:\WINDOWS\ngd.dll FOUND !
C:\WINDOWS\pbar.dll FOUND !
C:\WINDOWS\pbsysie.dll FOUND !
C:\WINDOWS\settn.dll FOUND !
C:\WINDOWS\spredirect.dll FOUND !
C:\WINDOWS\vxddsk.exe FOUND !
C:\WINDOWS\wbeCheck.exe FOUND !
C:\WINDOWS\wbeInst$.exe FOUND !
C:\WINDOWS\wml.exe FOUND !
C:\WINDOWS\xadbrk.dll FOUND !
C:\WINDOWS\xadbrk.exe FOUND !
C:\WINDOWS\xadbrk_.exe FOUND !
C:\WINDOWS\xxxvideo.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\acespy\ FOUND !
C:\WINDOWS\system32\ace16win.dll FOUND !
C:\WINDOWS\system32\ESHOPEE.exe FOUND !
C:\WINDOWS\system32\mgmrwmrv.exe FOUND !
C:\WINDOWS\system32\msole32.exe FOUND !
C:\WINDOWS\system32\vxddsk.exe FOUND !
C:\WINDOWS\system32\winfrun32.bin FOUND !
C:\WINDOWS\system32\wml.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\AnnaRoy


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\AnnaRoy\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\AnnaRoy\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\3721\ FOUND !
C:\Program Files\Accoona\ FOUND !
C:\Program Files\akl\ FOUND !
C:\Program Files\amsys\ FOUND !
C:\Program Files\e-zshopper\ FOUND !
C:\Program Files\Helper\ FOUND !
C:\Program Files\p2pnetworks\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{c7cd9e83-3bf6-47f8-b2e2-b114c96c1888}"="hemoglobinometries"

[HKEY_CLASSES_ROOT\CLSID\{c7cd9e83-3bf6-47f8-b2e2-b114c96c1888}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{c7cd9e83-3bf6-47f8-b2e2-b114c96c1888}\InProcServer32]


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 24.25.227.55
DNS Server Search Order: 24.25.227.56
DNS Server Search Order: 66.75.160.63

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0B8F41D9-CEC7-47CB-8436-3E8D874EF73A}: DhcpNameServer=24.25.227.55 24.25.227.56 66.75.160.63
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0B8F41D9-CEC7-47CB-8436-3E8D874EF73A}: DhcpNameServer=24.25.227.55 24.25.227.56 66.75.160.63
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0B8F41D9-CEC7-47CB-8436-3E8D874EF73A}: DhcpNameServer=24.25.227.55 24.25.227.56 66.75.160.63
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.25.227.55 24.25.227.56 66.75.160.63
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.25.227.55 24.25.227.56 66.75.160.63
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.25.227.55 24.25.227.56 66.75.160.63


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Deckard's System Scanner v20071014.68
Run by AnnaRoy on 2008-03-11 14:21:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as AnnaRoy.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:30 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\mrofinu.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\logon.scr
C:\Documents and Settings\AnnaRoy\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\AnnaRoy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {08A3084E-E8C8-4DE1-9FB4-48179982C8DE} - C:\WINDOWS\system32\khfcabc.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndFibu7 IE Helper - {8041E642-8CFC-4720-BC9D-D2DB8904286F} - C:\Program Files\QdrDrive\QdrDrive12.dll (file missing)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {D4AC3A2F-EA82-4C95-8797-EF88493C5207} - C:\WINDOWS\system32\pmnlk.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\WINDOWS\system32\marwin32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7062] command /c del "C:\WINDOWS\system32\pmnlk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5385] cmd /c del "C:\WINDOWS\system32\pmnlk.dll_old"
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesga...om/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesga...om/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: khfcabc - C:\WINDOWS\SYSTEM32\khfcabc.dll
O22 - SharedTaskScheduler: hemoglobinometries - {c7cd9e83-3bf6-47f8-b2e2-b114c96c1888} - (no file)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

--
End of file - 10858 bytes

-- Files created between 2008-02-11 and 2008-03-11 -----------------------------

2008-03-11 13:41:46 0 d-------- C:\Program Files\e-zshopper
2008-03-11 13:36:19 0 d-------- C:\Program Files\Trend Micro
2008-03-11 05:32:46 878 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-11 05:04:18 16640 --a------ C:\WINDOWS\kvnab.dll
2008-03-11 05:04:17 23808 --a------ C:\WINDOWS\kvnab.exe
2008-03-11 05:04:15 12032 --a------ C:\WINDOWS\settn.dll
2008-03-11 05:04:15 15360 --a------ C:\WINDOWS\kvnab$.exe
2008-03-11 05:04:14 31232 --a------ C:\WINDOWS\hcwprn.exe
2008-03-11 05:04:11 20480 --a------ C:\WINDOWS\pbsysie.dll
2008-03-11 05:04:09 19200 --a------ C:\WINDOWS\wbeInst$.exe
2008-03-11 05:04:09 17152 --a------ C:\WINDOWS\wbeCheck.exe
2008-03-11 05:04:01 12544 --a------ C:\WINDOWS\system32\wml.exe
2008-03-11 05:04:01 0 d-------- C:\Program Files\Accoona
2008-03-11 05:04:00 21760 --a------ C:\WINDOWS\7search.dll
2008-03-11 04:17:43 17664 --a------ C:\WINDOWS\adbar.dll
2008-03-11 04:17:39 23552 --a------ C:\WINDOWS\aconti.exe
2008-03-11 04:17:37 17408 --a------ C:\WINDOWS\xxxvideo.exe
2008-03-11 04:17:32 32000 --a------ C:\WINDOWS\764.exe
2008-03-11 04:15:28 30720 --a------ C:\WINDOWS\hotporn.exe
2008-03-10 23:34:56 0 d-------- C:\Program Files\3721
2008-03-10 22:17:47 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-10 21:33:45 0 d-------- C:\Program Files\amsys
2008-03-10 21:21:48 14080 --a------ C:\WINDOWS\iexplorr23.dll
2008-03-10 21:21:45 16384 --a------ C:\WINDOWS\system32\ace16win.dll
2008-03-10 21:21:37 12544 --a------ C:\WINDOWS\system32\vxddsk.exe
2008-03-10 21:21:30 24320 --a------ C:\WINDOWS\pbar.dll
2008-03-10 07:45:38 37376 --a------ C:\WINDOWS\mrofinu72.exe
2008-03-08 18:34:38 0 d-------- C:\Documents and Settings\royce.FINONA\Application Data\Macromedia
2008-03-08 18:33:44 0 d-------- C:\Documents and Settings\royce.FINONA\Application Data\Google
2008-03-08 18:30:53 0 d-------- C:\Documents and Settings\royce.FINONA\Application Data\Identities
2008-03-08 18:29:43 0 dr-h----- C:\Documents and Settings\royce.FINONA\SendTo
2008-03-08 18:29:43 0 dr-h----- C:\Documents and Settings\royce.FINONA\Recent
2008-03-08 18:29:43 0 d--h----- C:\Documents and Settings\royce.FINONA\PrintHood
2008-03-08 18:29:43 0 d--h----- C:\Documents and Settings\royce.FINONA\NetHood
2008-03-08 18:29:43 0 dr------- C:\Documents and Settings\royce.FINONA\My Documents
2008-03-08 18:29:43 0 d--h----- C:\Documents and Settings\royce.FINONA\Local Settings
2008-03-08 18:29:43 0 dr------- C:\Documents and Settings\royce.FINONA\Favorites
2008-03-08 18:29:43 0 d-------- C:\Documents and Settings\royce.FINONA\Desktop
2008-03-08 18:29:43 0 d--hs---- C:\Documents and Settings\royce.FINONA\Cookies
2008-03-08 18:29:43 0 dr-h----- C:\Documents and Settings\royce.FINONA\Application Data
2008-03-08 18:29:43 0 d---s---- C:\Documents and Settings\royce.FINONA\Application Data\Microsoft
2008-03-08 18:29:42 0 d--h----- C:\Documents and Settings\royce.FINONA\Templates
2008-03-08 18:29:42 0 dr------- C:\Documents and Settings\royce.FINONA\Start Menu
2008-03-08 18:29:42 2097152 --ah----- C:\Documents and Settings\royce.FINONA\NTUSER.DAT
2008-03-07 23:19:29 16640 --a------ C:\WINDOWS\eventlowg.dll
2008-03-07 23:19:29 12288 --a------ C:\WINDOWS\daxtime.dll
2008-03-07 23:19:28 22272 --a------ C:\WINDOWS\system32\msole32.exe
2008-03-07 23:19:28 25344 --a------ C:\WINDOWS\liqui.dll
2008-03-07 23:19:27 18176 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2008-03-07 23:19:27 13312 --a------ C:\WINDOWS\liqui.exe
2008-03-07 23:19:27 24576 --a------ C:\WINDOWS\fhfmm.exe
2008-03-07 23:19:26 29184 --a------ C:\WINDOWS\xadbrk.dll
2008-03-07 23:19:26 25600 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2008-03-07 23:19:25 27392 --a------ C:\WINDOWS\xadbrk_.exe
2008-03-07 23:19:25 9472 --a------ C:\WINDOWS\xadbrk.exe
2008-03-07 23:19:24 25088 --a------ C:\WINDOWS\kkcomp.dll
2008-03-07 23:19:23 25088 --a------ C:\WINDOWS\liqad.dll
2008-03-07 23:19:23 9984 --a------ C:\WINDOWS\kkcomp.exe
2008-03-07 23:19:23 16640 --a------ C:\WINDOWS\kkcomp$.exe
2008-03-07 23:19:22 15104 --a------ C:\WINDOWS\liqad.exe
2008-03-07 23:19:22 22784 --a------ C:\WINDOWS\liqad$.exe
2008-03-07 23:19:19 20992 --a------ C:\WINDOWS\cbinst$.exe
2008-03-07 23:19:15 30976 --a------ C:\WINDOWS\jd2002.dll
2008-03-07 23:19:04 28416 --a------ C:\WINDOWS\spredirect.dll
2008-03-07 23:19:03 20224 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2008-03-07 23:18:56 32512 --a------ C:\WINDOWS\ie_32.exe
2008-03-07 23:18:54 0 d-------- C:\WINDOWS\system32\acespy
2008-03-07 23:18:53 18688 --a------ C:\WINDOWS\ngd.dll
2008-03-07 23:18:52 22272 --a------ C:\WINDOWS\dp0.dll
2008-03-07 23:18:51 0 d-------- C:\Program Files\p2pnetworks
2008-03-07 23:18:46 0 d-------- C:\Program Files\akl
2008-03-07 23:18:45 30208 --a------ C:\WINDOWS\vxddsk.exe
2008-03-07 23:18:43 8192 --a------ C:\WINDOWS\wml.exe
2008-03-07 23:18:42 29952 --a------ C:\WINDOWS\flt.dll
2008-03-07 23:06:53 145026 --ahs---- C:\WINDOWS\system32\klnmp.ini2
2008-03-07 23:03:18 26112 --a------ C:\WINDOWS\system32\marwin32.dll
2008-03-07 23:03:08 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-07 23:03:02 0 d-------- C:\WINDOWS\?racle
2008-03-07 23:02:51 89099 --a------ C:\WINDOWS\system32\mgmrwmrv.exe <Not Verified; Microsoft; runbll>
2008-03-07 23:02:40 0 d-------- C:\Program Files\webHancer
2008-03-07 23:02:25 0 d-------- C:\Program Files\QdrPack
2008-03-07 23:01:14 37376 --a------ C:\WINDOWS\system32\khfcabc.dll
2008-02-17 17:35:33 0 d-------- C:\Documents and Settings\AnnaRoy\.housecall6.6


-- Find3M Report ---------------------------------------------------------------

2008-03-11 04:11:13 0 d-------- C:\Documents and Settings\AnnaRoy\Application Data\Identities
2008-03-10 21:20:27 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-10 19:52:14 0 d-------- C:\Program Files\Common Files
2008-03-07 23:00:58 2404 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-11 19:46:03 0 d-------- C:\Program Files\Helper
2008-02-10 23:30:30 6442 --a------ C:\WINDOWS\unins000.dat
2008-02-10 23:15:10 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-10 22:43:06 0 d-------- C:\Program Files\Canon
2008-02-06 23:22:53 0 d-------- C:\Documents and Settings\AnnaRoy\Application Data\ScanSoft
2008-02-06 23:22:07 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-02-06 23:21:20 0 d-------- C:\Program Files\ScanSoft
2008-02-06 23:19:38 0 d-------- C:\Program Files\ArcSoft
2008-02-06 23:19:37 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08A3084E-E8C8-4DE1-9FB4-48179982C8DE}]
03/07/2008 11:01 PM 37376 --a------ C:\WINDOWS\system32\khfcabc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8041E642-8CFC-4720-BC9D-D2DB8904286F}]
C:\Program Files\QdrDrive\QdrDrive12.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4AC3A2F-EA82-4C95-8797-EF88493C5207}]
C:\WINDOWS\system32\pmnlk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
03/07/2008 11:03 PM 26112 --a------ C:\WINDOWS\system32\marwin32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 08:00 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 03:50 AM]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [10/07/2003 09:48 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 03:07 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB7062"=command /c del "C:\WINDOWS\system32\pmnlk.dll_old"
"SpybotDeletingD5385"=cmd /c del "C:\WINDOWS\system32\pmnlk.dll_old"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [10/09/2004 03:18 PM 49152]
"{08A3084E-E8C8-4DE1-9FB4-48179982C8DE}"= C:\WINDOWS\system32\khfcabc.dll [03/07/2008 11:01 PM 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcabc]
khfcabc.dll 03/07/2008 11:01 PM 37376 C:\WINDOWS\system32\khfcabc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnlk.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\Msetup4.exe

*Newly Created Service* - ENTDRV51



-- End of Deckard's System Scanner: finished at 2008-03-11 14:27:18 ------------

Start Time= Tue 03/11/2008 14:11:54.45

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-03-11 14:02:02 878 ( A.... ) "C:\WINDOWS\system32\tmp.reg"
2008-03-11 13:41:48 ( .D... ) "C:\Program Files\e-zshopper"
2008-03-11 13:36:20 ( .D... ) "C:\Program Files\Trend Micro"
2008-03-11 05:04:20 16640 ( A.... ) "C:\WINDOWS\kvnab.dll"
2008-03-11 05:04:18 23808 ( A.... ) "C:\WINDOWS\kvnab.exe"
2008-03-11 05:04:16 31232 ( A.... ) "C:\WINDOWS\hcwprn.exe"
2008-03-11 05:04:16 15360 ( A.... ) "C:\WINDOWS\kvnab$.exe"
2008-03-11 05:04:16 12032 ( A.... ) "C:\WINDOWS\settn.dll"
2008-03-11 05:04:12 20480 ( A.... ) "C:\WINDOWS\pbsysie.dll"
2008-03-11 05:04:10 19200 ( A.... ) "C:\WINDOWS\wbeInst$.exe"
2008-03-11 05:04:10 17152 ( A.... ) "C:\WINDOWS\wbeCheck.exe"
2008-03-11 05:04:02 21760 ( A.... ) "C:\WINDOWS\7search.dll"
2008-03-11 05:04:02 12544 ( A.... ) "C:\WINDOWS\system32\wml.exe"
2008-03-11 05:04:02 ( .D... ) "C:\Program Files\Accoona"
2008-03-11 04:17:44 17664 ( A.... ) "C:\WINDOWS\adbar.dll"
2008-03-11 04:17:40 23552 ( A.... ) "C:\WINDOWS\aconti.exe"
2008-03-11 04:17:38 17408 ( A.... ) "C:\WINDOWS\xxxvideo.exe"
2008-03-11 04:17:34 32000 ( A.... ) "C:\WINDOWS\764.exe"
2008-03-11 04:15:30 30720 ( A.... ) "C:\WINDOWS\hotporn.exe"
2008-03-10 23:34:58 ( .D... ) "C:\Program Files\3721"
2008-03-10 21:33:46 ( .D... ) "C:\Program Files\amsys"
2008-03-10 21:21:50 14080 ( A.... ) "C:\WINDOWS\iexplorr23.dll"
2008-03-10 21:21:46 16384 ( A.... ) "C:\WINDOWS\system32\ace16win.dll"
2008-03-10 21:21:38 12544 ( A.... ) "C:\WINDOWS\system32\vxddsk.exe"
2008-03-10 21:21:32 24320 ( A.... ) "C:\WINDOWS\pbar.dll"
2008-03-10 07:45:38 37376 ( A.... ) "C:\WINDOWS\mrofinu72.exe"
2008-03-07 23:19:30 25344 ( A.... ) "C:\WINDOWS\liqui.dll"
2008-03-07 23:19:30 22272 ( A.... ) "C:\WINDOWS\system32\msole32.exe"
2008-03-07 23:19:30 16640 ( A.... ) "C:\WINDOWS\eventlowg.dll"
2008-03-07 23:19:30 12288 ( A.... ) "C:\WINDOWS\daxtime.dll"
2008-03-07 23:19:28 29184 ( A.... ) "C:\WINDOWS\xadbrk.dll"
2008-03-07 23:19:28 25600 ( A.... ) "C:\WINDOWS\fhfmm-Uninstaller.exe"
2008-03-07 23:19:28 24576 ( A.... ) "C:\WINDOWS\fhfmm.exe"
2008-03-07 23:19:28 18176 ( A.... ) "C:\WINDOWS\liqui-Uninstaller.exe"
2008-03-07 23:19:28 13312 ( A.... ) "C:\WINDOWS\liqui.exe"
2008-03-07 23:19:26 27392 ( A.... ) "C:\WINDOWS\xadbrk_.exe"
2008-03-07 23:19:26 25088 ( A.... ) "C:\WINDOWS\kkcomp.dll"
2008-03-07 23:19:26 9472 ( A.... ) "C:\WINDOWS\xadbrk.exe"
2008-03-07 23:19:24 25088 ( A.... ) "C:\WINDOWS\liqad.dll"
2008-03-07 23:19:24 22784 ( A.... ) "C:\WINDOWS\liqad$.exe"
2008-03-07 23:19:24 16640 ( A.... ) "C:\WINDOWS\kkcomp$.exe"
2008-03-07 23:19:24 15104 ( A.... ) "C:\WINDOWS\liqad.exe"
2008-03-07 23:19:24 9984 ( A.... ) "C:\WINDOWS\kkcomp.exe"
2008-03-07 23:19:20 20992 ( A.... ) "C:\WINDOWS\cbinst$.exe"
2008-03-07 23:19:16 30976 ( A.... ) "C:\WINDOWS\jd2002.dll"
2008-03-07 23:19:06 28416 ( A.... ) "C:\WINDOWS\spredirect.dll"
2008-03-07 23:19:04 20224 ( A.... ) "C:\WINDOWS\system32\ESHOPEE.exe"
2008-03-07 23:18:58 32512 ( A.... ) "C:\WINDOWS\ie_32.exe"
2008-03-07 23:18:54 22272 ( A.... ) "C:\WINDOWS\dp0.dll"
2008-03-07 23:18:54 18688 ( A.... ) "C:\WINDOWS\ngd.dll"
2008-03-07 23:18:52 ( .D... ) "C:\Program Files\p2pnetworks"
2008-03-07 23:18:48 ( .D... ) "C:\Program Files\akl"
2008-03-07 23:18:46 30208 ( A.... ) "C:\WINDOWS\vxddsk.exe"
2008-03-07 23:18:44 29952 ( A.... ) "C:\WINDOWS\flt.dll"
2008-03-07 23:18:44 8192 ( A.... ) "C:\WINDOWS\wml.exe"
2008-03-07 23:06:48 331872 ( A.... ) "C:\WINDOWS\system32\pmnlk.dll_old"
2008-03-07 23:03:20 26112 ( A.... ) "C:\WINDOWS\system32\marwin32.dll"
2008-03-07 23:02:54 89099 ( A.... ) "C:\WINDOWS\system32\mgmrwmrv.exe"
2008-03-07 23:02:42 ( .D... ) "C:\Program Files\webHancer"
2008-03-07 23:02:26 ( .D... ) "C:\Program Files\QdrPack"
2008-03-07 23:01:16 37376 ( A.... ) "C:\WINDOWS\system32\khfcabc.dll"
2008-02-10 23:15:12 691545 ( A.... ) "C:\WINDOWS\unins000.exe"
2008-02-06 23:22:54 ( .D... ) "C:\Documents and Settings\AnnaRoy\Application Data\ScanSoft"
2008-02-06 23:21:22 ( .D... ) "C:\Program Files\ScanSoft"
2008-02-06 23:21:22 ( .D... ) "C:\Program Files\Common Files\ScanSoft Shared"
2008-02-06 23:19:40 ( .D... ) "C:\Program Files\ArcSoft"
2008-02-06 23:13:38 ( .D... ) "C:\Program Files\Canon"
2008-02-04 13:09:46 18214008 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2008-02-01 03:21:04 245408 ( A.... ) "C:\WINDOWS\system32\unicows.dll"
2008-01-10 19:53:32 44544 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"
2007-12-19 13:01:06 347136 ( A.... ) "C:\WINDOWS\system32\dxtmsft.dll"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\tbmon.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB7062"="command /c del \"C:\\WINDOWS\\system32\\pmnlk.dll_old\""
"SpybotDeletingD5385"="cmd /c del \"C:\\WINDOWS\\system32\\pmnlk.dll_old\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{c7cd9e83-3bf6-47f8-b2e2-b114c96c1888}"="hemoglobinometries"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=""
"{08A3084E-E8C8-4DE1-9FB4-48179982C8DE}"=""


Contents of the 'Scheduled Tasks' folder

Completion time: Tue 03/11/2008 14:17:45.39
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt

Hope you can help soon (waiting patiencely :) )
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP