Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

i keep removing trojans.vundoo and maleware.trace and they keep coming

Started by jonyboy5 , Jun 28 2008 09:52 AM

  • This topic is locked This topic is locked

#1
jonyboy5
Posted 28 June 2008 - 09:52 AM

jonyboy5

    Member

  • Member
  • PipPip
  • 15 posts
hi , i 've been having some problems with my computer. i dont know what i did but now i have tons of trojan.vundos . no matter how many i delete i still get popups. i have malewarebytes and vundofix, i scaned with vundo once and it picked up 3 vundos. the first time is scaned with malewarebytes it picked up 6 vundos and the second and third time it picked up . i deled them all and restarted my computer, i still dont know hwo to remove them here is my hijack log.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:32 AM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\distnoted.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page

= http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page

= http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [b0f4aed5] rundll32.exe

"C:\WINDOWS\system32\mrdadtun.dll",b
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program

Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program

Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE"

C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d

locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting]

"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting]

"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User

'Default user')
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows

Genuine Advantage Validation Tool) -

http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System

Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX

Control) -

http://www.trendsecu...S/activex/TmHcm

sX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro

ActiveX Scan Agent 6.6) -

http://housecall65.t...t/html/native/x

86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec

AntiVirus scanner) -

http://security.syma.../vc/bin/AvSniff.

cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter

Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -

http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData

Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl

Class) -

http://update.micros...ntrols/en/x86/c

lient/wuweb_site.cab?1154398655451
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec

RuFSI Utility Class) -

http://security.syma...common/bin/cabs

a.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System

Requirements Lab) -

http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher

Control) - http://www.acclaim.c.../acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl

Class) -

http://update.micros...Controls/en/x86

/client/muweb_site.cab?1154398700888
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart

Scan) -

http://www.nvidia.co...ce/NvidiaSmartS

can.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM

Document 4.0) -

http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD}

(TSEasyInstallX Control) -

http://www.trendsecu...en-US/TSEasyIns

tallX.CAB
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} -

http://gamedownload..../hgstart/HGPlug

in9USA.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft -

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program

Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative

Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe

Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google -

C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner -

C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner -

C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental)

(rpcapd) - CACE Technologies - C:\Program

Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation

- C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8926 bytes
  • 0

Advertisements

#2
fenzodahl512
Posted 29 June 2008 - 03:22 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo...


Please open Notepad and go to Format and then untick Word Wrap



Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Regards
fenzodahl512
  • 0

#3
jonyboy5
Posted 29 June 2008 - 08:56 AM

jonyboy5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
THANK YOU!!!! @# SO MUCH




Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-29 07:43:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
101: 2008-06-29 14:43:55 UTC - RP842 - Deckard's System Scanner Restore Point
100: 2008-06-29 14:24:24 UTC - RP841 - Last known good configuration
99: 2008-06-29 14:24:17 UTC - RP840 - Last known good configuration
98: 2008-06-29 14:24:17 UTC - RP839 - Deckard's System Scanner Restore Point
97: 2008-06-29 14:24:17 UTC - RP838 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-06-29 14:24:08 UTC - RP742 - Removed Windows Defender


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:49:22 AM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: {60c7aa3c-ec83-8bc8-1d64-bc70c13a6507} - {7056a31c-07cb-46d1-8cb8-38cec3aa7c06} - C:\WINDOWS\system32\aigxre.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C1A07880-A5F0-499B-8E04-67B59E880663} - C:\WINDOWS\system32\awtttrqp.dll (file missing)
O2 - BHO: (no name) - {E332147E-F05C-4D26-BA7B-F12D7E3C182D} - C:\WINDOWS\system32\xxyxUmmK.dll
O2 - BHO: (no name) - {EB173FB4-E20A-43B4-8BC0-20D3A4CA48E5} - C:\WINDOWS\system32\opnmNHbx.dll
O2 - BHO: (no name) - {FEB13B7D-9600-4AA3-9C5C-22F568E60399} - C:\WINDOWS\system32\byXPIyAT.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [b0f4aed5] rundll32.exe "C:\WINDOWS\system32\vtilucoj.dll",b
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1154398655451
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154398700888
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload....GPlugin9USA.cab
O20 - Winlogon Notify: opnmNHbx - C:\WINDOWS\SYSTEM32\opnmNHbx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10586 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
R2 Fallback - c:\windows\system32\drivers\fallback.sys <Not Verified; Conexant Systems; SoftK56>
R2 Fsks - c:\windows\system32\drivers\fsksnt.sys <Not Verified; Conexant Systems; SoftK56>
R2 K56 - c:\windows\system32\drivers\k56nt.sys <Not Verified; Conexant Systems; SoftK56>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R2 SoftFax - c:\windows\system32\drivers\faxnt.sys <Not Verified; Conexant Systems; SoftK56>
R2 SpeakerPhone - c:\windows\system32\drivers\spkpnt.sys <Not Verified; Conexant Systems; SoftK56>
R2 Tones - c:\windows\system32\drivers\tonesnt.sys <Not Verified; Conexant Systems; SoftK56>
R2 V124 - c:\windows\system32\drivers\v124nt.sys <Not Verified; Conexant Systems; SoftK56>
R3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\windows\system32\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S2 tmcomm - c:\windows\system32\drivers\tmcomm.sys (file missing)
S3 basic2 - c:\windows\system32\drivers\basic2.sys <Not Verified; Conexant Systems; SoftK56>
S3 bkn50USB (Belkin 54Mbps Wireless USB Network Adapter) - c:\windows\system32\drivers\rt2500usb.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 ISLNDIS5 (ISLNDIS5 Protocol Driver) - c:\program files\microsoft broadband networking\islndis5.sys <Not Verified; Intersil Special Build v1.3; PCAUSA Win32 NDIS Framework (WinDis 32)>
S3 nocashio - c:\windows\system32\drivers\nocashio.sys
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 qnhbumHI - c:\docume~1\owner\locals~1\temp\rar$ex09.594\gozt (file missing)
S3 Rksample - c:\windows\system32\drivers\rksample.sys <Not Verified; Conexant Systems; SoftK56>
S3 RTL8187B (NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver) - c:\windows\system32\drivers\wg111v3.sys (file missing)
S3 XDva072 - c:\windows\system32\xdva072.sys (file missing)
S3 XDva074 - c:\windows\system32\xdva074.sys (file missing)
S3 XDva078 - c:\windows\system32\xdva078.sys (file missing)
S3 XDva081 - c:\windows\system32\xdva081.sys (file missing)
S3 XDva090 - c:\windows\system32\xdva090.sys (file missing)
S3 XDva092 - c:\windows\system32\xdva092.sys (file missing)
S3 XDva093 - c:\windows\system32\xdva093.sys (file missing)
S3 XDva098 - c:\windows\system32\xdva098.sys (file missing)
S3 XDva104 - c:\windows\system32\xdva104.sys (file missing)
S3 XDva115 - c:\windows\system32\xdva115.sys (file missing)
S3 XDva136 - c:\windows\system32\xdva136.sys (file missing)
S3 XDva145 - c:\windows\system32\xdva145.sys (file missing)
S3 XDva152 - c:\windows\system32\xdva152.sys (file missing)
S3 XDva165 - c:\windows\system32\xdva165.sys (file missing)
S3 XDva178 - c:\windows\system32\xdva178.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\HAJOCAP\0000
Manufacturer:
Name:
PNP Device ID: ROOT\HAJOCAP\0000
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-06-28 20:11:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-28 01:20:00 564 --a------ C:\WINDOWS\Tasks\Owner scan and fix.job
2008-06-28 01:00:01 554 --a------ C:\WINDOWS\Tasks\Owner backup.job


-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2008-06-29 07:42:26 471601 --ahs---- C:\WINDOWS\system32\KmmUxyxx.ini2
2008-06-29 07:26:59 84864 --a------ C:\WINDOWS\system32\vtilucoj.dll
2008-06-29 07:25:01 105856 --a------ C:\WINDOWS\system32\aigxre.dll
2008-06-29 07:24:59 105856 --a------ C:\WINDOWS\system32\sxlovrvs.dll
2008-06-29 07:24:55 90544 --a------ C:\WINDOWS\system32\oxsmnowy.dll
2008-06-29 07:23:53 314784 --a------ C:\WINDOWS\system32\xxyxUmmK.dll
2008-06-28 20:56:42 105968 --a------ C:\WINDOWS\system32\etdpsr.dll
2008-06-28 20:56:41 105968 --a------ C:\WINDOWS\system32\vvmaspqh.dll
2008-06-28 20:54:23 90560 --a------ C:\WINDOWS\system32\jnitfkua.dll
2008-06-28 17:30:46 0 d-------- C:\Program Files\Cain
2008-06-28 17:16:57 0 d-------- C:\Program Files\Subversion
2008-06-28 17:16:23 0 d-------- C:\Program Files\SCAR 3.15
2008-06-28 16:48:06 105968 --a------ C:\WINDOWS\system32\rdyiad.dll
2008-06-28 16:48:03 105968 --a------ C:\WINDOWS\system32\ofqamlqp.dll
2008-06-28 16:43:40 90560 --a------ C:\WINDOWS\system32\nigudtlp.dll
2008-06-28 14:49:45 105968 --a------ C:\WINDOWS\system32\qjhjad.dll
2008-06-28 14:49:43 105968 --a------ C:\WINDOWS\system32\mmaswrki.dll
2008-06-28 14:47:31 90560 --a------ C:\WINDOWS\system32\waroecqu.dll
2008-06-28 14:46:41 473481 --ahs---- C:\WINDOWS\system32\TAyIPXyb.ini2
2008-06-28 09:49:04 105968 --a------ C:\WINDOWS\system32\iwmfvn.dll
2008-06-28 09:49:03 105968 --a------ C:\WINDOWS\system32\bvdevqri.dll
2008-06-28 09:48:57 90560 --a------ C:\WINDOWS\system32\nufflpbk.dll
2008-06-28 08:38:14 3872 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-28 08:38:14 435488 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-27 22:21:19 0 d-------- C:\Program Files\RKCutterBanker
2008-06-27 21:39:40 105904 --a------ C:\WINDOWS\system32\cbjbub.dll
2008-06-27 21:39:39 105904 --a------ C:\WINDOWS\system32\lwyabmwr.dll
2008-06-27 21:37:47 90528 --a------ C:\WINDOWS\system32\soicypgn.dll
2008-06-27 20:53:41 0 d-------- C:\VundoFix Backups
2008-06-27 20:06:00 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-27 20:06:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-27 20:04:24 0 d-------- C:\KAV
2008-06-27 20:00:26 105904 --a------ C:\WINDOWS\system32\pmgazo.dll
2008-06-27 20:00:24 105904 --a------ C:\WINDOWS\system32\mhaidhwa.dll
2008-06-27 19:55:17 90528 --a------ C:\WINDOWS\system32\cuusoqho.dll
2008-06-27 18:29:57 105904 --a------ C:\WINDOWS\system32\eefqkb.dll
2008-06-27 18:29:55 105904 --a------ C:\WINDOWS\system32\tvoyntas.dll
2008-06-27 18:29:24 90528 --a------ C:\WINDOWS\system32\aawltohs.dll
2008-06-27 16:51:21 105904 --a------ C:\WINDOWS\system32\cyvhbv.dll
2008-06-27 16:51:20 105904 --a------ C:\WINDOWS\system32\aacjnsfr.dll
2008-06-27 16:51:18 90528 --a------ C:\WINDOWS\system32\rqmqfoyq.dll
2008-06-27 15:14:06 105904 --a------ C:\WINDOWS\system32\qfaopx.dll
2008-06-27 15:14:04 105904 --a------ C:\WINDOWS\system32\rxlvulke.dll
2008-06-27 15:14:01 90528 --a------ C:\WINDOWS\system32\uuyvbcqq.dll
2008-06-27 14:04:48 105904 --a------ C:\WINDOWS\system32\vegpoo.dll
2008-06-27 14:04:47 105904 --a------ C:\WINDOWS\system32\uqnjrdjw.dll
2008-06-27 14:04:43 90528 --a------ C:\WINDOWS\system32\aiqiclpb.dll
2008-06-27 13:58:09 25520 --a------ C:\WINDOWS\system32\opnmNHbx.dll
2008-06-27 07:39:13 0 d-------- C:\Program Files\America's Army
2008-06-23 00:44:23 0 d-------- C:\Program Files\NCSoft
2008-06-23 00:42:06 0 d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2008-06-21 11:30:53 0 d-------- C:\Program Files\Game Cam V2
2008-06-19 15:05:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Ventrilo
2008-06-19 15:02:50 0 d-------- C:\Program Files\Ventrilo
2008-06-19 14:20:40 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 16:26:45 0 d-------- C:\WINDOWS\pss
2008-06-14 17:19:22 651264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-06-14 17:19:21 147456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-06-14 17:19:21 17149 --a------ C:\WINDOWS\system32\DNINDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-06-14 17:19:21 94208 --a------ C:\WINDOWS\system32\DNIN50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-06-14 17:19:05 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-06-09 17:23:11 0 d-------- C:\Program Files\vgif
2008-06-09 03:06:08 0 d-------- C:\Program Files\MSXML 4.0


-- Find3M Report ---------------------------------------------------------------

2008-06-29 07:49:00 0 d-------- C:\Documents and Settings\Owner\Application Data\DNA
2008-06-23 00:44:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-19 19:46:53 0 d--h----- C:\Documents and Settings\Owner\Application Data\ijjigame
2008-06-19 14:20:40 0 d-------- C:\Program Files\Common Files
2008-06-18 22:05:51 0 d-------- C:\Program Files\Softnyx
2008-06-14 21:54:14 0 d-------- C:\Program Files\Project64 1.6
2008-06-14 17:19:17 0 d-------- C:\Program Files\NETGEAR
2008-06-08 08:29:01 0 d-------- C:\Program Files\Microsoft Broadband Networking
2008-05-22 19:01:01 0 d-------- C:\Program Files\Wolfenstein - Enemy Territory
2008-05-22 17:02:04 0 d-------- C:\Program Files\MSBuild
2008-05-22 17:01:45 0 d-------- C:\Program Files\Reference Assemblies
2008-05-22 17:00:20 0 d-------- C:\Program Files\MSXML 6.0
2008-05-19 06:51:52 0 d-------- C:\Program Files\TheReleaser
2008-05-17 13:59:12 0 d-------- C:\Program Files\vixy.net
2008-05-10 07:33:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Cool Record Edit Deluxe
2008-05-07 18:04:45 0 d-------- C:\Program Files\Fake Voice
2008-05-07 18:04:03 0 d-------- C:\Program Files\Personal Voice Changer Driver
2008-05-07 17:56:35 0 d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2008-05-06 16:19:39 0 d-------- C:\Documents and Settings\Owner\Application Data\Screaming Bee
2008-05-06 16:16:37 0 d-------- C:\Program Files\Common Files\Screaming Bee
2008-05-05 07:00:19 0 d-------- C:\Documents and Settings\Owner\Application Data\IGN_DLM
2008-05-05 07:00:11 0 d-------- C:\Program Files\DivX
2008-05-01 06:59:32 0 d-------- C:\Program Files\Apple Software Update
2008-04-30 17:13:13 0 d-------- C:\Program Files\Exact Audio Copy
2008-04-30 17:13:09 0 d-------- C:\Documents and Settings\Owner\Application Data\AccurateRip
2008-04-29 22:17:32 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-04-29 18:53:47 0 d-------- C:\Program Files\Xilisoft
2008-04-20 15:47:37 1 --a------ C:\WINDOWS\system32\medsrv32.dll
2008-04-20 15:27:17 114688 --a------ C:\WINDOWS\system32\liclock.dll
2008-04-09 17:31:49 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
  • 0

#4
fenzodahl512
Posted 29 June 2008 - 09:46 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello jonyboy5, actually, you have loads of Vundos..


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.



Regards
fenzodahl512
  • 0

#5
jonyboy5
Posted 29 June 2008 - 10:21 AM

jonyboy5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
i went to that c:combofix.text thing, but it sait it could not be found.... so i went to the folder and found conbofix.txt no sure if its rigt but here

ComboFix 08-06-20.4 - Owner 2008-06-29 9:05:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.206 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.



my new Hijackthis log is



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:15, on 2008-06-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: {60c7aa3c-ec83-8bc8-1d64-bc70c13a6507} - {7056a31c-07cb-46d1-8cb8-38cec3aa7c06} - C:\WINDOWS\system32\aigxre.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C1A07880-A5F0-499B-8E04-67B59E880663} - C:\WINDOWS\system32\awtttrqp.dll (file missing)
O2 - BHO: (no name) - {EB173FB4-E20A-43B4-8BC0-20D3A4CA48E5} - C:\WINDOWS\system32\opnmNHbx.dll
O2 - BHO: (no name) - {FEB13B7D-9600-4AA3-9C5C-22F568E60399} - C:\WINDOWS\system32\byXPIyAT.dll (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [b0f4aed5] rundll32.exe "C:\WINDOWS\system32\vtilucoj.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1154398655451
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154398700888
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload....GPlugin9USA.cab
O20 - Winlogon Notify: opnmNHbx - C:\WINDOWS\SYSTEM32\opnmNHbx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9818 bytes



thanks agian
  • 0

#6
fenzodahl512
Posted 29 June 2008 - 10:27 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please run ComboFix again and post the log here.. I'll need to see the log please..
  • 0

#7
jonyboy5
Posted 29 June 2008 - 11:03 AM

jonyboy5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
sorry , i dont know what happend last time but heere is my combofix log


ComboFix 08-06-20.4 - Owner 2008-06-29 9:38:58.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\khfGyaAs.dll
C:\WINDOWS\system32\ndaaidil.ini
C:\WINDOWS\system32\sAayGfhk.ini
C:\WINDOWS\system32\sAayGfhk.ini2
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\install.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\msvrc20.dll
C:\WINDOWS\system32\cgofvraf.ini
C:\WINDOWS\system32\joculitv.ini
C:\WINDOWS\system32\KmmUxyxx.ini
C:\WINDOWS\system32\KmmUxyxx.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\medsrv32.dll
C:\WINDOWS\system32\TAyIPXyb.ini
C:\WINDOWS\system32\TAyIPXyb.ini2
C:\WINDOWS\system32\xxyxUmmK.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-29 09:49 . 2008-06-29 09:49 294 ---hs---- C:\WINDOWS\system32\ndaaidil.ini
2008-06-29 09:20 . 2008-06-29 09:20 105,856 --a------ C:\WINDOWS\system32\olqiprgp.dll
2008-06-29 09:20 . 2008-06-29 09:20 105,856 --a------ C:\WINDOWS\system32\iakibt.dll
2008-06-29 09:20 . 2008-06-29 09:20 90,544 --a------ C:\WINDOWS\system32\aolcnmbh.dll
2008-06-29 09:20 . 2008-06-29 09:20 84,864 --a------ C:\WINDOWS\system32\lidiaadn.dll
2008-06-29 07:25 . 2008-06-29 07:25 105,856 --a------ C:\WINDOWS\system32\aigxre.dll
2008-06-29 07:24 . 2008-06-29 07:25 105,856 --a------ C:\WINDOWS\system32\sxlovrvs.dll
2008-06-29 07:24 . 2008-06-29 07:24 90,544 --a------ C:\WINDOWS\system32\oxsmnowy.dll
2008-06-28 20:56 . 2008-06-28 20:56 105,968 --a------ C:\WINDOWS\system32\vvmaspqh.dll
2008-06-28 20:56 . 2008-06-28 20:56 105,968 --a------ C:\WINDOWS\system32\etdpsr.dll
2008-06-28 20:54 . 2008-06-28 20:54 90,560 --a------ C:\WINDOWS\system32\jnitfkua.dll
2008-06-28 17:30 . 2008-06-28 17:31 <DIR> d-------- C:\Program Files\Cain
2008-06-28 17:16 . 2008-06-28 17:17 <DIR> d-------- C:\Program Files\Subversion
2008-06-28 17:16 . 2008-06-28 17:16 <DIR> d-------- C:\Program Files\SCAR 3.15
2008-06-28 16:48 . 2008-06-28 16:48 105,968 --a------ C:\WINDOWS\system32\rdyiad.dll
2008-06-28 16:48 . 2008-06-28 16:48 105,968 --a------ C:\WINDOWS\system32\ofqamlqp.dll
2008-06-28 16:43 . 2008-06-28 16:43 90,560 --a------ C:\WINDOWS\system32\nigudtlp.dll
2008-06-28 15:59 . 2008-06-28 15:59 <DIR> d-------- C:\Deckard
2008-06-28 14:49 . 2008-06-28 14:49 105,968 --a------ C:\WINDOWS\system32\qjhjad.dll
2008-06-28 14:49 . 2008-06-28 14:49 105,968 --a------ C:\WINDOWS\system32\mmaswrki.dll
2008-06-28 14:47 . 2008-06-28 14:47 90,560 --a------ C:\WINDOWS\system32\waroecqu.dll
2008-06-28 09:49 . 2008-06-28 09:49 105,968 --a------ C:\WINDOWS\system32\iwmfvn.dll
2008-06-28 09:49 . 2008-06-28 09:49 105,968 --a------ C:\WINDOWS\system32\bvdevqri.dll
2008-06-28 09:48 . 2008-06-28 09:48 90,560 --a------ C:\WINDOWS\system32\nufflpbk.dll
2008-06-28 08:38 . 2008-06-28 09:40 435,488 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-28 08:38 . 2008-06-28 09:40 6,908 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-28 08:38 . 2008-06-28 09:40 3,872 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-28 08:38 . 2008-06-28 09:40 1,436 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-27 22:21 . 2008-06-27 22:21 <DIR> d-------- C:\Program Files\RKCutterBanker
2008-06-27 21:39 . 2008-06-27 21:39 105,904 --a------ C:\WINDOWS\system32\lwyabmwr.dll
2008-06-27 21:39 . 2008-06-27 21:39 105,904 --a------ C:\WINDOWS\system32\cbjbub.dll
2008-06-27 21:37 . 2008-06-27 21:37 90,528 --a------ C:\WINDOWS\system32\soicypgn.dll
2008-06-27 20:53 . 2008-06-29 07:17 <DIR> d-------- C:\VundoFix Backups
2008-06-27 20:06 . 2008-06-27 20:06 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-27 20:06 . 2008-06-27 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-27 20:04 . 2008-06-27 20:04 <DIR> d-------- C:\KAV
2008-06-27 20:00 . 2008-06-27 20:00 105,904 --a------ C:\WINDOWS\system32\pmgazo.dll
2008-06-27 20:00 . 2008-06-27 20:00 105,904 --a------ C:\WINDOWS\system32\mhaidhwa.dll
2008-06-27 19:55 . 2008-06-27 19:55 90,528 --a------ C:\WINDOWS\system32\cuusoqho.dll
2008-06-27 18:29 . 2008-06-27 18:29 105,904 --a------ C:\WINDOWS\system32\tvoyntas.dll
2008-06-27 18:29 . 2008-06-27 18:29 105,904 --a------ C:\WINDOWS\system32\eefqkb.dll
2008-06-27 18:29 . 2008-06-27 18:29 90,528 --a------ C:\WINDOWS\system32\aawltohs.dll
2008-06-27 16:51 . 2008-06-27 16:51 105,904 --a------ C:\WINDOWS\system32\cyvhbv.dll
2008-06-27 16:51 . 2008-06-27 16:51 105,904 --a------ C:\WINDOWS\system32\aacjnsfr.dll
2008-06-27 16:51 . 2008-06-27 16:51 90,528 --a------ C:\WINDOWS\system32\rqmqfoyq.dll
2008-06-27 15:14 . 2008-06-27 15:14 105,904 --a------ C:\WINDOWS\system32\rxlvulke.dll
2008-06-27 15:14 . 2008-06-27 15:14 105,904 --a------ C:\WINDOWS\system32\qfaopx.dll
2008-06-27 15:14 . 2008-06-27 15:14 90,528 --a------ C:\WINDOWS\system32\uuyvbcqq.dll
2008-06-27 14:04 . 2008-06-27 14:04 105,904 --a------ C:\WINDOWS\system32\vegpoo.dll
2008-06-27 14:04 . 2008-06-27 14:04 105,904 --a------ C:\WINDOWS\system32\uqnjrdjw.dll
2008-06-27 14:04 . 2008-06-27 14:04 90,528 --a------ C:\WINDOWS\system32\aiqiclpb.dll
2008-06-27 13:58 . 2008-06-27 13:58 25,520 --a------ C:\WINDOWS\system32\opnmNHbx.dll
2008-06-27 07:39 . 2008-06-27 09:38 <DIR> d-------- C:\Program Files\America's Army
2008-06-23 00:44 . 2008-06-27 09:33 <DIR> d-------- C:\Program Files\NCSoft
2008-06-23 00:42 . 2008-06-23 00:42 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2008-06-21 11:30 . 2008-06-21 11:31 <DIR> d-------- C:\Program Files\Game Cam V2
2008-06-19 15:05 . 2008-06-19 15:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Ventrilo
2008-06-19 15:02 . 2008-06-19 15:02 <DIR> d-------- C:\Program Files\Ventrilo
2008-06-19 14:20 . 2008-06-19 14:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-14 17:19 . 2008-06-14 17:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-06-14 17:19 . 2004-04-18 16:43 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-06-14 17:19 . 2005-09-26 16:02 362,944 --a------ C:\WINDOWS\system32\drivers\WPN111.sys
2008-06-14 17:19 . 2005-07-27 21:15 149,392 --a------ C:\WINDOWS\system32\drivers\ar5523.bin
2008-06-14 17:19 . 2004-04-18 16:43 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-06-14 17:19 . 2003-07-24 12:10 94,208 --a------ C:\WINDOWS\system32\DNIN50.dll
2008-06-14 17:19 . 2003-07-24 12:10 17,149 --a------ C:\WINDOWS\system32\DNINDIS5.sys
2008-06-11 01:40 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 17:23 . 2008-06-09 17:24 <DIR> d-------- C:\Program Files\vgif
2008-06-09 03:06 . 2008-06-09 03:06 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 16:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\DNA
2008-06-28 03:36 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-27 16:27 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-23 07:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 02:46 --------- d--h--w C:\Documents and Settings\Owner\Application Data\ijjigame
2008-06-19 05:05 --------- d-----w C:\Program Files\Softnyx
2008-06-15 04:54 --------- d-----w C:\Program Files\Project64 1.6
2008-06-15 04:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-15 00:19 --------- d-----w C:\Program Files\NETGEAR
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 15:29 --------- d-----w C:\Program Files\Microsoft Broadband Networking
2008-05-23 02:01 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-05-23 00:02 --------- d-----w C:\Program Files\MSBuild
2008-05-23 00:01 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-23 00:00 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-19 13:51 --------- d-----w C:\Program Files\TheReleaser
2008-05-17 23:59 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys
2008-05-17 20:59 --------- d-----w C:\Program Files\vixy.net
2008-05-10 14:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\Cool Record Edit Deluxe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 01:04 --------- d-----w C:\Program Files\Personal Voice Changer Driver
2008-05-08 01:04 --------- d-----w C:\Program Files\Fake Voice
2008-05-08 00:56 --------- d-----w C:\Program Files\AV Vcs 6.0 DIAMOND
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 23:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Screaming Bee
2008-05-06 23:16 --------- d-----w C:\Program Files\Common Files\Screaming Bee
2008-05-05 14:00 --------- d-----w C:\Program Files\DivX
2008-05-05 14:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\IGN_DLM
2008-05-01 13:59 --------- d-----w C:\Program Files\Apple Software Update
2008-05-01 00:57 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-01 00:13 --------- d-----w C:\Program Files\Exact Audio Copy
2008-05-01 00:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\AccurateRip
2008-04-30 05:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\DivX
2008-04-30 01:53 --------- d-----w C:\Program Files\Xilisoft
2008-04-29 14:24 4,096 ----a-w C:\WINDOWS\system32\drivers\nocashio.sys
2008-04-28 13:56 --------- d-----w C:\Program Files\Cheat Engine
2008-04-26 20:42 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-20 22:27 114,688 ----a-w C:\WINDOWS\system32\liclock.dll
2008-04-10 00:31 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-10 22:40 1,206,366 ----a-w C:\Program Files\wrar371.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38ebe8fa-5a42-49f1-b4f0-d554df5b25eb}]
2008-06-29 09:20 105856 --a------ C:\WINDOWS\system32\iakibt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1A07880-A5F0-499B-8E04-67B59E880663}]
C:\WINDOWS\system32\awtttrqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB173FB4-E20A-43B4-8BC0-20D3A4CA48E5}]
2008-06-27 13:58 25520 --a------ C:\WINDOWS\system32\opnmNHbx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FEB13B7D-9600-4AA3-9C5C-22F568E60399}]
C:\WINDOWS\system32\byXPIyAT.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-07 15:46 289088]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-10-06 14:16 49152]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 09:15 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16 5058560]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"b0f4aed5"="C:\WINDOWS\system32\lidiaadn.dll" [2008-06-29 09:20 84864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe [2006-08-18 17:45:58 25214]
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [2008-06-14 17:19:19 884838]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EB173FB4-E20A-43B4-8BC0-20D3A4CA48E5}"= C:\WINDOWS\system32\opnmNHbx.dll [2008-06-27 13:58 25520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmNHbx]
opnmNHbx.dll 2008-06-27 13:58 25520 C:\WINDOWS\system32\opnmNHbx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.CSCD"= camcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 09:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboot]
C:\WINDOWS\Temp\RecoverFromReboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-06 13:46 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Softnyx\\WolfTeam\\Wolfteam.bin"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56872:TCP"= 56872:TCP:Pando P2P TCP Listening Port
"56872:UDP"= 56872:UDP:Pando P2P UDP Listening Port

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 16:20]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-05-17 16:59]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 16:16]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
R3 ISLNDIS5;ISLNDIS5 Protocol Driver;C:\PROGRA~1\MICROS~4\ISLNDIS5.SYS [2004-07-19 16:07]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2007-12-19 02:09]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 16:02]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-16 11:14]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-21 13:55]
S3 qnhbumHI;qnhbumHI;C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX09.594\GOZT []
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys []
S3 XDva072;XDva072;C:\WINDOWS\system32\XDva072.sys []
S3 XDva074;XDva074;C:\WINDOWS\system32\XDva074.sys []
S3 XDva078;XDva078;C:\WINDOWS\system32\XDva078.sys []
S3 XDva081;XDva081;C:\WINDOWS\system32\XDva081.sys []
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []
S3 XDva092;XDva092;C:\WINDOWS\system32\XDva092.sys []
S3 XDva093;XDva093;C:\WINDOWS\system32\XDva093.sys []
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []
S3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys []
S3 XDva115;XDva115;C:\WINDOWS\system32\XDva115.sys []
S3 XDva136;XDva136;C:\WINDOWS\system32\XDva136.sys []
S3 XDva145;XDva145;C:\WINDOWS\system32\XDva145.sys []
S3 XDva152;XDva152;C:\WINDOWS\system32\XDva152.sys []
S3 XDva165;XDva165;C:\WINDOWS\system32\XDva165.sys []
S3 XDva178;XDva178;C:\WINDOWS\system32\XDva178.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-06-29 03:11:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-28 08:00:01 C:\WINDOWS\Tasks\Owner backup.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
"2008-06-28 08:20:00 C:\WINDOWS\Tasks\Owner scan and fix.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 09:48:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\ndaaidil.ini 294 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qnhbumHI]
"ImagePath"="\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX09.594\GOZT"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\opnmNHbx.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\lidiaadn.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-06-29 10:00:53 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-06-29 17:00:23

Pre-Run: 31,265,722,368 bytes free
Post-Run: 31,260,229,632 bytes free

308 --- E O F --- 2008-06-28 22:40:07
  • 0

#8
fenzodahl512
Posted 29 June 2008 - 11:34 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts

Looking at your system now, one or more of the identified infections is backdoor Trojan and Keylogger. If this computer is ever used for on-line banking, I suggest you do the following IMMEDIATELY:

  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.
Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. Please refrain from using this computer for online-banking/financial purpose until we give it all clear




You have loads of infections mate.. Tell me, do you use any Keylogger? If yes, then what kind/type of keylogger?



Please disable these programs prior to our fix.. Re-enable them back after performing all steps given..

1. Lavasoft Ad-Aware
2. Avast! Antivirus

Please visit HERE if you don't know how..








Installing Recovery Console:

It appears your computer has no Recovery Console installed. We need to install Recovery Console first before proceed to our next fix. Please do the following..

Please go to Microsoft's website => HERE
Select the download that's appropriate for your Operating System.


Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

After successfully install Recovery Console, a pop-on will appear asking to run ComboFix, please select NO.




NEXT



1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
qnhbumHI

File::
C:\WINDOWS\system32\ndaaidil.ini
C:\WINDOWS\system32\olqiprgp.dll
C:\WINDOWS\system32\iakibt.dll
C:\WINDOWS\system32\aolcnmbh.dll
C:\WINDOWS\system32\lidiaadn.dll
C:\WINDOWS\system32\aigxre.dll
C:\WINDOWS\system32\sxlovrvs.dll
C:\WINDOWS\system32\oxsmnowy.dll
C:\WINDOWS\system32\vvmaspqh.dll
C:\WINDOWS\system32\etdpsr.dll
C:\WINDOWS\system32\jnitfkua.dll
C:\WINDOWS\system32\rdyiad.dll
C:\WINDOWS\system32\ofqamlqp.dll
C:\WINDOWS\system32\nigudtlp.dll
C:\WINDOWS\system32\qjhjad.dll
C:\WINDOWS\system32\mmaswrki.dll
C:\WINDOWS\system32\waroecqu.dll
C:\WINDOWS\system32\iwmfvn.dll
C:\WINDOWS\system32\bvdevqri.dll
C:\WINDOWS\system32\nufflpbk.dll
C:\WINDOWS\system32\lwyabmwr.dll
C:\WINDOWS\system32\cbjbub.dll
C:\WINDOWS\system32\soicypgn.dll
C:\WINDOWS\system32\pmgazo.dll
C:\WINDOWS\system32\mhaidhwa.dll
C:\WINDOWS\system32\cuusoqho.dll
C:\WINDOWS\system32\tvoyntas.dll
C:\WINDOWS\system32\eefqkb.dll
C:\WINDOWS\system32\aawltohs.dll
C:\WINDOWS\system32\cyvhbv.dll
C:\WINDOWS\system32\aacjnsfr.dll
C:\WINDOWS\system32\rqmqfoyq.dll
C:\WINDOWS\system32\rxlvulke.dll
C:\WINDOWS\system32\qfaopx.dll
C:\WINDOWS\system32\uuyvbcqq.dll
C:\WINDOWS\system32\vegpoo.dll
C:\WINDOWS\system32\uqnjrdjw.dll
C:\WINDOWS\system32\aiqiclpb.dll
C:\WINDOWS\system32\opnmNHbx.dll
C:\WINDOWS\system32\awtttrqp.dll
C:\WINDOWS\system32\byXPIyAT.dll
C:\WINDOWS\system32\vtilucoj.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38ebe8fa-5a42-49f1-b4f0-d554df5b25eb}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1A07880-A5F0-499B-8E04-67B59E880663}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB173FB4-E20A-43B4-8BC0-20D3A4CA48E5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FEB13B7D-9600-4AA3-9C5C-22F568E60399}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"b0f4aed5"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EB173FB4-E20A-43B4-8BC0-20D3A4CA48E5}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmNHbx]

3. Save the above as CFScript.txt in your Desktop.

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log
  • Tell me about Keylogger.


Now, re-enable back those security program that been disabled before...


Regards
fenzodahl512
  • 0

#9
jonyboy5
Posted 29 June 2008 - 12:19 PM

jonyboy5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
sorry, but im not sure what thing to download on microsoft page wen i click and drag the microsoft sp2 it says run or ancel- i click run and it starts combo fix automaticaly and i dont make keyloggers if thats what yourasking
  • 0

#10
jonyboy5
Posted 29 June 2008 - 12:25 PM

jonyboy5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ok i draged microsoft sp1 and all of a sudden combo fix started, and iw aited a little then the licence agrement came up i clicked no now the combofix icon isnt on my desktop
  • 0

Advertisements

#11
jonyboy5
Posted 29 June 2008 - 01:31 PM

jonyboy5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
here my combofix

ComboFix 08-06-20.4 - Owner 2008-06-29 11:59:15.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.217 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\aacjnsfr.dll
C:\WINDOWS\system32\aawltohs.dll
C:\WINDOWS\system32\aigxre.dll
C:\WINDOWS\system32\aiqiclpb.dll
C:\WINDOWS\system32\aolcnmbh.dll
C:\WINDOWS\system32\awtttrqp.dll
C:\WINDOWS\system32\bvdevqri.dll
C:\WINDOWS\system32\byXPIyAT.dll
C:\WINDOWS\system32\cbjbub.dll
C:\WINDOWS\system32\cuusoqho.dll
C:\WINDOWS\system32\cyvhbv.dll
C:\WINDOWS\system32\eefqkb.dll
C:\WINDOWS\system32\etdpsr.dll
C:\WINDOWS\system32\iakibt.dll
C:\WINDOWS\system32\iwmfvn.dll
C:\WINDOWS\system32\jnitfkua.dll
C:\WINDOWS\system32\lidiaadn.dll
C:\WINDOWS\system32\lwyabmwr.dll
C:\WINDOWS\system32\mhaidhwa.dll
C:\WINDOWS\system32\mmaswrki.dll
C:\WINDOWS\system32\ndaaidil.ini
C:\WINDOWS\system32\nigudtlp.dll
C:\WINDOWS\system32\nufflpbk.dll
C:\WINDOWS\system32\ofqamlqp.dll
C:\WINDOWS\system32\olqiprgp.dll
C:\WINDOWS\system32\opnmNHbx.dll
C:\WINDOWS\system32\oxsmnowy.dll
C:\WINDOWS\system32\pmgazo.dll
C:\WINDOWS\system32\qfaopx.dll
C:\WINDOWS\system32\qjhjad.dll
C:\WINDOWS\system32\rdyiad.dll
C:\WINDOWS\system32\rqmqfoyq.dll
C:\WINDOWS\system32\rxlvulke.dll
C:\WINDOWS\system32\soicypgn.dll
C:\WINDOWS\system32\sxlovrvs.dll
C:\WINDOWS\system32\tvoyntas.dll
C:\WINDOWS\system32\uqnjrdjw.dll
C:\WINDOWS\system32\uuyvbcqq.dll
C:\WINDOWS\system32\vegpoo.dll
C:\WINDOWS\system32\vtilucoj.dll
C:\WINDOWS\system32\vvmaspqh.dll
C:\WINDOWS\system32\waroecqu.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\aacjnsfr.dll
C:\WINDOWS\system32\aawltohs.dll
C:\WINDOWS\system32\aigxre.dll
C:\WINDOWS\system32\aiqiclpb.dll
C:\WINDOWS\system32\aolcnmbh.dll
C:\WINDOWS\system32\bvdevqri.dll
C:\WINDOWS\system32\cbjbub.dll
C:\WINDOWS\system32\cuusoqho.dll
C:\WINDOWS\system32\cyvhbv.dll
C:\WINDOWS\system32\ddcYrQih.dll
C:\WINDOWS\system32\eefqkb.dll
C:\WINDOWS\system32\etdpsr.dll
C:\WINDOWS\system32\hiQrYcdd.ini
C:\WINDOWS\system32\hiQrYcdd.ini2
C:\WINDOWS\system32\iakibt.dll
C:\WINDOWS\system32\iwmfvn.dll
C:\WINDOWS\system32\jnitfkua.dll
C:\WINDOWS\system32\lidiaadn.dll
C:\WINDOWS\system32\lwyabmwr.dll
C:\WINDOWS\system32\mhaidhwa.dll
C:\WINDOWS\system32\mmaswrki.dll
C:\WINDOWS\system32\ndaaidil.ini
C:\WINDOWS\system32\nigudtlp.dll
C:\WINDOWS\system32\nufflpbk.dll
C:\WINDOWS\system32\ofqamlqp.dll
C:\WINDOWS\system32\olqiprgp.dll
C:\WINDOWS\system32\opnmNHbx.dll
C:\WINDOWS\system32\oxsmnowy.dll
C:\WINDOWS\system32\pmgazo.dll
C:\WINDOWS\system32\pmvqvfft.ini
C:\WINDOWS\system32\qfaopx.dll
C:\WINDOWS\system32\qjhjad.dll
C:\WINDOWS\system32\rdyiad.dll
C:\WINDOWS\system32\rqmqfoyq.dll
C:\WINDOWS\system32\rxlvulke.dll
C:\WINDOWS\system32\soicypgn.dll
C:\WINDOWS\system32\sxlovrvs.dll
C:\WINDOWS\system32\tvoyntas.dll
C:\WINDOWS\system32\uqnjrdjw.dll
C:\WINDOWS\system32\uuyvbcqq.dll
C:\WINDOWS\system32\vegpoo.dll
C:\WINDOWS\system32\vvmaspqh.dll
C:\WINDOWS\system32\waroecqu.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_QNHBUMHI
-------\Service_qnhbumHI


((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-29 11:04 . 2008-06-29 11:04 105,856 --a------ C:\WINDOWS\system32\hshcibfw.dll
2008-06-29 11:04 . 2008-06-29 11:04 105,856 --a------ C:\WINDOWS\system32\duqpbk.dll
2008-06-29 11:02 . 2008-06-29 11:02 90,544 --a------ C:\WINDOWS\system32\etxrckax.dll
2008-06-29 11:02 . 2008-06-29 11:02 84,864 --a------ C:\WINDOWS\system32\tffvqvmp.dll
2008-06-28 17:30 . 2008-06-28 17:31 <DIR> d-------- C:\Program Files\Cain
2008-06-28 17:16 . 2008-06-28 17:17 <DIR> d-------- C:\Program Files\Subversion
2008-06-28 17:16 . 2008-06-28 17:16 <DIR> d-------- C:\Program Files\SCAR 3.15
2008-06-28 15:59 . 2008-06-28 15:59 <DIR> d-------- C:\Deckard
2008-06-28 08:38 . 2008-06-28 09:40 435,488 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-28 08:38 . 2008-06-28 09:40 6,908 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-28 08:38 . 2008-06-28 09:40 3,872 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-28 08:38 . 2008-06-28 09:40 1,436 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-27 22:21 . 2008-06-27 22:21 <DIR> d-------- C:\Program Files\RKCutterBanker
2008-06-27 20:53 . 2008-06-29 07:17 <DIR> d-------- C:\VundoFix Backups
2008-06-27 20:06 . 2008-06-27 20:06 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-27 20:06 . 2008-06-27 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-27 20:04 . 2008-06-27 20:04 <DIR> d-------- C:\KAV
2008-06-27 07:39 . 2008-06-27 09:38 <DIR> d-------- C:\Program Files\America's Army
2008-06-23 00:44 . 2008-06-27 09:33 <DIR> d-------- C:\Program Files\NCSoft
2008-06-23 00:42 . 2008-06-23 00:42 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2008-06-21 11:30 . 2008-06-21 11:31 <DIR> d-------- C:\Program Files\Game Cam V2
2008-06-19 15:05 . 2008-06-19 15:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Ventrilo
2008-06-19 15:02 . 2008-06-19 15:02 <DIR> d-------- C:\Program Files\Ventrilo
2008-06-19 14:20 . 2008-06-19 14:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-14 17:19 . 2008-06-14 17:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-06-14 17:19 . 2004-04-18 16:43 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-06-14 17:19 . 2005-09-26 16:02 362,944 --a------ C:\WINDOWS\system32\drivers\WPN111.sys
2008-06-14 17:19 . 2005-07-27 21:15 149,392 --a------ C:\WINDOWS\system32\drivers\ar5523.bin
2008-06-14 17:19 . 2004-04-18 16:43 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-06-14 17:19 . 2003-07-24 12:10 94,208 --a------ C:\WINDOWS\system32\DNIN50.dll
2008-06-14 17:19 . 2003-07-24 12:10 17,149 --a------ C:\WINDOWS\system32\DNINDIS5.sys
2008-06-11 01:40 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 17:23 . 2008-06-09 17:24 <DIR> d-------- C:\Program Files\vgif
2008-06-09 03:06 . 2008-06-09 03:06 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 18:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\DNA
2008-06-28 03:36 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-27 16:27 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-23 07:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 02:46 --------- d--h--w C:\Documents and Settings\Owner\Application Data\ijjigame
2008-06-19 05:05 --------- d-----w C:\Program Files\Softnyx
2008-06-15 04:54 --------- d-----w C:\Program Files\Project64 1.6
2008-06-15 04:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-15 00:19 --------- d-----w C:\Program Files\NETGEAR
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 15:29 --------- d-----w C:\Program Files\Microsoft Broadband Networking
2008-05-23 02:01 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-05-23 00:02 --------- d-----w C:\Program Files\MSBuild
2008-05-23 00:01 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-23 00:00 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-19 13:51 --------- d-----w C:\Program Files\TheReleaser
2008-05-17 23:59 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys
2008-05-17 20:59 --------- d-----w C:\Program Files\vixy.net
2008-05-10 14:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\Cool Record Edit Deluxe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 01:04 --------- d-----w C:\Program Files\Personal Voice Changer Driver
2008-05-08 01:04 --------- d-----w C:\Program Files\Fake Voice
2008-05-08 00:56 --------- d-----w C:\Program Files\AV Vcs 6.0 DIAMOND
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 23:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Screaming Bee
2008-05-06 23:16 --------- d-----w C:\Program Files\Common Files\Screaming Bee
2008-05-05 14:00 --------- d-----w C:\Program Files\DivX
2008-05-05 14:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\IGN_DLM
2008-05-01 13:59 --------- d-----w C:\Program Files\Apple Software Update
2008-05-01 00:57 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-01 00:13 --------- d-----w C:\Program Files\Exact Audio Copy
2008-05-01 00:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\AccurateRip
2008-04-30 05:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\DivX
2008-04-30 01:53 --------- d-----w C:\Program Files\Xilisoft
2008-04-29 14:24 4,096 ----a-w C:\WINDOWS\system32\drivers\nocashio.sys
2008-04-28 13:56 --------- d-----w C:\Program Files\Cheat Engine
2008-04-26 20:42 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-20 22:27 114,688 ----a-w C:\WINDOWS\system32\liclock.dll
2008-04-10 00:31 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-10 22:40 1,206,366 ----a-w C:\Program Files\wrar371.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-29_ 9.59.08.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 16:46:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-29 19:11:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-29 19:11:46 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_14c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d4d5cd6b-6a9e-4db5-819d-1fd9411974df}]
2008-06-29 11:04 105856 --a------ C:\WINDOWS\system32\duqpbk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-07 15:46 289088]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-10-06 14:16 49152]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 09:15 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16 5058560]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe [2006-08-18 17:45:58 25214]
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [2008-06-14 17:19:19 884838]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.CSCD"= camcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 09:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboot]
C:\WINDOWS\Temp\RecoverFromReboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-06 13:46 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Softnyx\\WolfTeam\\Wolfteam.bin"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56872:TCP"= 56872:TCP:Pando P2P TCP Listening Port
"56872:UDP"= 56872:UDP:Pando P2P UDP Listening Port

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 16:20]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-05-17 16:59]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 16:16]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2007-12-19 02:09]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 16:02]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-16 11:14]
S3 ISLNDIS5;ISLNDIS5 Protocol Driver;C:\PROGRA~1\MICROS~4\ISLNDIS5.SYS [2004-07-19 16:07]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-21 13:55]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys []
S3 XDva072;XDva072;C:\WINDOWS\system32\XDva072.sys []
S3 XDva074;XDva074;C:\WINDOWS\system32\XDva074.sys []
S3 XDva078;XDva078;C:\WINDOWS\system32\XDva078.sys []
S3 XDva081;XDva081;C:\WINDOWS\system32\XDva081.sys []
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []
S3 XDva092;XDva092;C:\WINDOWS\system32\XDva092.sys []
S3 XDva093;XDva093;C:\WINDOWS\system32\XDva093.sys []
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []
S3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys []
S3 XDva115;XDva115;C:\WINDOWS\system32\XDva115.sys []
S3 XDva136;XDva136;C:\WINDOWS\system32\XDva136.sys []
S3 XDva145;XDva145;C:\WINDOWS\system32\XDva145.sys []
S3 XDva152;XDva152;C:\WINDOWS\system32\XDva152.sys []
S3 XDva165;XDva165;C:\WINDOWS\system32\XDva165.sys []
S3 XDva178;XDva178;C:\WINDOWS\system32\XDva178.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-06-29 03:11:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-28 08:00:01 C:\WINDOWS\Tasks\Owner backup.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
"2008-06-28 08:20:00 C:\WINDOWS\Tasks\Owner scan and fix.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 12:12:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-06-29 12:26:13 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-06-29 19:25:01
ComboFix2.txt 2008-06-29 17:00:54

Pre-Run: 31,128,477,696 bytes free
Post-Run: 31,144,153,088 bytes free

323 --- E O F --- 2008-06-28 22:40:07



and my hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:36 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: {fd479114-9df1-d918-5bd4-e9a6b6dc5d4d} - {d4d5cd6b-6a9e-4db5-819d-1fd9411974df} - C:\WINDOWS\system32\duqpbk.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1154398655451
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154398700888
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload....GPlugin9USA.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9222 bytes
  • 0

#12
fenzodahl512
Posted 29 June 2008 - 08:24 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
For some unknown reason, I see you just got some new infections.. First, tell me about this folder/program

C:\Program Files\Cain






1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\WINDOWS\system32\hshcibfw.dll
C:\WINDOWS\system32\duqpbk.dll
C:\WINDOWS\system32\etxrckax.dll
C:\WINDOWS\system32\tffvqvmp.dll
C:\WINDOWS\system32\duqpbk.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d4d5cd6b-6a9e-4db5-819d-1fd9411974df}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the ComboFix log for further review..




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Please post the following logs in your next reply.. Post each log in separate post..

1. ComboFix
2. Malwarebytes'
3. A fresh HijackThis log (after Malwarebytes' step)


Regards
fenzodahl512

Edited by fenzodahl512, 29 June 2008 - 08:24 PM.

  • 0

#13
jonyboy5
Posted 29 June 2008 - 10:13 PM

jonyboy5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
hey man i apreciate everything u've done so far i have less popups now - and cain is some program i recently downloded like yesterday it finds out the passwords for modems, to conect to- but i havnt used it
  • 0

#14
jonyboy5
Posted 29 June 2008 - 10:14 PM

jonyboy5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ComboFix 08-06-20.4 - Owner 2008-06-29 20:20:24.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.286 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\duqpbk.dll
C:\WINDOWS\system32\etxrckax.dll
C:\WINDOWS\system32\hshcibfw.dll
C:\WINDOWS\system32\tffvqvmp.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\duqpbk.dll
C:\WINDOWS\system32\etxrckax.dll
C:\WINDOWS\system32\hshcibfw.dll
C:\WINDOWS\system32\tffvqvmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-28 17:30 . 2008-06-28 17:31 <DIR> d-------- C:\Program Files\Cain
2008-06-28 17:16 . 2008-06-28 17:17 <DIR> d-------- C:\Program Files\Subversion
2008-06-28 17:16 . 2008-06-28 17:16 <DIR> d-------- C:\Program Files\SCAR 3.15
2008-06-28 15:59 . 2008-06-28 15:59 <DIR> d-------- C:\Deckard
2008-06-28 08:38 . 2008-06-28 09:40 435,488 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-28 08:38 . 2008-06-28 09:40 6,908 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-28 08:38 . 2008-06-28 09:40 3,872 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-28 08:38 . 2008-06-28 09:40 1,436 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-27 22:21 . 2008-06-27 22:21 <DIR> d-------- C:\Program Files\RKCutterBanker
2008-06-27 20:53 . 2008-06-29 07:17 <DIR> d-------- C:\VundoFix Backups
2008-06-27 20:06 . 2008-06-27 20:06 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-27 20:06 . 2008-06-27 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-27 20:04 . 2008-06-27 20:04 <DIR> d-------- C:\KAV
2008-06-27 07:39 . 2008-06-27 09:38 <DIR> d-------- C:\Program Files\America's Army
2008-06-23 00:44 . 2008-06-27 09:33 <DIR> d-------- C:\Program Files\NCSoft
2008-06-23 00:42 . 2008-06-23 00:42 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2008-06-21 11:30 . 2008-06-21 11:31 <DIR> d-------- C:\Program Files\Game Cam V2
2008-06-19 15:05 . 2008-06-19 15:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Ventrilo
2008-06-19 15:02 . 2008-06-19 15:02 <DIR> d-------- C:\Program Files\Ventrilo
2008-06-19 14:20 . 2008-06-19 14:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-14 17:19 . 2008-06-14 17:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-06-14 17:19 . 2004-04-18 16:43 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-06-14 17:19 . 2005-09-26 16:02 362,944 --a------ C:\WINDOWS\system32\drivers\WPN111.sys
2008-06-14 17:19 . 2005-07-27 21:15 149,392 --a------ C:\WINDOWS\system32\drivers\ar5523.bin
2008-06-14 17:19 . 2004-04-18 16:43 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-06-14 17:19 . 2003-07-24 12:10 94,208 --a------ C:\WINDOWS\system32\DNIN50.dll
2008-06-14 17:19 . 2003-07-24 12:10 17,149 --a------ C:\WINDOWS\system32\DNINDIS5.sys
2008-06-11 01:40 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 17:23 . 2008-06-09 17:24 <DIR> d-------- C:\Program Files\vgif
2008-06-09 03:06 . 2008-06-09 03:06 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-22 17:02 . 2008-05-22 17:02 <DIR> d-------- C:\Program Files\MSBuild
2008-05-22 17:01 . 2008-05-22 17:01 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-22 17:01 . 2008-05-22 17:01 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-22 17:00 . 2008-05-22 17:00 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-22 17:00 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-05-17 16:59 . 2008-05-17 16:59 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2008-05-17 13:59 . 2008-05-17 13:59 <DIR> d-------- C:\Program Files\vixy.net
2008-05-10 07:19 . 2008-05-10 07:33 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Cool Record Edit Deluxe
2008-05-10 07:17 . 2002-01-05 16:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-05-07 18:03 . 2008-05-07 18:04 <DIR> d-------- C:\Program Files\Personal Voice Changer Driver
2008-05-07 18:02 . 2008-05-07 18:04 <DIR> d-------- C:\Program Files\Fake Voice
2008-05-07 16:08 . 2008-05-07 17:56 <DIR> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2008-05-07 16:01 . 2008-05-07 17:22 <DIR> d-------- C:\vcs5core
2008-05-07 16:01 . 2008-05-07 16:01 <DIR> d-------- C:\vcs5BGEffects
2008-05-07 16:01 . 2008-05-07 16:01 <DIR> d-------- C:\AV_LOGS
2008-05-06 16:19 . 2008-05-06 16:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Screaming Bee
2008-05-06 16:16 . 2008-05-06 16:16 <DIR> d-------- C:\Program Files\Common Files\Screaming Bee
2008-05-05 17:41 . 2003-03-13 12:51 51,200 --a------ C:\WINDOWS\system32\camcodec.dll
2008-05-05 17:41 . 2003-03-13 12:51 1,461 --a------ C:\WINDOWS\system32\drivers\camcodec.inf
2008-05-01 06:59 . 2008-05-01 06:59 <DIR> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 03:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\DNA
2008-06-28 03:36 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-27 16:27 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-23 07:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 02:46 --------- d--h--w C:\Documents and Settings\Owner\Application Data\ijjigame
2008-06-19 05:05 --------- d-----w C:\Program Files\Softnyx
2008-06-15 04:54 --------- d-----w C:\Program Files\Project64 1.6
2008-06-15 04:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-15 00:19 --------- d-----w C:\Program Files\NETGEAR
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 15:29 --------- d-----w C:\Program Files\Microsoft Broadband Networking
2008-05-23 02:01 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-05-19 13:51 --------- d-----w C:\Program Files\TheReleaser
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 14:00 --------- d-----w C:\Program Files\DivX
2008-05-05 14:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\IGN_DLM
2008-05-01 00:57 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-01 00:13 --------- d-----w C:\Program Files\Exact Audio Copy
2008-05-01 00:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\AccurateRip
2008-04-30 05:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\DivX
2008-04-30 01:53 --------- d-----w C:\Program Files\Xilisoft
2008-04-29 14:24 4,096 ----a-w C:\WINDOWS\system32\drivers\nocashio.sys
2008-04-28 13:56 --------- d-----w C:\Program Files\Cheat Engine
2008-04-26 20:42 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-20 22:27 114,688 ----a-w C:\WINDOWS\system32\liclock.dll
2008-04-10 00:31 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-24 18:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-05 23:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 23:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 23:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 22:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 22:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-05 02:57 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-10 22:40 1,206,366 ----a-w C:\Program Files\wrar371.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-29_ 9.59.08.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 16:46:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 03:26:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 03:26:47 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-07 15:46 289088]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-10-06 14:16 49152]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 09:15 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16 5058560]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe [2006-08-18 17:45:58 25214]
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [2008-06-14 17:19:19 884838]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.CSCD"= camcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 09:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboot]
C:\WINDOWS\Temp\RecoverFromReboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-06 13:46 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Softnyx\\WolfTeam\\Wolfteam.bin"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56872:TCP"= 56872:TCP:Pando P2P TCP Listening Port
"56872:UDP"= 56872:UDP:Pando P2P UDP Listening Port

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 16:20]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-05-17 16:59]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 16:16]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
R3 ISLNDIS5;ISLNDIS5 Protocol Driver;C:\PROGRA~1\MICROS~4\ISLNDIS5.SYS [2004-07-19 16:07]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2007-12-19 02:09]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 16:02]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-16 11:14]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-21 13:55]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys []
S3 XDva072;XDva072;C:\WINDOWS\system32\XDva072.sys []
S3 XDva074;XDva074;C:\WINDOWS\system32\XDva074.sys []
S3 XDva078;XDva078;C:\WINDOWS\system32\XDva078.sys []
S3 XDva081;XDva081;C:\WINDOWS\system32\XDva081.sys []
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []
S3 XDva092;XDva092;C:\WINDOWS\system32\XDva092.sys []
S3 XDva093;XDva093;C:\WINDOWS\system32\XDva093.sys []
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []
S3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys []
S3 XDva115;XDva115;C:\WINDOWS\system32\XDva115.sys []
S3 XDva136;XDva136;C:\WINDOWS\system32\XDva136.sys []
S3 XDva145;XDva145;C:\WINDOWS\system32\XDva145.sys []
S3 XDva152;XDva152;C:\WINDOWS\system32\XDva152.sys []
S3 XDva165;XDva165;C:\WINDOWS\system32\XDva165.sys []
S3 XDva178;XDva178;C:\WINDOWS\system32\XDva178.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-06-29 03:11:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-28 08:00:01 C:\WINDOWS\Tasks\Owner backup.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
"2008-06-28 08:20:00 C:\WINDOWS\Tasks\Owner scan and fix.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 20:26:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
.
**************************************************************************
.
Completion time: 2008-06-29 20:41:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-30 03:39:55
ComboFix2.txt 2008-06-29 21:12:41
ComboFix3.txt 2008-06-29 19:26:14
ComboFix4.txt 2008-06-29 17:00:54

Pre-Run: 31,060,443,136 bytes free
Post-Run: 31,101,845,504 bytes free

254 --- E O F --- 2008-06-28 22:40:07
  • 0

#15
jonyboy5
Posted 29 June 2008 - 10:29 PM

jonyboy5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Malwarebytes' Anti-Malware 1.11
Database version: 624

Scan type: Full Scan (C:\|)
Objects scanned: 110127
Time elapsed: 47 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP