Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Blue Wallpaper saying fatal problems [CLOSED]


  • This topic is locked This topic is locked

#1
wop8989

wop8989

    New Member

  • Member
  • Pip
  • 2 posts
I have run, AdAware, Spybot Search and Destroy, and SuperAnitspyware, and nothing seems to get rid of it. Not to mention it is really slow.

Here is my Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:37 PM, on 4/8/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Linksys\Odyssey Client for Linksys\OdTray.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WLMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\SpyZooka\spyzooka.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\wuauclt.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\sbwltbxa.exe,
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Linksys\Odyssey Client for Linksys\OdTray.exe"
O4 - HKLM\..\Run: [WLMonWPC54G] C:\Program Files\Linksys\Wireless-G Notebook Adapter\WLMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [0060753a] rundll32.exe "C:\Windows\System32\ntcbxixg.dll",b
O4 - HKLM\..\Run: [BM035346a6] Rundll32.exe "C:\Windows\System32\nvmapiwf.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Advisor - {C3333EB1-45A3-4AEA-B274-8F3B6DFB3AC1} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1175319075590
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7064 bytes
  • 0

Advertisements


#2
Lusitano

Lusitano

    Trusted Helper

  • Retired Staff
  • 508 posts
Hi,

Download ComboFix from Here or Here to your Desktop.
Read first: "How to download and use ComboFix"
If you downloaded ComboFix previously, delete that version and download it again as the tool is frequently updated!
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
  • Be sure to re-enable your anti-virus and other security programs, after ComboFix finished.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist. Please read Combofix's Disclaimer


Regards
  • 0

#3
wop8989

wop8989

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thank you for your help with this problem, here are the logs that you asked for...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:57 PM, on 4/9/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Linksys\Odyssey Client for Linksys\OdTray.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WLMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\wuauclt.exe
C:\Windows\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1a58886f-b31d-4379-99a5-d4bdfddee269} - C:\Windows\System32\trjsymop.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Bat Class - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {868af55f-7e85-40c8-9ad3-5e36139c6dc5} - C:\Windows\System32\cudllnhy.dll (file missing)
O2 - BHO: (no name) - {a7ea128e-97c6-4c5f-9a0b-a3c703e3567c} - C:\Windows\System32\brapqwld.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Linksys\Odyssey Client for Linksys\OdTray.exe"
O4 - HKLM\..\Run: [WLMonWPC54G] C:\Program Files\Linksys\Wireless-G Notebook Adapter\WLMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Advisor - {C3333EB1-45A3-4AEA-B274-8F3B6DFB3AC1} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1175319075590
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7947 bytes




ComboFix 08-04-09.8 - Skylar Adams 2008-04-09 22:56:09.2 - NTFSx86
Running from: C:\Documents and Settings\Skylar Adams\My Documents\My Videos\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\stc
C:\Program Files\stc\csv5p070.exe
C:\Program Files\Sysmnt
C:\Program Files\Sysmnt\Ssmgr.exe
C:\Temp\sanR24
C:\Windows\bjam.dll
C:\Windows\BM035346a6.xml
C:\Windows\cookies.ini
C:\Windows\mssvr.exe
C:\Windows\pskt.ini
C:\Windows\saiemod.dll
C:\Windows\system32\bidtjnld.dll
C:\Windows\system32\chqlaocp.dll
C:\Windows\system32\cqanhabb.dll
C:\Windows\system32\dgevdgta.dll
C:\Windows\system32\DgjlmUvw.ini
C:\WINDOWS\system32\DgjlmUvw.ini2
C:\Windows\system32\gxixbctn.ini
C:\Windows\system32\icetchme.ini
C:\Windows\system32\iDlo01
C:\Windows\system32\iDlo01\iDlo011065.exe
C:\Windows\system32\kefcgfsh.dll
C:\Windows\system32\kgjjoijb.ini
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mlJAsRIC.dll
C:\Windows\system32\nvmapiwf.dll
C:\Windows\system32\pac.txt
C:\Windows\system32\pcoalqhc.ini
C:\Windows\system32\pmnnOHWP.dll
C:\Windows\system32\puwebpdc.ini
C:\WINDOWS\system32\PWHOnnmp.ini
C:\WINDOWS\system32\PWHOnnmp.ini2
C:\Windows\system32\qwywjocx.dll
C:\Windows\system32\rciqknkx.ini
C:\Windows\system32\slouhmvm.dll
C:\WINDOWS\system32\StvyaGgh.ini
C:\WINDOWS\system32\StvyaGgh.ini2
C:\Windows\system32\swcfymkg.dll
C:\WINDOWS\system32\UCfhgMoq.ini
C:\WINDOWS\system32\UCfhgMoq.ini2
C:\Windows\system32\vlxctdag.dll
C:\WINDOWS\system32\vybIlUtv.ini
C:\WINDOWS\system32\vybIlUtv.ini2
C:\Windows\system32\wer8274.dll
C:\Windows\system32\winfrun32.bin
C:\Windows\system32\xqiealai.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-10 19:38 . 2008-04-10 19:38 3,648 --a------ C:\WINDOWS\system32\gbkadlgj.dll
2008-04-09 20:58 . 2008-04-09 20:58 3,648 --a------ C:\WINDOWS\system32\ewibqvdp.dll
2008-04-09 17:30 . 2008-04-09 17:30 3,648 --a------ C:\WINDOWS\system32\xtptmiek.dll
2008-04-09 00:53 . 2008-04-09 16:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-09 00:53 . 2008-04-09 00:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-09 00:08 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-08 17:40 . 2008-04-08 17:40 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-08 17:39 . 2008-04-08 17:40 <DIR> d-------- C:\Program Files\Panda Security
2008-04-08 17:06 . 2008-04-08 17:06 <DIR> d-------- C:\Documents and Settings\Adam\Application Data\SUPERAntiSpyware.com
2008-04-03 01:22 . 2008-04-03 01:22 295 --ahs---- C:\WINDOWS\system32\bvtudnwv.ini
2008-04-03 01:09 . 2008-04-03 01:10 <DIR> d-------- C:\Program Files\SpyZooka
2008-04-03 00:56 . 2008-04-03 00:56 295 ---hs---- C:\WINDOWS\system32\xclliyfr.ini
2008-04-01 14:16 . 2008-04-01 14:16 <DIR> d-------- C:\Program Files\XoftSpySE
2008-04-01 14:06 . 2008-04-01 14:06 1,597,174 ---hs---- C:\WINDOWS\system32\wntupucv.ini
2008-04-01 13:54 . 2008-04-01 13:54 82 --a------ C:\WINDOWS\wininit.ini
2008-04-01 03:40 . 2008-04-01 03:40 1,583,189 --ahs---- C:\WINDOWS\system32\dhcummwq.ini
2008-04-01 01:09 . 2008-04-01 01:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-01 01:08 . 2008-04-01 14:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-01 01:07 . 2008-04-01 01:07 710 --ah----- C:\aaw7boot.cmd
2008-04-01 00:49 . 2008-04-01 00:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-01 00:49 . 2008-04-01 00:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-01 00:40 . 2008-04-01 01:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 00:29 . 2008-04-01 01:08 1,583,817 --ahs---- C:\WINDOWS\system32\cwcskidm.ini
2008-03-31 02:40 . 2008-03-31 02:40 <DIR> d-------- C:\WINDOWS\system32\bits
2008-03-31 02:39 . 2004-07-01 18:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-03-31 02:39 . 2004-06-30 19:59 158,720 --------- C:\WINDOWS\system32\xpob2res.dll
2008-03-31 02:39 . 2004-07-01 18:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-03-31 02:39 . 2004-07-01 18:08 7,680 --a------ C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-03-31 02:39 . 2004-07-01 18:08 7,680 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-03-31 02:39 . 2004-07-01 18:08 7,168 --a------ C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-03-31 02:39 . 2004-07-01 18:08 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-03-31 02:35 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-31 02:35 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-27 10:49 . 2008-03-27 10:49 187,904 ---hs---- C:\Program Files\Common Files\Yazzle1552OinAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 01:28 335,360 ----a-w C:\Windows\Internet Logs\xDB13.tmp
2008-04-11 01:28 1,498,624 ----a-w C:\Windows\Internet Logs\xDB14.tmp
2008-04-10 03:25 5,033,472 ----a-w C:\Windows\Internet Logs\xDB12.tmp
2008-04-01 04:30 --------- d-----w C:\Program Files\Bat
2008-04-01 04:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-25 21:51 --------- d-----w C:\Documents and Settings\Adam\Application Data\Gtek
2008-02-25 20:21 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-21 17:05 4,052,992 ----a-w C:\Windows\Internet Logs\xDB10.tmp
2008-01-21 17:04 1,422,336 ----a-w C:\Windows\Internet Logs\xDB11.tmp
2008-01-15 21:52 140,800 --sh--w C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
2007-11-23 21:59 532,480 ----a-w C:\Windows\Internet Logs\xDBF.tmp
2007-11-14 20:22 2,347,008 ----a-w C:\Windows\Internet Logs\xDBD.tmp
2007-11-14 20:22 1,400,320 ----a-w C:\Windows\Internet Logs\xDBE.tmp
2007-11-07 03:05 729,088 ----a-w C:\Windows\Internet Logs\xDB2.tmp
2007-11-07 03:05 1,393,152 ----a-w C:\Windows\Internet Logs\xDBC.tmp
2007-11-06 00:33 8,428,544 ----a-w C:\Windows\Internet Logs\xDB1.tmp
2007-11-06 00:33 1,390,592 ----a-w C:\Windows\Internet Logs\xDBB.tmp
2007-10-14 23:39 307,712 ----a-w C:\Windows\Internet Logs\xDB8.tmp
2007-10-13 18:56 1,347,584 ----a-w C:\Windows\Internet Logs\xDBA.tmp
2007-10-13 18:56 1,173,504 ----a-w C:\Windows\Internet Logs\xDB7.tmp
2007-09-30 17:31 152,576 ----a-w C:\Windows\Internet Logs\xDB6.tmp
2007-09-30 17:31 1,329,664 ----a-w C:\Windows\Internet Logs\xDB9.tmp
2007-09-04 17:21 373,248 ----a-w C:\Windows\Internet Logs\xDB3.tmp
2007-09-04 17:21 1,327,104 ----a-w C:\Windows\Internet Logs\xDB4.tmp
2007-08-16 19:37 3,795,968 ----a-w C:\Windows\Internet Logs\xDB5.tmp
2007-03-30 19:54 41,724 --sh--w C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2007-03-09 04:48 41,723 --sh--w C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2007-03-08 03:08 2,015,232 ----a-w C:\Windows\Internet Logs\tvDebug.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{064D268D-A26F-407A-9EDF-7A954A9A7AD2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{069FAEB2-2E65-4E85-9C81-A58FA6BD75E6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F21C3B5-90D2-44B5-8425-DD7B56B67873}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a58886f-b31d-4379-99a5-d4bdfddee269}]
C:\Windows\System32\trjsymop.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A832D23-D83F-4F42-949D-090396B790DB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{399d4108-ec95-433a-bf9d-a2d309e16c09}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E3DB94E-6F2C-4B1B-AC31-E4052CDC1087}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F7460B-C831-4142-A4AA-5EC303EC4343}]
2008-03-07 22:15 413696 --a------ C:\Program Files\Bat\Bat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72746636-6B62-470F-95FE-7C4243B21891}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{868af55f-7e85-40c8-9ad3-5e36139c6dc5}]
C:\Windows\System32\cudllnhy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a7ea128e-97c6-4c5f-9a0b-a3c703e3567c}]
C:\Windows\System32\brapqwld.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFA7416F-6EBA-43E5-B485-D32C6C78E1DB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0831BD6-0558-4DAE-BB8E-4C14B9C37119}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 01:14 1077277]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 20:07 389120]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 14:25 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 17:03 1481968]
"SpyZooka"="C:\Program Files\SpyZooka\SpyZookaLdr.exe" [2007-04-06 22:12 39656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AtiPTA"="atiptaxx.exe" [2002-02-14 12:42 315392 C:\WINDOWS\system32\atiptaxx.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-04-25 17:15 126976]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-04-25 17:14 540672]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 09:34 36864]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2002-05-03 10:24 26112]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-13 12:00 311350]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 12:00 28739]
"eabconfg.cpl"="C:\Program Files\Compaq\EAB\EabServr.exe" [2002-03-07 14:49 171665]
"OdTray.exe"="C:\Program Files\Linksys\Odyssey Client for Linksys\OdTray.exe" [2003-06-26 15:45 626746]
"WLMonWPC54G"="C:\Program Files\Linksys\Wireless-G Notebook Adapter\WLMon.exe" [2003-08-08 22:53 20480]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-08 20:45 98304]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-06-18 17:54 968696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"@"="" []
"0060753a"="C:\Windows\System32\chqlaocp.dll" [ ]
"BM035346a6"="C:\Windows\System32\cqanhabb.dll" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-13 12:00:00 24633]
Wireless-G Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe [2006-08-08 20:06:55 4317184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
"{D468BCE5-D18E-49A4-8EA7-34BD583659D5}"= C:\PROGRA~1\SpyZooka\spyguard.dll [2005-05-08 00:25 173568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJAsRIC]

R3 odysseyIM3;Odyssey Network Services Miniport;C:\Windows\System32\DRIVERS\odysseyIM3.sys [2003-06-26 14:45]
S2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-07-29 13:41]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;C:\Windows\System32\DRIVERS\netusbxp.sys [2002-02-19 14:34]

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Contents of the 'Scheduled Tasks' folder
"2006-05-05 22:28:40 C:\Windows\Tasks\Registration reminder 1.job"
- C:\Windows\System32\OOBE\oobebaln.exe
"2006-05-05 22:28:40 C:\Windows\Tasks\Registration reminder 2.job"
- C:\Windows\System32\OOBE\oobebaln.exe
"2006-05-05 22:28:42 C:\Windows\Tasks\Registration reminder 3.job"
- C:\Windows\System32\OOBE\oobebaln.exe
"2008-04-10 03:04:04 C:\Windows\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-04-01 18:16:45 C:\Windows\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 23:04:52
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\SpyZooka\spyzooka.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-04-09 23:11:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-10 03:10:46
Pre-Run: 19,348,279,296 bytes free
Post-Run: 19,396,403,200 bytes free
  • 0

#4
Lusitano

Lusitano

    Trusted Helper

  • Retired Staff
  • 508 posts
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System


Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.
  • 0

#5
Lusitano

Lusitano

    Trusted Helper

  • Retired Staff
  • 508 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP