Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old November 18th, 2007, 05:04 AM
Ryli Ryli is offline
Member
 
Join Date: Nov 2007
Posts: 59
Tech Help(Log Provided)

Well I have never had a problem a serious as this....I dont have reliable security on my pc so I know know what the problem is.Anyways to the point, my PC now has Trojans,viruses, spyware, malware you name it, these are problems that can be dealt with via Anti-Programs which I cant use due to the .exe files being damaged. I decided to do a Full Format of my PC using my XP Profession CD both
ways. After restarting the Computer and have the Computer boot up my CD-Rom
I didnt see a "Press any key to Boot from cd....." it just stayed blank and booted my HDD. I tried doing it the normal way putting the cd in and waiting till it Auto Runs asking me to install it but I get an error and it doesnt go further than that. I would much appreciate it if someone could help me with this problem I have been having for few months now and I am afraid one day it just wont turn on. (Previous Thread Post in relation to this problem.)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:35 PM, on 11/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1188.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CNet\802.11 Wireless LAN\CNETWlanMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\limewire\limewire.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\Insider\Insider.exe
C:\WINDOWS\system32\hsvifwcx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vngyxrsz.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [844499f6] rundll32.exe "C:\WINDOWS\system32\ovlgcasf.dll",b
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Program Files\KGB\Mpk.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: CNet Wireless Utility.lnk = ?
O4 - Global Startup: LaunchU3.exe.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - C:/xampp/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 6485 bytes
Reply With Quote


  #2  
Old November 18th, 2007, 06:11 PM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,807
Hello Ryli,

Infection is showing here, and your description of things does reflect some serious infection needing repairs. Do pleases top creating new threads on the same situation though - just adds to the existing workload and causes confusion.


When doing any of the repair steps here be very sure your protective software is disabled, as they will interfere and possibly undo successful repairs.

First disable Spyware Doctor, and make sure it remains disabled until our work here is done.

1. Open Spyware Doctor
2. Click on the 'Settings' button on the left hand panel
3. Then click on the 'Startup Settings' under 'Pick a Category'
4. Uncheck the box on the right that says 'Run at Windows Startup'

Then Temporarily disable AVG.

1. Double-click on the AVG Tray Icon
2. Double-click on "AVG Resident Shield"
3. Uncheck "Turn on AVG Resident Shield Protection" then click OK.

Don't forget to turn it back on after we have completed the steps.

----------------------

Download ComboFix.exe from here to your desktop, and click the downloaded file to run the repair.

When the command window opens, select 1 (and Enter). Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Then for now just post back the C:\ComboFix.txt log and a new HijackThis log please.
Reply With Quote
  #3  
Old November 22nd, 2007, 03:53 AM
Ryli Ryli is offline
Member
 
Join Date: Nov 2007
Posts: 59
Does the Combofix log appears after it says "Completed Stage 1"
Reply With Quote
  #4  
Old November 22nd, 2007, 04:17 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,807
It should go through I believe about 24 different stages as it runs. Be very sure your protective software is completely disabled - most often any delay or hang in running ComboFix is related to that.
Reply With Quote
  #5  
Old November 22nd, 2007, 07:53 AM
Ryli Ryli is offline
Member
 
Join Date: Nov 2007
Posts: 59
Exclamation Combofix Log & HijackThis Log

COMBOFIX LOG

ComboFix 07-11-19.3 - Repair 2007-11-21 22:13:58.3 - NTFSx86
Running from: C:\Documents and Settings\Repair\Desktop\ComboFix.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Brandon.X-CORP\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Brandon.X-CORP\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Brandon.X-CORP\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Brandon\Application Data\macromedia\Flash Player\#SharedObjects\TUFU4MSQ\www.broadcaster.com
C:\Documents and Settings\Brandon\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Brandon\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Brandon\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Brandon\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Brandon\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Repair\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Repair\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Repair\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Stefan\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Stefan\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Stefan\Favorites\Online Security Guide.lnk
C:\Program Files\Insider
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Program Files\WinAble\winable.exe.lzma
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\b147.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\hggdcab.dll
C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\jlnmp.bak2
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\jlnmp.tmp
C:\WINDOWS\system32\khffghi.dll
C:\WINDOWS\system32\m2
C:\WINDOWS\system32\mljgdef.dll
C:\WINDOWS\system32\mljjifd.dll
C:\WINDOWS\system32\o1
C:\WINDOWS\system32\o1\wr31drs.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\qrutv.bak1
C:\WINDOWS\system32\qrutv.bak2
C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\qrutv.ini2
C:\WINDOWS\system32\qrutv.tmp
C:\WINDOWS\system32\ssqolkl.dll
C:\WINDOWS\system32\v4
C:\WINDOWS\system32\v4\caws83122.exe
C:\WINDOWS\system32\vngyxrsz.dllbox
C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\wr.txt
C:\z.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-22 to 2007-11-22 )))))))))))))))))))))))))))))))
.

2007-11-21 19:41 <DIR> d-------- C:\Documents and Settings\Repair\Application Data\Apple Computer
2007-11-21 14:08 <DIR> d-------- C:\Documents and Settings\Repair\Application Data\U3
2007-11-21 08:19 <DIR> d-------- C:\Program Files\CCleaner
2007-11-21 04:48 294 --ahs---- C:\WINDOWS\system32\vhwjckup.ini
2007-11-21 04:47 85,056 --a------ C:\WINDOWS\system32\pukcjwhv.dll
2007-11-21 04:47 71,232 --a------ C:\WINDOWS\system32\urcmonrs.exe
2007-11-21 04:11 71,232 --a------ C:\WINDOWS\system32\smurpvst.exe
2007-11-21 04:09 37,376 --a------ C:\WINDOWS\system32\nnnommk.dll
2007-11-20 21:15 85,056 --a------ C:\WINDOWS\system32\nwyiwexe.dll
2007-11-20 21:15 774 --ahs---- C:\WINDOWS\system32\exewiywn.ini
2007-11-20 21:12 71,232 --a------ C:\WINDOWS\system32\cctwuibb.exe
2007-11-20 21:09 77 --a------ C:\Documents and Settings\Repair\2431.bat
2007-11-20 21:07 <DIR> d-------- C:\Documents and Settings\Repair\Application Data\Grisoft
2007-11-20 20:51 3,480 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-20 20:51 0 --a------ C:\WINDOWS\system32\tmp.txt
2007-11-20 20:50 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-20 20:50 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-20 20:50 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-20 20:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-20 20:50 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-20 20:20 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-20 19:51 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-20 19:51 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-20 19:51 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-20 19:51 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-20 19:51 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-20 19:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-20 19:51 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-20 19:51 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-20 19:50 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-20 19:20 654 --ahs---- C:\WINDOWS\system32\dgqteevy.ini
2007-11-20 19:14 84,544 --a------ C:\WINDOWS\system32\hkffacrw.dll
2007-11-20 19:11 71,232 --a------ C:\WINDOWS\system32\rkifjgpu.exe
2007-11-20 19:04 260 --a------ C:\1061.bat
2007-11-20 19:00 71,232 --a------ C:\WINDOWS\system32\vwolxinm.exe
2007-11-20 18:58 71,232 --a------ C:\WINDOWS\system32\cdubxymr.exe
2007-11-20 18:20 534 --ahs---- C:\WINDOWS\system32\ehvfymrr.ini
2007-11-20 18:17 84,544 --a------ C:\WINDOWS\system32\pnegfbmm.dll
2007-11-20 18:13 71,232 --a------ C:\WINDOWS\system32\bpypjkwv.exe
2007-11-20 16:48 <DIR> d-------- C:\Program Files\Opera
2007-11-20 16:39 84,544 --a------ C:\WINDOWS\system32\nibovtwe.dll
2007-11-20 16:34 354 --ahs---- C:\WINDOWS\system32\pdbvnuho.ini
2007-11-20 16:31 71,232 --a------ C:\WINDOWS\system32\woapmhgv.exe
2007-11-20 16:19 85,056 --a------ C:\WINDOWS\system32\iiqmmnae.dll
2007-11-20 16:19 594 --ahs---- C:\WINDOWS\system32\eanmmqii.ini
2007-11-20 16:18 <DIR> d-------- C:\Documents and Settings\Brandon.X-CORP\Application Data\Sony Ericsson
2007-11-20 16:18 <DIR> d-------- C:\Documents and Settings\Brandon.X-CORP\Application Data\Nero
2007-11-20 16:18 <DIR> d-------- C:\Documents and Settings\Brandon.X-CORP\Application Data\AVG7
2007-11-20 16:16 71,232 --a------ C:\WINDOWS\system32\mwlohqkv.exe
2007-11-20 16:04 <DIR> d-------- C:\Documents and Settings\Repair\Application Data\BYOND
2007-11-20 15:46 <DIR> d-------- C:\WINDOWS\speech
2007-11-20 15:46 175,104 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-11-20 15:46 102,400 --a------ C:\WINDOWS\system32\libfaac.dll
2007-11-20 15:25 84,544 --a------ C:\WINDOWS\system32\mihceopp.dll
2007-11-20 15:22 534 --ahs---- C:\WINDOWS\system32\djpksthk.ini
2007-11-20 15:19 71,232 --a------ C:\WINDOWS\system32\bdxwitlr.exe
2007-11-20 15:11 84,544 --a------ C:\WINDOWS\system32\iyudcmsh.dll
2007-11-20 15:11 71,232 --a------ C:\WINDOWS\system32\vodbfpsp.exe
2007-11-20 15:11 40,960 --a------ C:\Documents and Settings\Repair\f.exe
2007-11-20 15:11 37,376 --a------ C:\WINDOWS\system32\xxyvsrr.dll
2007-11-20 15:11 37,376 --a------ C:\WINDOWS\system32\qomllkh.dll
2007-11-20 15:11 256 --a------ C:\Documents and Settings\Repair\z.dat
2007-11-20 15:11 0 --a------ C:\Documents and Settings\Repair\x.dat
2007-11-20 14:47 84,544 --a------ C:\WINDOWS\system32\fvkogbmx.dll
2007-11-20 14:45 414 --ahs---- C:\WINDOWS\system32\gkslsril.ini
2007-11-20 14:43 71,232 --a------ C:\WINDOWS\system32\alekvqrv.exe
2007-11-20 14:39 <DIR> d-------- C:\MuSiK
2007-11-20 14:17 654 --ahs---- C:\WINDOWS\system32\dsiwnqlb.ini
2007-11-20 14:16 85,056 --a------ C:\WINDOWS\system32\blqnwisd.dll
2007-11-20 14:15 84,544 --a------ C:\WINDOWS\system32\jlubrlld.dll
2007-11-20 14:15 71,232 --a------ C:\WINDOWS\system32\etwqqair.exe
2007-11-19 19:11 <DIR> d---s---- C:\Documents and Settings\Repair\UserData
2007-11-19 18:34 83,008 --a------ C:\WINDOWS\system32\pnjmtufw.dll
2007-11-19 18:32 85,056 --a------ C:\WINDOWS\system32\dksgujtn.dll
2007-11-19 18:28 71,232 --a------ C:\WINDOWS\system32\ptnhebpv.exe
2007-11-19 17:57 83,008 --a------ C:\WINDOWS\system32\vnepjgwr.dll
2007-11-19 17:54 <DIR> d-------- C:\Documents and Settings\Repair\Contacts
2007-11-19 17:54 85,056 --a------ C:\WINDOWS\system32\vsrqrtfd.dll
2007-11-19 17:51 <DIR> d-------- C:\Documents and Settings\Repair\Application Data\Teleca
2007-11-19 17:48 <DIR> d-------- C:\Documents and Settings\Repair\Application Data\Nero
2007-11-19 17:48 71,232 --a------ C:\WINDOWS\system32\lfxtuiss.exe
2007-11-19 17:47 <DIR> d-------- C:\Documents and Settings\Repair\Application Data\Sony Ericsson
2007-11-19 17:47 <DIR> d-------- C:\Documents and Settings\Repair\Application Data\AVG7
2007-11-19 17:35 83,008 --a------ C:\WINDOWS\system32\skfgphnk.dll
2007-11-19 17:34 71,232 --a------ C:\WINDOWS\system32\fyhxpsmw.exe
2007-11-19 17:31 36,864 --a------ C:\Documents and Settings\Brandon\services.exe
2007-11-19 14:15 85,056 --a------ C:\WINDOWS\system32\idgfrqoi.dll
2007-11-19 14:13 83,008 --a------ C:\WINDOWS\system32\qqaqfbow.dll
2007-11-19 14:11 71,232 --a------ C:\WINDOWS\system32\ccbarkvh.exe
2007-11-19 13:21 83,008 --a------ C:\WINDOWS\system32\cndkowxx.dll
2007-11-19 13:18 594 --ahs---- C:\WINDOWS\system32\olxqmkeg.ini
2007-11-19 13:16 71,232 --a------ C:\WINDOWS\system32\araelhyu.exe
2007-11-18 16:17 79,424 --a------ C:\WINDOWS\system32\smkychel.dll
2007-11-18 16:13 77 --a------ C:\7788.bat
2007-11-18 16:09 71,232 --a------ C:\WINDOWS\system32\lsxporla.exe
2007-11-18 11:39 85,056 --a------ C:\WINDOWS\system32\mskmvptg.dll
2007-11-18 11:39 294 --ahs---- C:\WINDOWS\system32\gtpvmksm.ini
2007-11-18 11:36 71,232 --a------ C:\WINDOWS\system32\klqsfora.exe
2007-11-17 19:42 82,496 --a------ C:\WINDOWS\system32\pdqflfea.dll
2007-11-17 19:39 71,232 --a------ C:\WINDOWS\system32\vourxwrx.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-22 02:32 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\MPK
2007-11-22 02:24 --------- d-sh--w C:\Program Files\Free KGB Key Logger
2007-11-21 21:22 --------- d-----w C:\Program Files\VBA
2007-11-21 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-11-21 16:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-21 16:20 --------- d-----w C:\Program Files\Yahoo!
2007-11-20 01:34 --------- d-----w C:\Documents and Settings\Brandon\Application Data\LimeWire
2007-11-18 20:22 --------- d-----w C:\Documents and Settings\Stefan\Application Data\AVG7
2007-11-17 06:30 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\KSP
2007-11-17 02:34 --------- d-----w C:\Program Files\Lavasoft
2007-11-17 02:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 01:14 --------- d-----r C:\Program Files\Ra2
2007-11-10 17:21 --------- d-----w C:\Documents and Settings\Brandon\Application Data\AVG7
2007-11-09 02:46 --------- d-----w C:\Program Files\ShortKeys2
2007-11-03 03:03 --------- d-----w C:\Program Files\Apple Software Update
2007-11-02 05:15 --------- d-----w C:\Program Files\Starcraft
2007-11-02 04:37 --------- d-----w C:\Program Files\QuickTime
2007-10-27 21:42 --------- d-----w C:\Program Files\MSN Messenger
2007-10-24 22:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-19 23:42 --------- d-----w C:\Program Files\LiveUpdate
2007-10-11 21:28 --------- d-----w C:\Program Files\Common Files\Nero
2007-10-11 21:23 --------- d-----w C:\Program Files\Nero
2007-10-11 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-10-06 14:00 --------- d-----w C:\Program Files\NOCASH
2007-10-01 15:27 --------- d-----w C:\Program Files\DivX
2007-10-01 15:09 --------- d-----w C:\Program Files\Microsoft Games
2007-10-01 13:22 --------- d-----w C:\Program Files\ArtMoney
2007-10-01 12:05 --------- d-----w C:\Program Files\Alcohol Soft
2007-09-25 11:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-09-25 11:00 --------- d-----w C:\Program Files\IVT Corporation
2007-09-06 20:17 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-21 21:37 700,031 ----a-w C:\Documents and Settings\Random\UBarGen2.2_en.exe
2007-06-15 19:10 19,390 -c--a-w C:\Documents and Settings\Incomplete\downloads.dat
2007-06-09 09:16 4,311 ----a-w C:\Documents and Settings\Random\Guild System_src.zip
2007-04-05 01:48 77,160 -c--a-w C:\Documents and Settings\DIRECTX\DSETUP.dll
2007-04-05 01:48 503,144 -c--a-w C:\Documents and Settings\DIRECTX\DXSETUP.exe
2007-04-05 01:48 1,673,576 -c--a-w C:\Documents and Settings\DIRECTX\dsetup32.dll
2007-01-07 06:24 24,576 ----a-w C:\Documents and Settings\Dragonball Chaos United\Dragonball Chaos United.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B082DBD-7BEB-4A4B-98E1-67E15A9ABB1F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B67807B3-D819-4CB1-9B09-AEC73455EEFA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d4bcb1a0-aa4f-4f2d-8edc-7f323af9ba60}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED203331-9C33-49D8-8714-D24A366A04EC}]
2007-11-21 04:09 37376 --a------ C:\WINDOWS\system32\nnnommk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-08 10:02]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 09:59]
"Persistence"="C:\WINDOWS\system32\igfxpers.ex e" [2005-06-08 10:03]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 C:\WINDOWS\ALCXMNTR.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"Cmaudio"="RunDll32 cmicnfg.cpl" []
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 08:25]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-09-06 03:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]
"844499f6"="C:\WINDOWS\system32\pukcjwhv.dll" [2007-11-21 04:47]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hklm\software\microsoft\windows\currentversion\exp lorer\shellexecutehooks]
"{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\nnnommk.dll [2007-11-21 04:09 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnommk]
nnnommk.dll 2007-11-21 04:09 37376 C:\WINDOWS\system32\nnnommk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnlj.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f682a8cd-5c2e-11dc-a93b-0008a16b8ddf}]
\Shell\AutoRun\command - D:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-16 03:07:35 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-21 22:39:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

************************************************** ************************
.
Completion time: 2007-11-21 22:48:13 - machine was rebooted
.
--- E O F ---
Reply With Quote
  #6  
Old November 22nd, 2007, 07:53 AM
Ryli Ryli is offline
Member
 
Join Date: Nov 2007
Posts: 59
HijackThislog

----------------------------------------------------------------------------------------------------------------------------------------------------

HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:13 PM, on 11/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CNet\802.11 Wireless LAN\CNETWlanMonitor.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchhereonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0E32EAC0-03BA-4E80-AB88-9DDB89002ABF} - C:\WINDOWS\system32\vtsqn.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6B082DBD-7BEB-4A4B-98E1-67E15A9ABB1F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B67807B3-D819-4CB1-9B09-AEC73455EEFA} - (no file)
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O2 - BHO: (no name) - {d4bcb1a0-aa4f-4f2d-8edc-7f323af9ba60} - (no file)
O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - C:\WINDOWS\system32\nnnommk.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [844499f6] rundll32.exe "C:\WINDOWS\system32\pukcjwhv.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Program Files\KGB\Mpk.exe
O4 - Global Startup: CNet Wireless Utility.lnk = ?
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: nnnommk - C:\WINDOWS\SYSTEM32\nnnommk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - C:/xampp/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 7437 bytes
Reply With Quote
  #7  
Old November 22nd, 2007, 04:06 PM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,807
Did you install that KGB Keylogger on your own system there? Not sure if it won't get targeted and removed in scans we do, so before doing the following SUPERAntiSpyware scan you may want to uninstall it to avoid corruption of it's processes. Again a reminder to be very sure all protective software is disabled when doing these steps.

You will want to print or have access to a copy of the next step, as it will be done without net access.


Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

Code:
File::
C:\WINDOWS\system32\vhwjckup.ini
C:\WINDOWS\system32\pukcjwhv.dll
C:\WINDOWS\system32\urcmonrs.exe
C:\WINDOWS\system32\smurpvst.exe
C:\WINDOWS\system32\nnnommk.dll
C:\WINDOWS\system32\nwyiwexe.dll
C:\WINDOWS\system32\exewiywn.ini
C:\WINDOWS\system32\cctwuibb.exe
C:\Documents and Settings\Repair\2431.bat
C:\WINDOWS\system32\dgqteevy.ini
C:\WINDOWS\system32\hkffacrw.dll
C:\WINDOWS\system32\rkifjgpu.exe
C:\1061.bat
C:\WINDOWS\system32\vwolxinm.exe
C:\WINDOWS\system32\cdubxymr.exe
C:\WINDOWS\system32\ehvfymrr.ini
C:\WINDOWS\system32\pnegfbmm.dll
C:\WINDOWS\system32\bpypjkwv.exe
C:\WINDOWS\system32\nibovtwe.dll
C:\WINDOWS\system32\pdbvnuho.ini
C:\WINDOWS\system32\woapmhgv.exe
C:\WINDOWS\system32\iiqmmnae.dll
C:\WINDOWS\system32\eanmmqii.ini
C:\WINDOWS\system32\mwlohqkv.exe
C:\WINDOWS\system32\mihceopp.dll
C:\WINDOWS\system32\djpksthk.ini
C:\WINDOWS\system32\bdxwitlr.exe
C:\WINDOWS\system32\iyudcmsh.dll
C:\WINDOWS\system32\vodbfpsp.exe
C:\Documents and Settings\Repair\f.exe
C:\WINDOWS\system32\xxyvsrr.dll
C:\WINDOWS\system32\qomllkh.dll
C:\Documents and Settings\Repair\z.dat
C:\Documents and Settings\Repair\x.dat
C:\WINDOWS\system32\fvkogbmx.dll
C:\WINDOWS\system32\gkslsril.ini
C:\WINDOWS\system32\alekvqrv.exe
C:\WINDOWS\system32\dsiwnqlb.ini
C:\WINDOWS\system32\blqnwisd.dll
C:\WINDOWS\system32\jlubrlld.dll
C:\WINDOWS\system32\etwqqair.exe
C:\WINDOWS\system32\pnjmtufw.dll
C:\WINDOWS\system32\dksgujtn.dll
C:\WINDOWS\system32\ptnhebpv.exe
C:\WINDOWS\system32\vnepjgwr.dll
C:\WINDOWS\system32\vsrqrtfd.dll
C:\WINDOWS\system32\lfxtuiss.exe
C:\WINDOWS\system32\skfgphnk.dll
C:\WINDOWS\system32\fyhxpsmw.exe
C:\Documents and Settings\Brandon\services.exe
C:\WINDOWS\system32\idgfrqoi.dll
C:\WINDOWS\system32\qqaqfbow.dll
C:\WINDOWS\system32\ccbarkvh.exe
C:\WINDOWS\system32\cndkowxx.dll
C:\WINDOWS\system32\olxqmkeg.ini
C:\WINDOWS\system32\araelhyu.exe
C:\WINDOWS\system32\smkychel.dll
C:\7788.bat
C:\WINDOWS\system32\lsxporla.exe
C:\WINDOWS\system32\mskmvptg.dll
C:\WINDOWS\system32\gtpvmksm.ini
C:\WINDOWS\system32\klqsfora.exe
C:\WINDOWS\system32\pdqflfea.dll
C:\WINDOWS\system32\vourxwrx.exe
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\vtsqn.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B082DBD-7BEB-4A4B-98E1-67E15A9ABB1F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E32EAC0-03BA-4E80-AB88-9DDB89002ABF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B67807B3-D819-4CB1-9B09-AEC73455EEFA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d4bcb1a0-aa4f-4f2d-8edc-7f323af9ba60}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED203331-9C33-49D8-8714-D24A366A04EC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"844499f6"=-
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{ED203331-9C33-49D8-8714-D24A366A04EC}"=
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnommk]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= hex(7):6d,73,76,31,5f,30,00,00
DirLook::
C:\Program Files\NOCASH
C:\MuSiK
C:\Documents and Settings\Repair\Application Data\BYOND
Save this as "CFScript"

(include the "quotation marks" with the name)

Now disconnect from net access. If cable/dsl physically disconnect the cable from the modem/computer/router.



Referring to the picture above, drag CFScript.txt into ComboFix.exe

ComboFix will now run as it did before. When the command window opens, select 1 (and Enter). Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

----------------------------

Reconnect your net access and Go here and download the free version of SUPERAntiSpyware and install it.

After installation accept any prompts to allow SUPERAntiSpyware to install the latest infection definition files. Next follow the prompts to complete the installation. For now, uncheck the option to have SUPERAntiSpyware "Automatically check for program and definition updates". Providing an email address and allowing the software to send diagnostic reports to it's research center are up to you. Do NOT allow SUPERAntiSpyware to Protect your Home Page settings.

Once the installation is complete open SUPERAntiSpyware and press the Preferences button. Under the General and Startup tab, uncheck the following (leaving all other settings as is).

Start-up Options:
*Start SUPERAntiSpyware when Windows starts

Automatic Updates:
*Check for program updates when the application starts.
Start-up Scanning:
*Check for updates before scanning on startup.

Then select Close. Don't scan just yet though.


Also Go Here and download ATF cleaner. Click on the downloaded file to run it, and select "Select All", then click Empty Selected (and close ATF).

If you have them, also click on Firefox/Opera at the top and repeat the steps (and close ATF). Firefox/Opera will need to be closed first for the cleaning to be effective.

===============================================


Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).


Open SUPERAntiSpyware and click the Scan your Computer button. You may need to start SUPERAntiSpyware, then right click the Taskbar icon (the little bug shaped icon) and select "Scan for Spyware, Adware, Malware..." to access the scan panel. Making sure that Fixed Drive (NTFS) is checked (typically the C Drive), check "Perform Complete Scan", then click Next. SUPERAntiSpyware will now complete a system scan.


SUPERAntiSpyware will now scan your computer and when its finished it will list all the infections it has found. Make sure that they all have a check next to them and click next. If prompted allow the reboot (or manually reboot at this time), and after the reboot open SUPERAntiSpyware again (double click the bug-shaped Taskbar icon).

Click Preferences, then under the Statistics/Logs tab, click to select the most recent Scan Log, then click View Log. Save the log to your desktop, and copy/paste the text from the log back here.


Post back the combofix.txt log along with a new HijackThis log and the SUPERAntiSpyware log please.
Reply With Quote
  #8  
Old November 23rd, 2007, 02:58 PM
Ryli Ryli is offline
Member
 
Join Date: Nov 2007
Posts: 59
New Logs

Yes I installed it on there.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/22/2007 at 06:17 PM

Application Version : 3.9.1008

Core Rules Database Version : 3348
Trace Rules Database Version: 1349

Scan type : Complete Scan
Total Scan Time : 00:59:15

Memory items scanned : 177
Memory threats detected : 0
Registry items scanned : 5628
Registry threats detected : 8
File items scanned : 28232
File threats detected : 96

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{13165B17-7745-4390-BCCD-6C9178C47960}
HKCR\CLSID\{13165B17-7745-4390-BCCD-6C9178C47960}
HKCR\CLSID\{13165B17-7745-4390-BCCD-6C9178C47960}\InprocServer32
HKCR\CLSID\{13165B17-7745-4390-BCCD-6C9178C47960}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PMNLJ.DLL
HKLM\Software\Classes\CLSID\{4E7B2A73-8E03-4259-A2AC-EF841FF551FD}
HKCR\CLSID\{4E7B2A73-8E03-4259-A2AC-EF841FF551FD}
HKCR\CLSID\{4E7B2A73-8E03-4259-A2AC-EF841FF551FD}\InprocServer32
HKCR\CLSID\{4E7B2A73-8E03-4259-A2AC-EF841FF551FD}\InprocServer32#ThreadingModel

ReFOG KGB Keylogger
C:\PROGRAM FILES\FREE KGB KEY LOGGER\WINLOGONS.EXE

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\B147.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\V4\CAWS831 22.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\TTC-4444.EXE.VIR

Trojan.Downloader-Gen/DDC
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ALEKVQRV.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ARAELHYU.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BDXWITLR.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BPYPJKWV.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CCBARKVH.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CCTWUIBB.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CDUBXYMR.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ETWQQAIR.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FYHXPSMW.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KLQSFORA.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LFXTUISS.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LSXPORLA.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MWLOHQKV.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PTNHEBPV.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RKIFJGPU.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SMURPVST.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\URCMONRS.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VODBFPSP.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VOURXWRX.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VWOLXINM.E XE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WOAPMHGV.E XE.VIR
C:\WINDOWS\SYSTEM32\CFPVUHSC.EXE
C:\WINDOWS\SYSTEM32\CXNXRTKG.EXE
C:\WINDOWS\SYSTEM32\FLNKOYFH.EXE
C:\WINDOWS\SYSTEM32\***DQSLF.EXE
C:\WINDOWS\SYSTEM32\GEBERUOF.EXE
C:\WINDOWS\SYSTEM32\IPWOHMVF.EXE
C:\WINDOWS\SYSTEM32\JBTRRGLA.EXE
C:\WINDOWS\SYSTEM32\KVTIUGLR.EXE
C:\WINDOWS\SYSTEM32\LBSXXLJX.EXE
C:\WINDOWS\SYSTEM32\LIGJKGWL.EXE
C:\WINDOWS\SYSTEM32\NKYYDXUN.EXE
C:\WINDOWS\SYSTEM32\NVCCMOIQ.EXE
C:\WINDOWS\SYSTEM32\QCNLYERQ.EXE
C:\WINDOWS\SYSTEM32\QGBSPPRT.EXE
C:\WINDOWS\SYSTEM32\TILWSVQK.EXE
C:\WINDOWS\SYSTEM32\TOCFNGIW.EXE
C:\WINDOWS\SYSTEM32\VTNSDHNF.EXE
C:\WINDOWS\SYSTEM32\WAMMAWRP.EXE
C:\WINDOWS\SYSTEM32\XBMJRORJ.EXE
C:\WINDOWS\SYSTEM32\XFJGCDWP.EXE
C:\WINDOWS\SYSTEM32\XMMTIEFI.EXE
C:\WINDOWS\SYSTEM32\XOFKFLKW.EXE

Adware.Vundo-Variant/Small
C:\WINDOWS\SYSTEM32\CBXXUTQ.DLL
C:\WINDOWS\SYSTEM32\IIFFGGD.DLL
C:\WINDOWS\SYSTEM32\SSQONKJ.DLL
C:\WINDOWS\SYSTEM32\WVUTRRO.DLL

Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\CYNNHYCT.DLL
C:\WINDOWS\SYSTEM32\GBSKUEQJ.DLL
C:\WINDOWS\SYSTEM32\KMYDYCCH.DLL
C:\WINDOWS\SYSTEM32\NEJOOCOY.DLL
C:\WINDOWS\SYSTEM32\NERCAEVX.DLL
C:\WINDOWS\SYSTEM32\NHJHKPFC.DLL
C:\WINDOWS\SYSTEM32\PAHWUSEJ.DLL
C:\WINDOWS\SYSTEM32\PIURUWCM.DLL
C:\WINDOWS\SYSTEM32\PSVDNHDI.DLL
C:\WINDOWS\SYSTEM32\SABSLYGE.DLL
C:\WINDOWS\SYSTEM32\UYYPPMWG.DLL
C:\WINDOWS\SYSTEM32\VKQHYEUJ.DLL
C:\WINDOWS\SYSTEM32\WIQFRODL.DLL

Adware.Vundo-Variant
C:\WINDOWS\SYSTEM32\DPCUDDRD.DLL
C:\WINDOWS\SYSTEM32\EHIRWYAC.DLL
C:\WINDOWS\SYSTEM32\EKUAXAPL.DLL
C:\WINDOWS\SYSTEM32\FDBANSID.DLL
C:\WINDOWS\SYSTEM32\FUEESAER.DLL
C:\WINDOWS\SYSTEM32\GMJHDJHI.DLL
C:\WINDOWS\SYSTEM32\GXJXKGIV.DLL
C:\WINDOWS\SYSTEM32\HPIKGTCB.DLL
C:\WINDOWS\SYSTEM32\IADYOQTX.DLL
C:\WINDOWS\SYSTEM32\JGDQDMIW.DLL
C:\WINDOWS\SYSTEM32\JGHMRAOO.DLL
C:\WINDOWS\SYSTEM32\KBRPTOGH.DLL
C:\WINDOWS\SYSTEM32\KNFOHYTR.DLL
C:\WINDOWS\SYSTEM32\LUMBVGGR.DLL
C:\WINDOWS\SYSTEM32\MOSBLBBO.DLL
C:\WINDOWS\SYSTEM32\OKWAKDKE.DLL
C:\WINDOWS\SYSTEM32\PCRGTOAR.DLL
C:\WINDOWS\SYSTEM32\PCWDTISE.DLL
C:\WINDOWS\SYSTEM32\RHQWWGSX.DLL
C:\WINDOWS\SYSTEM32\RRJENYBX.DLL
C:\WINDOWS\SYSTEM32\SBNONPRX.DLL
C:\WINDOWS\SYSTEM32\SCMRCVLW.DLL
C:\WINDOWS\SYSTEM32\TCUGVXTW.DLL
C:\WINDOWS\SYSTEM32\THGQVASY.DLL
C:\WINDOWS\SYSTEM32\WHHNGJLL.DLL
C:\WINDOWS\SYSTEM32\XPVIRFCK.DLL

Unclassified.Unknown Origin
C:\WINDOWS\SYSTEM32\IIFCDEE.DLL.VIR

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\MLJHEDD.DLL
C:\WINDOWS\SYSTEM32\TUVSPQP.DLL
C:\WINDOWS\SYSTEM32\URQNNOO.DLL
C:\WINDOWS\SYSTEM32\XXYYYXU.DLL

Last edited by Jintan; November 24th, 2007 at 02:27 AM. Reason: Removed code tags
Reply With Quote
  #9  
Old November 23rd, 2007, 03:01 PM
Ryli Ryli is offline
Member
 
Join Date: Nov 2007
Posts: 59
New Logs Combofix

ComboFix 07-11-19.3 - Repair 2007-11-22 16:08:59.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.25 [GMT -8:00]Running from: C:\Documents and Settings\Repair\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Repair\Desktop\CFScript
* Created a new restore point

FILE
C:\1061.bat
C:\7788.bat
C:\Documents and Settings\Brandon\services.exe
C:\Documents and Settings\Repair\2431.bat
C:\Documents and Settings\Repair\f.exe
C:\Documents and Settings\Repair\x.dat
C:\Documents and Settings\Repair\z.dat
C:\WINDOWS\system32\alekvqrv.exe
C:\WINDOWS\system32\araelhyu.exe
C:\WINDOWS\system32\bdxwitlr.exe
C:\WINDOWS\system32\blqnwisd.dll
C:\WINDOWS\system32\bpypjkwv.exe
C:\WINDOWS\system32\ccbarkvh.exe
C:\WINDOWS\system32\cctwuibb.exe
C:\WINDOWS\system32\cdubxymr.exe
C:\WINDOWS\system32\cndkowxx.dll
C:\WINDOWS\system32\dgqteevy.ini
C:\WINDOWS\system32\djpksthk.ini
C:\WINDOWS\system32\dksgujtn.dll
C:\WINDOWS\system32\dsiwnqlb.ini
C:\WINDOWS\system32\eanmmqii.ini
C:\WINDOWS\system32\ehvfymrr.ini
C:\WINDOWS\system32\etwqqair.exe
C:\WINDOWS\system32\exewiywn.ini
C:\WINDOWS\system32\fvkogbmx.dll
C:\WINDOWS\system32\fyhxpsmw.exe
C:\WINDOWS\system32\gkslsril.ini
C:\WINDOWS\system32\gtpvmksm.ini
C:\WINDOWS\system32\hkffacrw.dll
C:\WINDOWS\system32\idgfrqoi.dll
C:\WINDOWS\system32\iiqmmnae.dll
C:\WINDOWS\system32\iyudcmsh.dll
C:\WINDOWS\system32\jlubrlld.dll
C:\WINDOWS\system32\klqsfora.exe
C:\WINDOWS\system32\lfxtuiss.exe
C:\WINDOWS\system32\lsxporla.exe
C:\WINDOWS\system32\mihceopp.dll
C:\WINDOWS\system32\mskmvptg.dll
C:\WINDOWS\system32\mwlohqkv.exe
C:\WINDOWS\system32\nibovtwe.dll
C:\WINDOWS\system32\nnnommk.dll
C:\WINDOWS\system32\nwyiwexe.dll
C:\WINDOWS\system32\olxqmkeg.ini
C:\WINDOWS\system32\pdbvnuho.ini
C:\WINDOWS\system32\pdqflfea.dll
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pnegfbmm.dll
C:\WINDOWS\system32\pnjmtufw.dll
C:\WINDOWS\system32\ptnhebpv.exe
C:\WINDOWS\system32\pukcjwhv.dll
C:\WINDOWS\system32\qomllkh.dll
C:\WINDOWS\system32\qqaqfbow.dll
C:\WINDOWS\system32\rkifjgpu.exe
C:\WINDOWS\system32\skfgphnk.dll
C:\WINDOWS\system32\smkychel.dll
C:\WINDOWS\system32\smurpvst.exe
C:\WINDOWS\system32\urcmonrs.exe
C:\WINDOWS\system32\vhwjckup.ini
C:\WINDOWS\system32\vnepjgwr.dll
C:\WINDOWS\system32\vodbfpsp.exe
C:\WINDOWS\system32\vourxwrx.exe
C:\WINDOWS\system32\vsrqrtfd.dll
C:\WINDOWS\system32\vtsqn.dll
C:\WINDOWS\system32\vwolxinm.exe
C:\WINDOWS\system32\woapmhgv.exe
C:\WINDOWS\system32\xxyvsrr.dll
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1061.bat
C:\7788.bat
C:\Documents and Settings\Brandon\services.exe
C:\Documents and Settings\Repair\2431.bat
C:\Documents and Settings\Repair\f.exe
C:\Documents and Settings\Repair\x.dat
C:\Documents and Settings\Repair\z.dat
C:\WINDOWS\system32\alekvqrv.exe
C:\WINDOWS\system32\araelhyu.exe
C:\WINDOWS\system32\bdxwitlr.exe
C:\WINDOWS\system32\blqnwisd.dll
C:\WINDOWS\system32\bpypjkwv.exe
C:\WINDOWS\system32\ccbarkvh.exe
C:\WINDOWS\system32\cctwuibb.exe
C:\WINDOWS\system32\cdubxymr.exe
C:\WINDOWS\system32\cndkowxx.dll
C:\WINDOWS\system32\dgqteevy.ini
C:\WINDOWS\system32\djpksthk.ini
C:\WINDOWS\system32\dksgujtn.dll
C:\WINDOWS\system32\dsiwnqlb.ini
C:\WINDOWS\system32\eanmmqii.ini
C:\WINDOWS\system32\ehvfymrr.ini
C:\WINDOWS\system32\etwqqair.exe
C:\WINDOWS\system32\exewiywn.ini
C:\WINDOWS\system32\fvkogbmx.dll
C:\WINDOWS\system32\fyhxpsmw.exe
C:\WINDOWS\system32\gkslsril.ini
C:\WINDOWS\system32\gtpvmksm.ini
C:\WINDOWS\system32\hkffacrw.dll
C:\WINDOWS\system32\idgfrqoi.dll
C:\WINDOWS\system32\iiqmmnae.dll
C:\WINDOWS\system32\iyudcmsh.dll
C:\WINDOWS\system32\jlubrlld.dll
C:\WINDOWS\system32\klqsfora.exe
C:\WINDOWS\system32\lfxtuiss.exe
C:\WINDOWS\system32\lsxporla.exe
C:\WINDOWS\system32\mihceopp.dll
C:\WINDOWS\system32\mskmvptg.dll
C:\WINDOWS\system32\mwlohqkv.exe
C:\WINDOWS\system32\nibovtwe.dll
C:\WINDOWS\system32\nnnommk.dll
C:\WINDOWS\system32\nqstv.ini
C:\WINDOWS\system32\nqstv.ini2
C:\WINDOWS\system32\nwyiwexe.dll
C:\WINDOWS\system32\olxqmkeg.ini
C:\WINDOWS\system32\pdbvnuho.ini
C:\WINDOWS\system32\pdqflfea.dll
C:\WINDOWS\system32\pnegfbmm.dll
C:\WINDOWS\system32\pnjmtufw.dll
C:\WINDOWS\system32\ptnhebpv.exe
C:\WINDOWS\system32\pukcjwhv.dll
C:\WINDOWS\system32\qomllkh.dll
C:\WINDOWS\system32\qqaqfbow.dll
C:\WINDOWS\system32\rkifjgpu.exe
C:\WINDOWS\system32\skfgphnk.dll
C:\WINDOWS\system32\smkychel.dll
C:\WINDOWS\system32\smurpvst.exe
C:\WINDOWS\system32\urcmonrs.exe
C:\WINDOWS\system32\vhwjckup.ini
C:\WINDOWS\system32\vnepjgwr.dll
C:\WINDOWS\system32\vodbfpsp.exe
C:\WINDOWS\system32\vourxwrx.exe
C:\WINDOWS\system32\vsrqrtfd.dll
C:\WINDOWS\system32\vtsqn.dll
C:\WINDOWS\system32\vwolxinm.exe
C:\WINDOWS\system32\woapmhgv.exe
C:\WINDOWS\system32\xxyvsrr.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.

2007-11-21 19:41 <DIR> d-------- C:\Documents and Settings\Repair\Application Data\Apple Computer
2007-11-21 14:08 <DIR> d-------- C:\Documents and Settings\Repair\Application Data\U3
2007-11-21 08:19 <DIR> d-------- C:\Program Files\CCleaner
2007-11-20 21:07 <DIR> d-------- C:\Documents and Settings\Repair\Application Data\Grisoft
2007-11-20 20:51 3,480 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-20 20:51 0 --a------ C:\WINDOWS\system32\tmp.txt
2007-11-20 20:50 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-20 20:50 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-20 20:50 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-20 20:50 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-20 20:20 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-20 19:51 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-20 19:51 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-20 19:51 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-20 19:51 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-20 19:51 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-20 19:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-20 19:51 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-20 19:51 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-20 19:50 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-20 16:48 <DIR> d-------- C:\Program Files\Opera
2007-11-20 16:18 <DIR> d-------- C:\Documents and Settings\Brandon.X-CORP\Application Data\Sony Ericsson
2007-11-20 16:18 <DIR> d-------- C:\Documents and Settings\Brandon.X-CORP\Application Data\Nero
2007-11-20 16:18 <DIR> d-------- C:\Documents and Settings\Brandon.X-CORP\Application Data\AVG7
2007-11-20 16:04 <DIR> d-------- C:\Documents and Settings\Repair\Application Data\BYOND
2007-11-20 15:46 <DIR> d-------- C:\WINDOWS\speech
2007-11-20 15:46 175,104 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-11-20 15:46 102,400 --a------ C:\WINDOWS\system32\libfaac.dll
2007-11-20 14:39 <DIR> d-------- C:\MuSiK
2007-11-19 19:11 <DIR> d---s---- C:\Documents and Settings\Repair\UserData
2007-11-19 17:54 <DIR> d-------- C:\Documents and Settings\Repair\Contacts
2007-11-19 17:51 <DIR> d-------- C:\Documents and Settings\Repair\Application Data\Teleca
2007-11-19 17:48 <DIR> d-------- C:\Documents and Settings\Repair\Application Data\Nero
2007-11-19 17:47 <DIR> d-------- C:\Documents and Settings\Repair\Application Data\Sony Ericsson
2007-11-19 17:47 <DIR> d-------- C:\Documents and Settings\Repair\Application Data\AVG7
2007-11-17 19:30 82,496 --a------ C:\WINDOWS\system32\kmydycch.dll
2007-11-17 19:27 71,232 --a------ C:\WINDOWS\system32\wammawrp.exe
2007-11-17 19:25 260 --a------ C:\8520.bat
2007-11-17 19:25 77 --a------ C:\Documents and Settings\Stefan\1485.bat
2007-11-17 19:24 36,864 --a------ C:\Documents and Settings\Stefan\services.exe
2007-11-17 17:46 678,220 --ahs---- C:\WINDOWS\system32\nuqutdxr.ini
2007-11-17 17:39 36,352 --a------ C:\WINDOWS\system32\tuvspqp.dll
2007-11-16 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-16 19:32 85,056 --a------ C:\WINDOWS\system32\psvdnhdi.dll
2007-11-16 19:29 81,984 --a------ C:\WINDOWS\system32\piuruwcm.dll
2007-11-16 19:29 71,232 --a------ C:\WINDOWS\system32\jbtrrgla.exe
2007-11-16 18:36 677,920 --ahs---- C:\WINDOWS\system32\fsacglvo.ini
2007-11-16 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-16 18:32 79,936 --a------ C:\WINDOWS\system32\vkqhyeuj.dll
2007-11-16 09:17 81,984 --a------ C:\WINDOWS\system32\sabslyge.dll
2007-11-16 09:17 260 --a------ C:\7188.bat
2007-11-16 09:15 85,056 --a------ C:\WINDOWS\system32\nhjhkpfc.dll
2007-11-16 09:15 294 --ahs---- C:\WINDOWS\system32\cfpkhjhn.ini
2007-11-16 09:12 71,232 --a------ C:\WINDOWS\system32\***dqslf.exe
2007-11-15 20:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-15 16:56 678,280 --ahs---- C:\WINDOWS\system32\jesuwhap.ini
2007-11-15 16:56 85,056 --a------ C:\WINDOWS\system32\pahwusej.dll
2007-11-15 16:56 79,936 --a------ C:\WINDOWS\system32\gbskueqj.dll
2007-11-15 16:55 71,232 --a------ C:\WINDOWS\system32\cxnxrtkg.exe
2007-11-15 15:37 <DIR> d-------- C:\Documents and Settings\Brandon\Application Data\Teleca
2007-11-15 15:33 647,470 --ahs---- C:\WINDOWS\system32\ldorfqiw.ini
2007-11-15 15:33 85,056 --a------ C:\WINDOWS\system32\wiqfrodl.dll
2007-11-15 15:33 79,936 --a------ C:\WINDOWS\system32\nejoocoy.dll
2007-11-15 15:33 71,232 --a------ C:\WINDOWS\system32\lbsxxljx.exe
2007-11-15 15:25 <DIR> d-------- C:\Documents and Settings\Brandon\Application Data\Sony Ericsson
2007-11-15 15:16 85,056 --a------ C:\WINDOWS\system32\uyyppmwg.dll
2007-11-15 15:16 40,960 --a------ C:\Documents and Settings\Stefan\f.exe
2007-11-15 15:16 36,352 --a------ C:\WINDOWS\system32\cbxxutq.dll
2007-11-15 15:16 256 --a------ C:\Documents and Settings\Stefan\z.dat
2007-11-15 15:16 0 --a------ C:\Documents and Settings\Stefan\x.dat
2007-11-15 15:15 36,352 --a------ C:\WINDOWS\system32\mljhedd.dll
2007-11-15 15:14 71,232 --a------ C:\WINDOWS\system32\tilwsvqk.exe
2007-11-15 07:54 669,671 --ahs---- C:\WINDOWS\system32\oufrdaxu.ini
2007-11-15 07:51 79,936 --a------ C:\WINDOWS\system32\nercaevx.dll
2007-11-15 07:48 71,232 --a------ C:\WINDOWS\system32\nkyydxun.exe
2007-11-14 17:58 100,488 -ra------ C:\WINDOWS\system32\drivers\s125mgmt.sys
2007-11-14 17:58 98,696 -ra------ C:\WINDOWS\system32\drivers\s125obex.sys
2007-11-14 13:41 <DIR> d-------- C:\Documents and Settings\Stefan\Application Data\U3
2007-11-14 07:55 <DIR> d-------- C:\Documents and Settings\Stefan\Application Data\Lavasoft
2007-11-14 07:51 79,424 --a------ C:\WINDOWS\system32\cynnhyct.dll
2007-11-14 07:48 671,196 --ahs---- C:\WINDOWS\system32\ubkxjxul.ini
2007-11-14 07:47 71,232 --a------ C:\WINDOWS\system32\tocfngiw.exe
2007-11-13 21:36 <DIR> d-------- C:\Program Files\ImTOO
2007-11-13 18:50 108,680 -ra------ C:\WINDOWS\system32\drivers\s125mdm.sys
2007-11-13 18:50 15,112 -ra------ C:\WINDOWS\system32\drivers\s125mdfl.sys
2007-11-13 18:50 12,424 -ra------ C:\WINDOWS\system32\drivers\s125cmnt.sys
2007-11-13 18:50 12,424 -ra------ C:\WINDOWS\system32\drivers\s125cm.sys
2007-11-13 18:49 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2007-11-13 18:49 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_010 05.Wdf
2007-11-13 18:30 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-11-13 18:30 20,520 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2007-11-13 18:30 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2007-11-13 18:14 <DIR> d-------- C:\Documents and Settings\Stefan\Application Data\Apple Computer
2007-11-13 18:05 <DIR> d-------- C:\Documents and Settings\Stefan\Application Data\Teleca
2007-11-13 18:02 83,336 -ra------ C:\WINDOWS\system32\drivers\s125bus.sys
2007-11-13 18:02 12,424 -ra------ C:\WINDOWS\system32\drivers\s125whnt.sys
2007-11-13 18:02 12,424 -ra------ C:\WINDOWS\system32\drivers\s125wh.sys
2007-11-13 17:23 <DIR> d-------- C:\Documents and Settings\Stefan\Application Data\Sony Ericsson
2007-11-13 17:21 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-11-13 17:21 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-22 02:32 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\MPK
2007-11-22 02:24 --------- d-sh--w C:\Program Files\Free KGB Key Logger
2007-11-21 21:22 --------- d-----w C:\Program Files\VBA
2007-11-21 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-11-21 16:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-21 16:20 --------- d-----w C:\Program Files\Yahoo!
2007-11-20 01:34 --------- d-----w C:\Documents and Settings\Brandon\Application Data\LimeWire
2007-11-18 20:22 --------- d-----w C:\Documents and Settings\Stefan\Application Data\AVG7
2007-11-17 06:30 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\KSP
2007-11-17 02:34 --------- d-----w C:\Program Files\Lavasoft
2007-11-17 02:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 01:14 --------- d-----r C:\Program Files\Ra2
2007-11-14 00:37 80,448 ----a-w C:\WINDOWS\system32\ehirwyac.dll
2007-11-12 20:28 89,664 ----a-w C:\WINDOWS\system32\eunybamd.dll
2007-11-10 17:21 --------- d-----w C:\Documents and Settings\Brandon\Application Data\AVG7
2007-11-09 02:46 --------- d-----w C:\Program Files\ShortKeys2
2007-11-08 03:10 79,936 ----a-w C:\WINDOWS\system32\gmjhdjhi.dll
2007-11-07 00:29 81,472 ----a-w C:\WINDOWS\system32\hpikgtcb.dll
2007-11-07 00:27 71,232 ----a-w C:\WINDOWS\system32\geberuof.exe
2007-11-06 22:56 83,008 ----a-w C:\WINDOWS\system32\ekuaxapl.dll
2007-11-06 01:25 83,008 ----a-w C:\WINDOWS\system32\iadyoqtx.dll
2007-11-05 07:30 83,008 ----a-w C:\WINDOWS\system32\gxjxkgiv.dll
2007-11-04 18:09 78,912 ----a-w C:\WINDOWS\system32\dpcuddrd.dll
2007-11-04 08:59 86,080 ----a-w C:\WINDOWS\system32\defsffwe.dll
2007-11-03 03:03 --------- d-----w C:\Program Files\Apple Software Update
2007-11-02 05:15 --------- d-----w C:\Program Files\Starcraft
2007-11-02 04:37 --------- d-----w C:\Program Files\QuickTime
2007-10-27 21:42 --------- d-----w C:\Program Files\MSN Messenger
2007-10-24 22:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-19 23:42 --------- d-----w C:\Program Files\LiveUpdate
2007-10-11 21:28 --------- d-----w C:\Program Files\Common Files\Nero
2007-10-11 21:23 --------- d-----w C:\Program Files\Nero
2007-10-11 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-10-06 14:00 --------- d-----w C:\Program Files\NOCASH
2007-10-01 15:27 --------- d-----w C:\Program Files\DivX
2007-10-01 15:09 --------- d-----w C:\Program Files\Microsoft Games
2007-10-01 13:22 --------- d-----w C:\Program Files\ArtMoney
2007-10-01 12:05 --------- d-----w C:\Program Files\Alcohol Soft
2007-09-25 11:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-09-25 11:00 --------- d-----w C:\Program Files\IVT Corporation
2007-09-06 20:17 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-21 21:37 700,031 ----a-w C:\Documents and Settings\Random\UBarGen2.2_en.exe
2007-06-15 19:10 19,390 -c--a-w C:\Documents and Settings\Incomplete\downloads.dat
2007-06-09 09:16 4,311 ----a-w C:\Documents and Settings\Random\Guild System_src.zip
2007-04-05 01:48 77,160 -c--a-w C:\Documents and Settings\DIRECTX\DSETUP.dll
2007-04-05 01:48 503,144 -c--a-w C:\Documents and Settings\DIRECTX\DXSETUP.exe
2007-04-05 01:48 1,673,576 -c--a-w C:\Documents and Settings\DIRECTX\dsetup32.dll
2007-01-07 06:24 24,576 ----a-w C:\Documents and Settings\Dragonball Chaos United\Dragonball Chaos United.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))) )))))))
.

---- Directory of C:\Documents and Settings\Repair\Application Data\BYOND ----

2007-11-21 17:46 60 --a------ C:\Documents and Settings\Repair\Application Data\BYOND\cfg\pager.txt
2007-11-21 17:46 40 --a------ C:\Documents and Settings\Repair\Application Data\BYOND\cache\ff2a9575_news.htm
2007-11-21 14:18 693 --a------ C:\Documents and Settings\Repair\Application Data\BYOND\cfg\maker.txt
2007-11-21 14:16 627 --a------ C:\Documents and Settings\Repair\Application Data\BYOND\cfg\hub.txt
2007-11-21 14:16 512 --a------ C:\Documents and Settings\Repair\Application Data\BYOND\lib\lauren\browser\Browser.dme
2007-11-21 14:16 361 --a------ C:\Documents and Settings\Repair\Application Data\BYOND\cfg\MyHub.txt
2007-11-21 14:15 479 --a------ C:\Documents and Settings\Repair\Application Data\BYOND\lib\rcet\browserchat\BrowserChat.dme
2007-11-21 14:13 153 --a------ C:\Documents and Settings\Repair\Application Data\BYOND\cfg\seeker.txt
2007-11-21 14:07 22 --a------ C:\Documents and Settings\Repair\Application Data\BYOND\cfg\byond.txt
2007-11-20 16:40 1090 --a------ C:\Documents and Settings\Repair\Application Data\BYOND\cfg\default.dms
2007-11-20 16:04 70 --a------ C:\Documents and Settings\Repair\Application Data\BYOND\key.txt
2004-03-18 19:24 4234 --a------ C:\Documents and Settings\Repair\Application Data\BYOND\lib\chase_hammer\easyhouses\Houses.dm
2003-10-02 19:14 2176 --a------ C:\Documents and Settings\Repair\Application Data\BYOND\lib\lauren\browser\Browser.dm
2003-10-02 19:14 207 --a------ C:\Documents and Settings\Repair\Application Data\BYOND\lib\lauren\browser\GM.dm
2003-10-02 18:58 136 --a------ C:\Documents and Settings\Repair\Application Data\BYOND\lib\lauren\browser\Information.dm
2002-02-17 10:35 887 --a------ C:\Documents and Settings\Repair\Application Data\BYOND\lib\rcet\browserchat\BrowserChat.dm

Last edited by Jintan; November 24th, 2007 at 02:28 AM. Reason: Removed code tags
Reply With Quote
  #10  
Old November 23rd, 2007, 03:02 PM
Ryli Ryli is offline
Member
 
Join Date: Nov 2007
Posts: 59
Sorry delete this......

Last edited by Ryli; November 23rd, 2007 at 03:09 PM.
Reply With Quote
  #11  
Old November 23rd, 2007, 03:08 PM
Ryli Ryli is offline
Member
 
Join Date: Nov 2007
Posts: 59
CombofixLog Cont...

---- Directory of C:\MuSiK ----

2007-11-03 17:16 8089698 --------- C:\MuSiK\R.Kelly - Double Up - Same Girl ft Usher.mp3
2007-11-03 17:09 4888767 --------- C:\MuSiK\Ding Dong - Bad Man Forward.mp3
2007-11-03 17:09 1091336 --------- C:\MuSiK\Pokemon Thong Song.mp3
2007-11-03 17:07 6661319 --------- C:\MuSiK\Im Sorry I Cant Be Perfect.mp3
2007-11-03 17:07 6039331 --------- C:\MuSiK\Kiss Kiss.mp3
2007-11-03 17:07 5135619 --------- C:\MuSiK\Dance Dance.mp3
2007-11-03 17:07 3509403 --------- C:\MuSiK\Crank Dat Road Runner.mp3
2007-11-03 17:07 2806080 --------- C:\MuSiK\Deh Yah Pon Di Gully Side.mp3
2007-11-03 17:06 5392864 --------- C:\MuSiK\Wacky Dip.mp3
2007-11-03 17:06 5319308 --------- C:\MuSiK\Do It.mp3
2007-11-03 17:06 3567664 --------- C:\MuSiK\I'm a wigger.mp3
2007-11-03 17:05 5309166 --------- C:\MuSiK\Sexy Love.mp3
2007-11-03 17:05 4412804 --------- C:\MuSiK\So Sick.mp3
2007-11-03 17:05 3744008 --------- C:\MuSiK\I Write Sins Not Tragedies.mp3
2007-11-03 17:05 2864607 --------- C:\MuSiK\Irreplaceable (Male Version).mp3
2007-11-03 17:04 2160603 --------- C:\MuSiK\When You're Mad.mp3
2007-11-03 17:03 6167491 --------- C:\MuSiK\Crank Dat Lion King.mp3
2007-11-03 17:03 6155010 --------- C:\MuSiK\Make Me Bettermp3.mp3
2007-11-03 17:03 3788769 --------- C:\MuSiK\Big girls don't cry RMX.mp3
2007-10-29 02:06 3264522 --------- C:\MuSiK\Movado - Amazing Grace.mp3
2007-10-29 01:26 2784041 --------- C:\MuSiK\Don't Wanna Be You.mp3
2007-10-29 00:56 6331981 --------- C:\MuSiK\Thanks For The Memories.mp3
2007-10-29 00:49 8089698 --------- C:\MuSiK\Same Girl.mp3
2007-10-29 00:39 3569523 --------- C:\MuSiK\You Don't Mean Anything.mp3
2007-10-29 00:09 3628348 --------- C:\MuSiK\Crank Dat Jump Rope.mp3
2007-10-29 00:06 5421414 --------- C:\MuSiK\Shut Up and Drive.mp3
2007-10-28 23:52 5361664 --------- C:\MuSiK\Say It Right.mp3
2007-10-28 23:43 5909196 --------- C:\MuSiK\Promiscious.mp3
2007-10-28 23:39 5179520 --------- C:\MuSiK\Girlfriend.mp3
2007-10-28 23:29 2836776 --------- C:\MuSiK\Squeeze Breast
2007-10-13 08:03 75 ---hs---- C:\MuSiK\Desktop.ini
2007-09-26 07:58 4707509 --------- C:\MuSiK\Straight Happiness (Inevitable Riddim).mp3
2007-09-26 07:58 3993861 --------- C:\MuSiK\How gun rise (Ghetto whisky riddim).mp3
2007-09-26 07:58 1038337 --------- C:\MuSiK\voicemail - get down on it.mp3
2007-09-26 07:57 4597798 --------- C:\MuSiK\(Gangsta Rock Riddim) Idonia - Run Away.mp3
2007-09-26 07:57 4394510 --------- C:\MuSiK\(Dem Time Deh Riddim) Ukku bit.mp3
2007-09-26 07:56 2717183 --------- C:\MuSiK\Buka Buka - Bill Back Riddim.mp3
2007-09-25 03:55 1684838 --------- C:\MuSiK\QQ- tek it to dem.mp3
2007-09-25 03:50 3141760 --------- C:\MuSiK\Anthony B- Tease Her.mp3
2007-09-09 14:37 9582078 --------- C:\MuSiK\Wake Me Up Inside.mp3
2007-09-09 14:37 5589546 --------- C:\MuSiK\Longing for.mp3
2007-09-09 14:37 4458912 --------- C:\MuSiK\Stay far from we.mp3
2007-09-09 14:37 3962174 --------- C:\MuSiK\The Sweet Escapemp3.mp3
2007-09-09 14:36 511956 --------- C:\MuSiK\(Laffy Taffy Riddim)Nuh Nyamy Nyamymp3.mp3
2007-09-09 14:36 3764573 --------- C:\MuSiK\You Had a Bad Daymp3.mp3
2007-09-09 14:19 4042648 --------- C:\MuSiK\Party Like A Rockstarmp3.mp3
2007-09-09 14:18 9131680 --------- C:\MuSiK\Party Like A Rockstar RMX.mp3
2007-09-07 20:12 7132308 --------- C:\MuSiK\ JamaicanThis Is Why We Hot mp3.mp3
2007-09-07 18:55 4718662 --------- C:\MuSiK\Crank Dat Rosovelt.mp3
2007-09-07 18:18 7121650 --------- C:\MuSiK\Crank Dat Superman.mp3
2007-09-07 18:18 3970845 --------- C:\MuSiK\Crank Dat Spiderman.mp3
2007-09-07 18:18 3871883 --------- C:\MuSiK\Crank Dat Batman.mp3
2007-09-04 17:12 5210679 --------- C:\MuSiK\DJ Unk - 2 Step.mp3
2007-09-04 16:51 6557696 --------- C:\MuSiK\Kanye West - Can't Tell Me Nothing.mp3
2007-09-04 16:51 6471097 --------- C:\MuSiK\Kanye West - Stronger.mp3
2007-09-04 16:51 3308818 --------- C:\MuSiK\Jibbs Feat.Chamillionare - King Kong.mp3
2007-09-04 16:49 5603277 --------- C:\MuSiK\because of you.mp3
2007-09-04 16:49 5005312 --------- C:\MuSiK\Ne-Yo - Make It Work.mp3
2007-09-04 16:45 5157582 --------- C:\MuSiK\Beanie Man-King Of The Dance Hall.mp3
2007-09-04 16:44 5312561 --------- C:\MuSiK\UGK feat. Outkast - International Playas Anthem.mp3
2007-09-04 16:41 7659163 --------- C:\MuSiK\Imma Flirt.mp3
2007-09-04 16:38 4295357 --------- C:\MuSiK\T-Pain ft. Akon - Bartender.mp3
2007-08-21 13:41 4918901 --------- C:\MuSiK\05 Chuck Baby.mp3
2007-08-12 01:54 2086793 --------- C:\MuSiK\Makes Me Happy.mp3
2007-08-12 01:44 4476387 --------- C:\MuSiK\The Great Escape.mp3
2007-08-12 01:40 5194981 --------- C:\MuSiK\The Ebay Song.mp3
2007-08-12 01:39 4814452 --------- C:\MuSiK\Headstrong.mp3
2007-08-12 01:31 6298095 --------- C:\MuSiK\Boulevard of Broken Dreams.mp3
2007-08-12 01:08 5826863 --------- C:\MuSiK\Addicted.mp3
2007-08-12 01:08 4782777 --------- C:\MuSiK\Jump.mp3
2007-08-12 01:08 3411881 --------- C:\MuSiK\I'd Do Anything.mp3
2007-08-12 01:08 3259098 --------- C:\MuSiK\I'm Just A Kid.mp3
2007-08-12 00:56 5733465 --------- C:\MuSiK\Part Of Me .mp3
2007-08-12 00:55 4428558 --------- C:\MuSiK\My December.mp3
2007-08-12 00:53 5438478 --------- C:\MuSiK\Somewhere I Belong.mp3
2007-08-12 00:45 5019781 --------- C:\MuSiK\Breaking the Habit.mp3
2007-08-12 00:37 5328274 --------- C:\MuSiK\Crawling.mp3
2007-08-05 23:48 9339356 --------- C:\MuSiK\Buy U A Drank (Shawty Snappin`)mp3.mp3
2007-08-01 13:34 4524709 --------- C:\MuSiK\From the Inside.mp3
2007-08-01 13:12 6888864 --------- C:\MuSiK\Big Girls Don't Cry.mp3
2007-08-01 13:11 5869940 --------- C:\MuSiK\Mama Africa.mp3
2007-08-01 13:08 3897364 --------- C:\MuSiK\What I've Done.mp3
2007-08-01 12:39 5003524 --------- C:\MuSiK\Super Xero.mp3
2007-08-01 12:38 6579233 --------- C:\MuSiK\No More Sorrow.mp3
2007-08-01 12:35 4049616 --------- C:\MuSiK\One Step Closer.mp3
2007-08-01 12:33 4758955 --------- C:\MuSiK\Paper Cut.mp3
2007-08-01 12:29 4812894 --------- C:\MuSiK\Numbmp3.mp3
2007-08-01 12:29 4640199 --------- C:\MuSiK\In the End.mp3
2007-08-01 12:29 4203357 --------- C:\MuSiK\Faintmp3.mp3
2007-08-01 11:14 10068260 --------- C:\MuSiK\Church Heathen - Shaggy.mp3
2007-08-01 11:13 5648711 --------- C:\MuSiK\Lean Wit It, Rock Wit It - Main LP Mixmp3.mp3
2007-08-01 11:12 4176286 --------- C:\MuSiK\Umbrellamp3.mp3
2007-08-01 11:12 3871477 --------- C:\MuSiK\I Am In Love With A Strippermp3.mp3
2007-08-01 11:12 3614842 --------- C:\MuSiK\Hot ****mp3.mp3
2007-08-01 11:11 5683134 --------- C:\MuSiK\Runaway Lovemp3.mp3
2007-08-01 11:11 3611294 --------- C:\MuSiK\Feel Good Incmp3.mp3
2007-08-01 11:11 3072350 --------- C:\MuSiK\This Is Why I Am Hotmp3.mp3
2007-08-01 11:10 7778497 --------- C:\MuSiK\Tambourinemp3.mp3
2007-08-01 11:10 6552626 --------- C:\MuSiK\Glamarousmp3.mp3
2007-08-01 11:10 4272266 --------- C:\MuSiK\Driver.mid.mp3
2007-07-18 20:36 2548730 --------- C:\MuSiK\Wine Pon It.mp3
2007-07-18 20:31 2121605 --------- C:\MuSiK\Gangstas Do Them Own Thing.mp3
2007-07-10 11:58 3342379 --------- C:\MuSiK\Encore.mp3
2007-07-09 23:02 5879936 --------- C:\MuSiK\Life.mp3
2007-07-09 22:48 3302758 --------- C:\MuSiK\Mi Bad From Mi Born.mp3
2007-07-09 22:40 9771348 --------- C:\MuSiK\Touch di road.mp3
2007-07-09 22:40 1995691 --------- C:\MuSiK\Na Na Na nA.mp3
2007-07-09 22:39 1517568 --------- C:\MuSiK\Can cook.mp3
2007-07-09 22:08 4594450 --------- C:\MuSiK\Going down.mp3
2007-07-08 20:44 5379011 --------- C:\MuSiK\Beautiful Girl.mp3
2007-06-19 13:58 5779828 --------- C:\MuSiK\Bonanza.mp3
2007-06-19 13:57 7174906 --------- C:\MuSiK\Dont Mattermp3.mp3
2007-06-19 13:57 6227820 --------- C:\MuSiK\Smack Thatmp3.mp3
2007-06-19 13:57 5365672 --------- C:\MuSiK\I Wanna **** Yoump3.mp3
2007-06-19 13:57 5079960 --------- C:\MuSiK\Candy Shopmp3.mp3
2007-06-19 13:57 4418357 --------- C:\MuSiK\Reloadmp3.mp3
2007-06-19 13:56 4823519 --------- C:\MuSiK\Sen fi di gunzmp3.mp3
2007-06-19 13:56 4019883 --------- C:\MuSiK\Come Frommp3.mp3
2007-06-19 13:56 3827187 --------- C:\MuSiK\Just A Little Bitmp3.mp3
2007-06-19 13:56 2928560 --------- C:\MuSiK\Ole War Mungaamp3.mp3
2007-06-19 13:52 6901331 --------- C:\MuSiK\Kick Pushmp3.mp3
2007-06-19 13:48 6151821 --------- C:\MuSiK\Umbrella RMXmp3.mp3
2007-06-19 13:41 5722302 --------- C:\MuSiK\99 Problems.mp3
2007-06-18 13:43 3658209 --------- C:\MuSiK\Gimmi deh Light.mp3
2007-06-18 12:53 5761537 --------- C:\MuSiK\Reggae Pon de River.mp3
2007-06-18 01:08 5106046 --------- C:\MuSiK\Makes Me Wonder.mp3
2007-06-18 00:54 5690314 --------- C:\MuSiK\Clothes Off.mp3
2007-06-18 00:54 4617305 --------- C:\MuSiK\This Thing Called Life.mp3
2007-06-18 00:53 6048019 --------- C:\MuSiK\Make It Rain (Dirty).mp3
2007-06-17 19:12 4124426 --------- C:\MuSiK\Ghetto Storymp3.mp3
2007-06-17 18:48 7385347 --------- C:\MuSiK\Dangerously In Love With Yoump3.mp3
2007-06-17 18:45 3863634 --------- C:\MuSiK\Let Me Hold Yoump3.mp3
2007-06-17 18:40 13033481 --------- C:\MuSiK\Touch Itmp3.mp3
2007-06-17 18:38 4148530 --------- C:\MuSiK\Lip Gloss.mp3
2007-06-17 18:25 3794712 --------- C:\MuSiK\Goodaz Fi Dem.mp3
2007-06-17 18:09 3407006 --------- C:\MuSiK\Jesus Walks.mp3
2007-06-17 18:08 6799830 --------- C:\MuSiK\Ordinary People.mp3
2007-06-17 01:46 3007812 --------- C:\MuSiK\Wait (The Whisper Song).mp3
2007-06-17 01:40 6632806 --------- C:\MuSiK\Ms Jackson.mp3
2007-06-17 01:40 6040854 --------- C:\MuSiK\So Fresh So Clean.mp3
2007-06-17 01:39 6223949 --------- C:\MuSiK\She Will Be Loved.mp3
2007-06-16 23:42 3794264 --------- C:\MuSiK\Give It To Me.mp3
2007-06-16 23:42 3463157 --------- C:\MuSiK\Promiscuous Girl.mp3
2007-06-16 23:36 5957486 --------- C:\MuSiK\EminCleaning Out My Closet.mp3
2007-06-16 22:41 5374591 --------- C:\MuSiK\Reggae -Serious timesmp3.mp3
2007-06-16 21:33 662893 --------- C:\MuSiK\Get So High.mp3
2007-06-16 21:33 1235857 --------- C:\MuSiK\Love Di CookumCum.mp3
2007-06-16 19:16 2402944 --------- C:\MuSiK\(Msn Riddim) Step Out Remix.mp3
2007-06-16 19:03 4408351 --------- C:\MuSiK\(Drop Leaf Riddim) It's Ok.mp3
2007-06-14 22:30 7645013 --------- C:\MuSiK\Rush.mp3
2007-06-14 22:30 4419078 --------- C:\MuSiK\Shorty Like Minemp3.mp3
2007-06-14 22:30 3121097 --------- C:\MuSiK\Shake It n Jiggle Itmp3.mp3
2007-06-14 22:16 5487979 --------- C:\MuSiK\Talk to demmp3.mp3
2007-06-14 22:16 5101728 --------- C:\MuSiK\Soul Survivormp3.mp3
2007-06-14 22:16 4535820 --------- C:\MuSiK\When You Cry I Crymp3.mp3
2007-06-14 22:16 4494867 --------- C:\MuSiK\Snap Ya Fingersmp3.mp3
2007-06-14 22:16 4211313 --------- C:\MuSiK\White & Nerdymp3.mp3
2007-06-14 22:16 3884875 --------- C:\MuSiK\SOSmp3.mp3
2007-06-14 22:16 3764404 --------- C:\MuSiK\We on Firemp3.mp3
2007-06-14 22:15 6270436 --------- C:\MuSiK\Oh I Think They Like Memp3.mp3
2007-06-14 22:15 6078323 --------- C:\MuSiK\Riding Dirtymp3.mp3
2007-06-14 22:15 4069921 --------- C:\MuSiK\ohhmp3.mp3
2007-06-14 22:15 2966040 --------- C:\MuSiK\Slob On My Knobmp3.mp3
2007-06-10 23:45 7442980 --------- C:\MuSiK\It Ends Tonight.mp3
2007-06-10 23:45 5710056 --------- C:\MuSiK\No new friendmp3.mp3
2007-06-10 23:45 5264970 --------- C:\MuSiK\Lovemp3.mp3
2007-06-10 23:45 4856208 --------- C:\MuSiK\Its Going Downmp3.mp3
2007-06-10 23:45 3822589 --------- C:\MuSiK\I'm Sprung.mp3
2007-06-10 23:25 5030706 --------- C:\MuSiK\I Know You See It.mp3
2007-06-10 23:25 4262291 --------- C:\MuSiK\Ice Box.mp3
2007-06-10 23:13 7552470 --------- C:\MuSiK\I Love My Chickmp3.mp3
2007-06-10 23:13 6640119 --------- C:\MuSiK\If It's Loving That You Wantmp3.mp3
2007-06-10 23:13 3799702 --------- C:\MuSiK\I Hate Everything About You.mp3
2007-06-08 15:40 5235509 --------- C:\MuSiK\I Feel Somp3.mp3
2007-06-08 15:39 5230522 --------- C:\MuSiK\Hate It or Love It.mp3
2007-06-08 15:39 5122252 --------- C:\MuSiK\Hey Ya.mp3
2007-06-08 15:11 6074987 --------- C:\MuSiK\Cupids Chokehold.mp3
2007-06-08 15:00 4963025 --------- C:\MuSiK\ball dem a ballmp3.mp3
2007-06-07 21:54 6270327 --------- C:\MuSiK\Unwritten.mp3
2007-05-29 22:43 7612440 --------- C:\MuSiK\Like Toy Soldiers.mp3
2007-05-14 17:01 5989151 --------- C:\MuSiK\You.mp3
2007-05-14 17:01 5166047 --------- C:\MuSiK\Too Little Too Late.mp3
2007-05-12 21:26 9137244 --------- C:\MuSiK\Irreplaceable.mp3
2007-05-12 21:26 6857817 --------- C:\MuSiK\Say Goodbye.mp3
2007-05-12 21:26 5750062 --------- C:\MuSiK\Shake Your Money Maker.mp3
2007-05-12 21:26 5050664 --------- C:\MuSiK\Sexyback.mp3
2007-05-12 21:26 3821132 --------- C:\MuSiK\Locke'd Up.mp3
2007-05-12 21:20 7864128 --------- C:\MuSiK\Give it up to me.mp3
2007-05-12 21:20 3346788 --------- C:\MuSiK\Like You.mp3
2007-05-12 21:20 2597544 --------- C:\MuSiK\I Know.mp3
2007-05-04 20:31 5296379 --------- C:\MuSiK\Why You Wanna Go And Do That.mp3
2007-05-04 20:31 4989066 --------- C:\MuSiK\What You Know.mp3
2007-05-04 20:27 5141685 --------- C:\MuSiK\Temperature.mp3
2007-05-04 20:25 4650656 --------- C:\MuSiK\Unfaithful.mp3
2007-05-04 20:08 5423166 --------- C:\MuSiK\Show Me What You Got.mp3
2007-05-04 20:03 6295636 --------- C:\MuSiK\Willy Bounce.mp3
2007-05-04 19:50 6567963 --------- C:\MuSiK\Fresh Azimiz.mp3
2007-05-04 19:44 5152972 --------- C:\MuSiK\Move Along.mp3
2007-05-04 19:43 5762938 --------- C:\MuSiK\MrLonely.mp3
2007-04-30 15:48 3831168 --------- C:\MuSiK\gangsta for life.mp3
2007-01-14 14:08 5507696 --------- C:\MuSiK\Kingfish Ah Come.mp3
2007-01-07 20:32 5522158 --------- C:\MuSiK\Busy Signal & Movado - Ful Clip(Angrier management riddim).mp3
2006-12-26 00:10 5533808 --------- C:\MuSiK\Heaven Only Knows.mp3
2006-12-26 00:10 5356854 --------- C:\MuSiK\Stay With You.mp3
2006-12-25 23:53 4194415 --------- C:\MuSiK\Alliance U Dis(Bullet) - 12 Gauge Riddim.mp3

---- Directory of C:\Program Files\NOCASH ----

2007-07-01 14:57 154351 --a--c--- C:\Program Files\NOCASH\NO$GBA.EXE


((((((((((((((((((((((((((((( snapshot@2007-11-21_22.43.35.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-23 00:23:39 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-08 10:02]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 09:59]
"Persistence"="C:\WINDOWS\system32\igfxpers.ex e" [2005-06-08 10:03]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 C:\WINDOWS\ALCXMNTR.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"Cmaudio"="RunDll32 cmicnfg.cpl" []
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 08:25]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-09-06 03:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""

R2 windrvNT;windrvNT;\??\C:\WINDOWS\system32\windrvNT .sys
R3 FVNETusb(505 2958)(R); FVNETusb(505 2958)(R) Service for CNet Wireless LAN 11Mbps USB Adapter;C:\WINDOWS\system32\DRIVERS\vnet558x.sys
R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter .sys
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-16 03:07:35 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-22 16:24:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

************************************************** ************************
.
Completion time: 2007-11-22 16:31:56 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-21 22:48
.
--- E O F ---

Last edited by Jintan; November 24th, 2007 at 02:30 AM. Reason: Removed code tags
Reply With Quote
  #12  
Old November 23rd, 2007, 03:08 PM
Ryli Ryli is offline
Member
 
Join Date: Nov 2007
Posts: 59
Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:11 AM, on 11/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CNet\802.11 Wireless LAN\CNETWlanMonitor.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchhereonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Program Files\KGB\Mpk.exe
O4 - Global Startup: CNet Wireless Utility.lnk = ?
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - C:/xampp/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 6864 bytes

Last edited by Jintan; November 24th, 2007 at 02:31 AM. Reason: Removed code tags
Reply With Quote
  #13  
Old November 24th, 2007, 02:55 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,807
I took the liberty of removing the "Code" tags you posted with - makes it very difficult to accurately review the information posted and I don't want to miss anything. I see now it would have been better to just ask about that music folder. The active startup processes are not showing here, but a heck of a pattern of infection file recreation is occurring. The ones showing now are from an earlier date, so let's see if this will repeat itself and recreate. Be sure when doing these scans, normal or Safe Mode, you disconnect from net access, to keep anything new from downloading while repairs are underway.

You will want to print or have access to a copy of these steps, as they will be done in Safe Mode and/or without net access.


Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

Code:
KillAll::
File::
C:\WINDOWS\system32\kmydycch.dll
C:\WINDOWS\system32\wammawrp.exe
C:\8520.bat
C:\Documents and Settings\Stefan\1485.bat
C:\Documents and Settings\Stefan\services.exe
C:\WINDOWS\system32\nuqutdxr.ini
C:\WINDOWS\system32\tuvspqp.dll
C:\WINDOWS\system32\psvdnhdi.dll
C:\WINDOWS\system32\piuruwcm.dll
C:\WINDOWS\system32\jbtrrgla.exe
C:\WINDOWS\system32\fsacglvo.ini
C:\WINDOWS\system32\vkqhyeuj.dll
C:\WINDOWS\system32\sabslyge.dll
C:\7188.bat
C:\WINDOWS\system32\nhjhkpfc.dll
C:\WINDOWS\system32\cfpkhjhn.ini
C:\WINDOWS\system32\***dqslf.exe
C:\WINDOWS\system32\jesuwhap.ini
C:\WINDOWS\system32\pahwusej.dll
C:\WINDOWS\system32\gbskueqj.dll
C:\WINDOWS\system32\cxnxrtkg.exe
C:\WINDOWS\system32\ldorfqiw.ini
C:\WINDOWS\system32\wiqfrodl.dll
C:\WINDOWS\system32\nejoocoy.dll
C:\WINDOWS\system32\lbsxxljx.exe
C:\WINDOWS\system32\uyyppmwg.dll
C:\Documents and Settings\Stefan\f.exe
C:\WINDOWS\system32\cbxxutq.dll
C:\Documents and Settings\Stefan\z.dat
C:\Documents and Settings\Stefan\x.dat
C:\WINDOWS\system32\mljhedd.dll
C:\WINDOWS\system32\tilwsvqk.exe
 C:\WINDOWS\system32\oufrdaxu.ini
C:\WINDOWS\system32\nercaevx.dll
C:\WINDOWS\system32\nkyydxun.exe
C:\WINDOWS\system32\cynnhyct.dll
C:\WINDOWS\system32\ubkxjxul.ini
C:\WINDOWS\system32\tocfngiw.exe
C:\WINDOWS\system32\ehirwyac.dll
C:\WINDOWS\system32\eunybamd.dll
C:\WINDOWS\system32\gmjhdjhi.dll
C:\WINDOWS\system32\hpikgtcb.dll
C:\WINDOWS\system32\geberuof.exe
C:\WINDOWS\system32\ekuaxapl.dll
C:\WINDOWS\system32\iadyoqtx.dll
C:\WINDOWS\system32\gxjxkgiv.dll
C:\WINDOWS\system32\dpcuddrd.dll
C:\WINDOWS\system32\defsffwe.dll
Again save this as "CFScript"

(include the "quotation marks" with the name)




Referring to the picture above, drag CFScript.txt into ComboFix.exe

ComboFix will now run as it did before. When the command window opens, select 1 (and Enter). Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

---------------------------

Download Dr.Web CureIt! from here to your Desktop. Don't do anything else with this just yet.

Also open and update SUPERAntiSpyware, but don't scan just yet.

===============================================


Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode). Make sure not Safe Mode with Networking.

Open SUPERAntiSpyware and click the Scan your Computer button. You may need to start SUPERAntiSpyware, then right click the Taskbar icon (the little bug shaped icon) and select "Scan for Spyware, Adware, Malware..." to access the scan panel. Making sure that Fixed Drive (NTFS) is checked (typically the C Drive), check "Perform Complete Scan", then click Next. SUPERAntiSpyware will now complete a system scan.


SUPERAntiSpyware will now scan your computer and when its finished it will list all the infections it has found. Make sure that they all have a check next to them and click next. If prompted allow the reboot, but once a complete reboot is done reboot back into Safe Mode for the next step (only necessary if Super brings a reboot).

------------------------


Still in Safe Mode doubleclick the drweb-cureit.exe file and allow it to run the express scan. This is a short scan and will scan all files currently running in memory. If something is found, click the Yes button when it asks you if you want to cure it.

Once the short scan has finished, doubleclick on the Icon for the drive that you want to scan > OS (C) A red dot will appear to indicate the drive has been selected. Click the green arrow > to the right and the scan will begin. At the first sign of infection, Select 'Yes to all' if it asks if you want to cure/move the file.

When the scan has finished, click the "Select all/Select none" toggle button on the lefthand side (next to where it says "Object". It will show a red tick if incurable files have been found) and then click the green cup icon below and select Move incurable. This will move any infected files to the %userprofile%\DoctorWeb\quarantine folder that can't be cured.

Next and this is important, from the main Dr.Web CureIt menu (top left), click File and choose save report list and save the report to your desktop. The report will be called DrWeb.csv and it can be opened in Notepad.

Close Cureit and restart your computer to completely remove any stubborn files.

--------------------------

After the reboot open SUPERAntiSpyware again (double click the bug-shaped Taskbar icon).

Click Preferences, then under the Statistics/Logs tab, click to select the most recent Scan Log, then click View Log. Save the log to your desktop, and copy/paste the text from the log back here, along with the DrWeb.csv log and the ComboFix.txt log please.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 01:05 PM.