Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Getting Owned by Spyware , plz help asap

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Getting Owned by Spyware , plz help asap

Reply
Page 1 of 2 1 2
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 16-06-2007, 06:47 AM
Full Member
New Recruit
  
Join Date: Jan 2006
Posts: 71
thepHaZeD1 Is a beginner here at D-A-L
Getting Owned by Spyware , plz help asap
i have like 10 unknown unwanted programs , giving me massive popups and killing my pc's speed.....Heres the log , thx...


Logfile of HijackThis v1.99.1
Scan saved at 11:44:30 PM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\csrss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hailey\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=w...fT7JuLjEDRZ58v
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WIND OWS\SNOWNOIT.EXE
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\wnlwxeux.dll",realset
O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B34E699-3C62-4074-9350-AC324996B627}: NameServer = 68.12.16.25,68.12.16.30
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Network DDE DSDM NetDDEdsdmxmlprov (NetDDEdsdmxmlprov) - Unknown owner - c:\squix.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 16-06-2007, 05:08 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Getting Pwned by Spyware , plz help asap
Welcome,


You got the bigguns' alright



Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log




Thanks,


Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.




Before posting a new hijackthis log please do it this way:

Create a folder on your desktop by right clicking an empty area and select "new" then select "folder", name folder HJT and move hijackthis into this folder.



Please go to hijackthis.exe and right click on it and then click on rename and rename it to foolyou.exe, press enter
and post a new log from the newly renamed hijackthis.exe. Sometimes malware hides from hijackthis.exe.


Thanks
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 17-06-2007, 05:49 AM
Full Member
New Recruit
  
Join Date: Jan 2006
Posts: 71
thepHaZeD1 Is a beginner here at D-A-L
Re: Getting Pwned by Spyware , plz help asap
Ok heres the report from SDFix and a new hjt log..


SDFix: Version 1.88

Run by Owner on Sat 06/16/2007 at 07:14 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Owner\Desktop\NEWFOL~3\SDFix

Safe Mode:
Checking Services:

Name:
core

ImagePath:
system32\drivers\core.sys

core - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Resetting AppInit_DLLs value


Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\CBO3UB~1.HTM - Deleted
C:\618795~1 - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\1.dllb - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\2.dllb - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\5.dllb - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\6.dllb - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\7.dllb - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\1.dllb - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\2.dllb - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\5.dllb - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\6.dllb - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\7.dllb - Deleted
C:\Documents and Settings\Hailey\Local Settings\Temp\stdrun12.exe - Deleted
C:\Documents and Settings\Hailey\Local Settings\Temp\stdrun2.exe - Deleted
C:\Documents and Settings\Hailey\Local Settings\Temp\stdrun3.exe - Deleted
C:\Documents and Settings\Hailey\Local Settings\Temp\stdrun7.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun1.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun10.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun11.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun12.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun13.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun14.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun15.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun16.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun17.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun18.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun19.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun2.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun20.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun21.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun22.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun23.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun24.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun25.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun26.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun27.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun28.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun29.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun3.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun30.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun31.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun32.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun33.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun34.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun35.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun36.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun37.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun38.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun39.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun4.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun40.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun41.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun42.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun43.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun44.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun45.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun46.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun47.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun48.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun49.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun5.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun50.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun51.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun52.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun53.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun54.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun55.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun56.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun57.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun58.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun59.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun6.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun60.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun61.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun62.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun63.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun64.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun65.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun66.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun67.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun68.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun69.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun7.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun70.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun71.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun72.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun73.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun74.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun75.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun76.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun77.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun78.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun79.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun8.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun80.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun81.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun82.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun83.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun84.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun85.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun86.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun87.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun88.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun89.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun9.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun90.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun91.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun92.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun93.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun1.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun10.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun100.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun101.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun102.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun103.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun104.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun11.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun12.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun13.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun14.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun15.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun16.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun17.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun18.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun19.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun2.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun20.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun21.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun22.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun23.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun24.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun25.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun26.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun27.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun28.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun29.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun3.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun30.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun31.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun32.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun33.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun34.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun35.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun36.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun37.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun38.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun39.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun4.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun40.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun41.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun42.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun43.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun44.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun45.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun46.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun47.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun48.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun49.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun5.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun50.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun51.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun52.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun53.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun54.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun55.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun56.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun57.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun58.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun59.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun6.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun60.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun61.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun62.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun63.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun64.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun65.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun66.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun67.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun68.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun69.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun7.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun70.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun71.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun72.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun73.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun74.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun75.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun76.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun77.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun78.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun79.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun8.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun80.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun81.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun82.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun83.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun84.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun85.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun86.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun87.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun88.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun89.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun9.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun90.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun91.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun92.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun93.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun94.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun95.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun96.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun97.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun98.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun99.exe - Deleted
C:\WINDOWS\abc5026def.exe - Deleted
C:\Documents and Settings\Owner\Application Data\Install.dat - Deleted
C:\U.exe - Deleted
C:\WINDOWS\avp.exe - Deleted
C:\WINDOWS\csrss.exe - Deleted
C:\WINDOWS\services.dll - Deleted
C:\WINDOWS\smanager.7.exe - Deleted
C:\WINDOWS\smgr.exe - Deleted
C:\WINDOWS\system32\advvpi32.dll - Deleted
C:\WINDOWS\system32\driver.exe - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\drivers\core.sys - Deleted
C:\WINDOWS\system32\drivers\uzcx.exe - Deleted
C:\WINDOWS\system32\ipv6monq.dll - Deleted
C:\WINDOWS\system32\ipv6monr.dll - Deleted
C:\WINDOWS\system32\ipv6mons.dll - Deleted
C:\WINDOWS\system32\ldcore.dll - Deleted
C:\WINDOWS\system32\ldinfo.ldr - Deleted
C:\WINDOWS\system32\sysmon32.exe - Deleted
C:\WINDOWS\update.exe - Deleted
C:\WINDOWS\winhp32.exe - Deleted
C:\WINDOWS\Temp\win*.tmp - Deleted



Removing Temp Files...

ADS Check:

Checking C:\WINDOWS\
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yah oo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Dynamix\\TRIBES\\Tribes.exe"="C:\\Dynamix\\TR IBES\\Tribes.exe:*:Enabled:Starsiege TRIBES"
"C:\\[eX]MIRC\\mirc.exe"="C:\\[eX]MIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\TMD-Recruit\\mirc.exe"="C:\\TMD-Recruit\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\StreamCast\\Morpheus\\MorphEXE.exe"="C:\\Pr ogram Files\\StreamCast\\Morpheus\\MorphEXE.exe:*:Enable d:Morpheus"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1159663210\\ee\\aolsoftware.exe"="C:\\ Program Files\\Common Files\\AOL\\1159663210\\ee\\aolsoftware.exe:*:Enab led:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1159663210\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1159663210\\ee\\aim6.exe:*:Enabled:AIM "
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer .exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\Owner\Desktop\NEWFOL~3\SDFix\backups\b ackups.zip

Listing Files with Hidden Attributes:

C:\WINDOWS\SYSTEM32\jkhhe.dll
C:\WINDOWS\SYSTEM32\ssqpp.dll
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@R1A08.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@R1A0A.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@R1A0C.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@R1A0E.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@R1A10.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@R1A12.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@R1A14.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@R1A17.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@R1A19.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@S1A09.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@S1A0B.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@S1A0D.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@S1A0F.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@S1A11.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@S1A13.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@S1A15.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@S1A18.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@S1A1A.tmp
C:\WINDOWS\SYSTEM32\csnpimev.tmp
C:\WINDOWS\SYSTEM32\ppqss.tmp
C:\WINDOWS\SYSTEM32\ututv.tmp

HJT Log..

Logfile of HijackThis v1.99.1
Scan saved at 10:48:08 PM, on 6/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hailey\Desktop\foolyou.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=w...fT7JuLjEDRZ58v
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1600BDFA-8C02-4F06-A20C-3B9AEA26BE22} - C:\WINDOWS\system32\ugluonyv.dll
O2 - BHO: (no name) - {2252CC30-2908-4697-B044-79865A700FBE} - C:\WINDOWS\system32\ssqpp.dll
O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\Documents and Settings\Hailey\52383811.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\pgmvamec.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: (no name) - {A0697931-CCD5-4EA3-8CCD-743608DF7F20} - C:\WINDOWS\system32\rqrooon.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelp er.dll (file missing)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\jkumaarb.dll
O2 - BHO: (no name) - {E4749367-DEEC-4BAC-9D1A-BA8703BDE1B0} - C:\WINDOWS\system32\vtutu.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\hbvcnooi.dll",realset
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B34E699-3C62-4074-9350-AC324996B627}: NameServer = 68.12.16.25,68.12.16.30
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: rqrooon - C:\WINDOWS\SYSTEM32\rqrooon.dll
O20 - Winlogon Notify: ssqpp - C:\WINDOWS\system32\ssqpp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineil32 - C:\WINDOWS\SYSTEM32\wineil32.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Network DDE DSDM NetDDEdsdmxmlprov (NetDDEdsdmxmlprov) - Unknown owner - c:\squix.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 17-06-2007, 06:00 AM
Full Member
New Recruit
  
Join Date: Jan 2006
Posts: 71
thepHaZeD1 Is a beginner here at D-A-L
Re: Getting Pwned by Spyware , plz help asap
And heres the Vundo log, and a new HJT


VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 10:50:19 PM 6/16/2007

Listing files found while scanning....

C:\windows\system32\cbxyxur.dll
C:\windows\system32\csnpimev.ini
C:\windows\system32\csnpimev.ini2
C:\windows\system32\csnpimev.tmp
C:\windows\system32\cxkkffdo.ini
C:\windows\system32\edvbstjy.exe
C:\WINDOWS\system32\evgaiqvs.dll
C:\windows\system32\gdvudiqb.dll
C:\windows\system32\gnkfrmoi.dll
C:\windows\system32\hpcxsksk.dll
C:\WINDOWS\system32\ihlcdrxa.dll
C:\windows\system32\j3291734.dll
C:\windows\system32\j9251133.dll
C:\windows\system32\jdvlvbec.dll
C:\windows\system32\jkhhe.dll
C:\windows\system32\jkumaarb.dll
C:\windows\system32\lfwhtiot.exe
C:\windows\system32\lusavhxw.exe
C:\windows\system32\odffkkxc.dll
C:\windows\system32\ppqss.bak1
C:\windows\system32\ppqss.bak2
C:\windows\system32\ppqss.ini
C:\windows\system32\ppqss.ini2
C:\windows\system32\ppqss.tmp
C:\windows\system32\qkepdhcp.dll
C:\windows\system32\qsxbkhkx.dll
C:\WINDOWS\system32\rqrooon.dll
C:\WINDOWS\system32\ssqpp.dll
C:\windows\system32\uejrpoyv.dll
C:\windows\system32\ugxojmff.dll
C:\windows\system32\vemipnsc.dll

Beginning removal...

Attempting to delete C:\windows\system32\cbxyxur.dll
C:\windows\system32\cbxyxur.dll Has been deleted!

Attempting to delete C:\windows\system32\csnpimev.ini
C:\windows\system32\csnpimev.ini Has been deleted!

Attempting to delete C:\windows\system32\csnpimev.ini2
C:\windows\system32\csnpimev.ini2 Has been deleted!

Attempting to delete C:\windows\system32\csnpimev.tmp
C:\windows\system32\csnpimev.tmp Has been deleted!

Attempting to delete C:\windows\system32\cxkkffdo.ini
C:\windows\system32\cxkkffdo.ini Has been deleted!

Attempting to delete C:\windows\system32\edvbstjy.exe
C:\windows\system32\edvbstjy.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\evgaiqvs.dll
C:\WINDOWS\system32\evgaiqvs.dll Has been deleted!

Attempting to delete C:\windows\system32\gdvudiqb.dll
C:\windows\system32\gdvudiqb.dll Has been deleted!

Attempting to delete C:\windows\system32\gnkfrmoi.dll
C:\windows\system32\gnkfrmoi.dll Has been deleted!

Attempting to delete C:\windows\system32\hpcxsksk.dll
C:\windows\system32\hpcxsksk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ihlcdrxa.dll
C:\WINDOWS\system32\ihlcdrxa.dll Has been deleted!

Attempting to delete C:\windows\system32\j3291734.dll
C:\windows\system32\j3291734.dll Has been deleted!

Attempting to delete C:\windows\system32\j9251133.dll
C:\windows\system32\j9251133.dll Has been deleted!

Attempting to delete C:\windows\system32\jdvlvbec.dll
C:\windows\system32\jdvlvbec.dll Has been deleted!

Attempting to delete C:\windows\system32\jkhhe.dll
C:\windows\system32\jkhhe.dll Has been deleted!

Attempting to delete C:\windows\system32\jkumaarb.dll
C:\windows\system32\jkumaarb.dll Has been deleted!

Attempting to delete C:\windows\system32\lfwhtiot.exe
C:\windows\system32\lfwhtiot.exe Has been deleted!

Attempting to delete C:\windows\system32\lusavhxw.exe
C:\windows\system32\lusavhxw.exe Has been deleted!

Attempting to delete C:\windows\system32\odffkkxc.dll
C:\windows\system32\odffkkxc.dll Has been deleted!

Attempting to delete C:\windows\system32\ppqss.bak1
C:\windows\system32\ppqss.bak1 Has been deleted!

Attempting to delete C:\windows\system32\ppqss.bak2
C:\windows\system32\ppqss.bak2 Has been deleted!

Attempting to delete C:\windows\system32\ppqss.ini
C:\windows\system32\ppqss.ini Has been deleted!

Attempting to delete C:\windows\system32\ppqss.ini2
C:\windows\system32\ppqss.ini2 Has been deleted!

Attempting to delete C:\windows\system32\ppqss.tmp
C:\windows\system32\ppqss.tmp Has been deleted!

Attempting to delete C:\windows\system32\qkepdhcp.dll
C:\windows\system32\qkepdhcp.dll Has been deleted!

Attempting to delete C:\windows\system32\qsxbkhkx.dll
C:\windows\system32\qsxbkhkx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrooon.dll
C:\WINDOWS\system32\rqrooon.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\ssqpp.dll Has been deleted!

Attempting to delete C:\windows\system32\uejrpoyv.dll
C:\windows\system32\uejrpoyv.dll Has been deleted!

Attempting to delete C:\windows\system32\ugxojmff.dll
C:\windows\system32\ugxojmff.dll Has been deleted!

Attempting to delete C:\windows\system32\vemipnsc.dll
C:\windows\system32\vemipnsc.dll Has been deleted!

Performing Repairs to the registry.
Done!



HJT log...

Logfile of HijackThis v1.99.1
Scan saved at 10:59:28 PM, on 6/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Hailey\Desktop\HJT\foolyou.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=w...fT7JuLjEDRZ58v
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1600BDFA-8C02-4F06-A20C-3B9AEA26BE22} - C:\WINDOWS\system32\ugluonyv.dll
O2 - BHO: (no name) - {2252CC30-2908-4697-B044-79865A700FBE} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\Documents and Settings\Hailey\52383811.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\pgmvamec.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelp er.dll (file missing)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\jkumaarb.dll (file missing)
O2 - BHO: (no name) - {E4749367-DEEC-4BAC-9D1A-BA8703BDE1B0} - C:\WINDOWS\system32\vtutu.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\hbvcnooi.dll",realset
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B34E699-3C62-4074-9350-AC324996B627}: NameServer = 68.12.16.25,68.12.16.30
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineil32 - C:\WINDOWS\SYSTEM32\wineil32.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Network DDE DSDM NetDDEdsdmxmlprov (NetDDEdsdmxmlprov) - Unknown owner - c:\squix.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 17-06-2007, 07:38 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Getting Pwned by Spyware , plz help asap
Very good!!!


1. Download this file - COMBOFIX
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


Post a new hijackthis log also please.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 18-06-2007, 03:44 AM
Full Member
New Recruit
  
Join Date: Jan 2006
Posts: 71
thepHaZeD1 Is a beginner here at D-A-L
Re: Getting Pwned by Spyware , plz help asap
viola..

ComboFix 07-06-17 - C:\Documents and Settings\Hailey\Desktop\ComboFix.exe
"Hailey" - 2007-06-17 19:36:12 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))


C:\WINDOWS\system32\coxttghj.dll
C:\WINDOWS\system32\ebnbpncl.dll
C:\WINDOWS\system32\gywltdwy.dll
C:\WINDOWS\system32\hbvcnooi.dll
C:\WINDOWS\system32\jxfnplds.dll
C:\WINDOWS\system32\kvkbwidu.dll
C:\WINDOWS\system32\ovehkxau.dll
C:\WINDOWS\system32\pjxpnlic.dll
C:\WINDOWS\system32\ptmhwltx.dll
C:\WINDOWS\system32\rbxngmjk.dll
C:\WINDOWS\system32\suyggneh.dll
C:\WINDOWS\system32\tpuwaeog.dll
C:\WINDOWS\system32\vilyqyiw.dll
C:\WINDOWS\system32\vtutsqp.dll
C:\WINDOWS\system32\vuwsviwo.dll
C:\WINDOWS\system32\ykynbxjf.dll
C:\WINDOWS\system32\wineil32.dll
C:\WINDOWS\SYSTEM32\jhgttxoc.ini
C:\WINDOWS\SYSTEM32\lcnpbnbe.ini
C:\WINDOWS\SYSTEM32\ywdtlwyg.ini
C:\WINDOWS\SYSTEM32\iooncvbh.ini
C:\WINDOWS\SYSTEM32\udiwbkvk.ini
C:\WINDOWS\SYSTEM32\uaxkhevo.ini
C:\WINDOWS\SYSTEM32\cilnpxjp.ini
C:\WINDOWS\SYSTEM32\xtlwhmtp.ini
C:\WINDOWS\SYSTEM32\kjmgnxbr.ini
C:\WINDOWS\SYSTEM32\henggyus.ini
C:\WINDOWS\SYSTEM32\goeawupt.ini
C:\WINDOWS\SYSTEM32\wiyqyliv.ini
C:\WINDOWS\SYSTEM32\owivswuv.ini
C:\WINDOWS\SYSTEM32\fjxbnyky.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nsv
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nsv\cache\283.dfn
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nsv\cache\538.dfn
C:\DOCUME~1\Hailey\APPLIC~1\Install.dat
C:\DOCUME~1\Owner\APPLIC~1\Sskknwrd.dll
C:\Program Files\newdotnet
C:\Program Files\newdotnet\readme.html
C:\Temp\tn3
C:\WINDOWS\422174231.dll
C:\WINDOWS\alerter_snow.exe
C:\WINDOWS\btn5026v7.exe
C:\WINDOWS\drv.sys
C:\WINDOWS\sammy3.exe
C:\WINDOWS\Setup89.exe
C:\WINDOWS\system32\comi.dll
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\klikalka.exe
C:\WINDOWS\system32\mbols~1
C:\WINDOWS\system32\ppatch~1
C:\WINDOWS\system32\sembly~1
C:\WINDOWS\system32\stem32~1
C:\WINDOWS\system32\vidctrl


((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))


2007-06-17 19:35 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-16 22:50 <DIR> d----c--- C:\VundoFix Backups
2007-06-16 18:30 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-16 18:30 <DIR> d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-06-16 18:30 <DIR> d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
2007-06-16 18:30 <DIR> d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Gtek
2007-06-15 23:42 125,972 --a------ C:\WINDOWS\SYSTEM32\ugluonyv.dll
2007-06-14 21:12 99,072 --a--c--- C:\cogvvvmm1.exe
2007-06-14 21:12 94,464 --a--c--- C:\cogvvvmm3.exe
2007-06-14 21:12 286,720 --a------ C:\WINDOWS\SYSTEM32\scchk32.exe
2007-06-14 21:12 100,096 --a--c--- C:\cogvvvmm2.exe
2007-06-14 21:09 125,972 --a------ C:\WINDOWS\SYSTEM32\goepeldc.dll
2007-06-14 09:16 <DIR> d-------- C:\Program Files\AIM6
2007-06-14 09:11 <DIR> d-------- C:\DOCUME~1\Hailey\APPLIC~1\Ultimate Fixer
2007-06-14 08:56 <DIR> d-------- C:\Program Files\Ultimate Fixer
2007-06-13 19:42 62,516 --a------ C:\WINDOWS\SYSTEM32\pgmvamec.dll
2007-06-13 16:51 57,344 --a--c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\hwfutczk.exe
2007-06-13 16:51 57,344 --a------ C:\WINDOWS\os1zn2mO7Z.exe
2007-06-13 06:47 <DIR> d-------- C:\WINDOWS\SYSTEM32\o08PrEz
2007-06-13 06:46 <DIR> d-------- C:\temp\iee
2007-06-07 03:29 42,420 --a--c--- C:\iiwulumt.exe
2007-06-05 14:25 <DIR> d-------- C:\Program Files\DriveCleaner Free
2007-06-05 14:25 <DIR> d-------- C:\Program Files\Common Files\DriveCleaner Free
2007-06-02 16:45 <DIR> d-------- C:\temp\x2b
2007-05-31 23:23 <DIR> dr------- C:\DOCUME~1\Hailey\APPLIC~1\Brother
2007-05-28 16:18 353 ---hs---- C:\WINDOWS\SYSTEM32\ututv.ini2
2007-05-27 23:19 109 --ahs---- C:\WINDOWS\SYSTEM32\618795283.dat
2007-05-27 23:18 30,720 --a------ C:\WINDOWS\SYSTEM32\ipmon.exe
2007-05-27 08:36 37,424 --a------ C:\DOCUME~1\NETWOR~1\APPLIC~1\C_2rep.dll
2007-05-27 08:36 37,424 --a------ C:\DOCUME~1\LOCALS~1\APPLIC~1\ir5gX7.dll
2007-05-26 20:26 37,424 --a------ C:\DOCUME~1\NETWOR~1\APPLIC~1\FXABspl.dll
2007-05-26 20:26 37,424 --a------ C:\DOCUME~1\NETWOR~1\APPLIC~1\DSRSAM.dll
2007-05-26 20:26 37,424 --a------ C:\DOCUME~1\LOCALS~1\APPLIC~1\CRTqcx.dll
2007-05-24 17:01 <DIR> d----c--- C:\My Games
2007-05-24 17:01 <DIR> d----c--- C:\My Download Files
2007-05-23 03:38 122,880 --a------ C:\DOCUME~1\Hailey\52383811.dll
2007-05-19 08:44 262,144 --a------ C:\DOCUME~1\TAYLOR~1\NTUSER.DAT


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-06-06 23:48:50 -------- d-----w C:\Program Files\Morpheus
2007-05-26 21:44:38 5,632 ----a-w C:\WINDOWS\winlogon32.dll
2007-05-24 21:59:15 -------- d-----w C:\Program Files\Real
2007-05-24 21:59:13 -------- d-----w C:\Program Files\Common Files\Real
2007-05-19 09:54:25 -------- d-----w C:\Program Files\ArcSoft
2007-05-19 09:51:13 -------- d-----w C:\Program Files\Yahoo! Games
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-11 00:36:37 75,264 ----a-w C:\WINDOWS\installer.exe
2007-04-25 1415 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 11:28]
{1600BDFA-8C02-4F06-A20C-3B9AEA26BE22}=C:\WINDOWS\system32\ugluonyv.dll [2007-06-15 23:42]
{2252CC30-2908-4697-B044-79865A700FBE}=C:\WINDOWS\system32\ssqpp.dll []
{58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9}=C:\Documents and Settings\Hailey\52383811.dll [2007-05-23 03:38]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll []
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll []
{D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05}=C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelp er.dll []
{E4749367-DEEC-4BAC-9D1A-BA8703BDE1B0}=C:\WINDOWS\system32\vtutu.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-16 01:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"csrss"="C:\WINDOWS\csrss.exe" []

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="C:\Program Files\ewido anti-malware\shellhook.dll" [2004-09-30 07:21]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\dfdr.sys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hxqj.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hxqj.exe
backup=C:\WINDOWS\pss\hxqj.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^YourScreen.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\YourScreen.lnk
backup=C:\WINDOWS\pss\YourScreen.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hailey^Start Menu^Programs^Startup^Check For Dope Wars Updates.lnk]
path=C:\Documents and Settings\Hailey\Start Menu\Programs\Startup\Check For Dope Wars Updates.lnk
backup=C:\WINDOWS\pss\Check For Dope Wars Updates.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hailey^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Hailey\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoSys]
C:\WINDOWS\system32\autosys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]
C:\WINDOWS\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
rundll32.exe "C:\WINDOWS\system32\rbxngmjk.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1159663210\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hwfutczk.exe]
C:\Documents and Settings\All Users\Application Data\hwfutczk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inrh95]
C:\WINDOWS\System32\inrh95

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iut75]
c:\windows\system32\drivers\uzcx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j9251133]
rundll32 C:\WINDOWS\system32\j9251133.dll sook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RunDLL32.exe NvMCTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
C:\WINDOWS\system32\scchk32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SManager]
smanager.7.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
smgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
C:\WINDOWS\system32\kernels32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ultimate Fixer]
"C:\Program Files\Ultimate Fixer\UltimateFixer.exe" hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync]
C:\WINDOWS\system32\iwocqr.exe reg_run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZICORN]
C:\WINDOWS\System32\ZICORN


Contents of the 'Scheduled Tasks' folder
2007-06-16 22:31:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-18 00:48:00 C:\WINDOWS\tasks\McAfee.com Update Check (D14RNG51-Hailey).job
2007-06-18 00:42:00 C:\WINDOWS\tasks\McAfee.com Update Check (D14RNG51-Owner).job
2007-06-18 00:46:00 C:\WINDOWS\tasks\McAfee.com Update Check (D14RNG51-Taylors Page).job

************************************************** ************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-17 19:49:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

cmd.exe [2476]


scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-06-17 19:51:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-17 19:51

--- E O F ---

HJT

Logfile of HijackThis v1.99.1
Scan saved at 8:43:11 PM, on 6/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Dynamix\TRIBES\Tribes.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hailey\Desktop\HJT\foolyou.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1600BDFA-8C02-4F06-A20C-3B9AEA26BE22} - C:\WINDOWS\system32\ugluonyv.dll
O2 - BHO: (no name) - {2252CC30-2908-4697-B044-79865A700FBE} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\Documents and Settings\Hailey\52383811.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelp er.dll (file missing)
O2 - BHO: (no name) - {E4749367-DEEC-4BAC-9D1A-BA8703BDE1B0} - C:\WINDOWS\system32\vtutu.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B34E699-3C62-4074-9350-AC324996B627}: NameServer = 68.12.16.25,68.12.16.30
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Network DDE DSDM NetDDEdsdmxmlprov (NetDDEdsdmxmlprov) - Unknown owner - c:\squix.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 18-06-2007, 09:55 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Getting Pwned by Spyware , plz help asap
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once the scan is complete, Right Click inside the listbox (white box) and click add more files
Copy&Paste the entry below into the top box.

C:\WINDOWS\system32\ugluonyv.dll



Click Add Files and Click Close Window
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt.


Then...


Download RogueRemover by Rubber Ducky from www.malwarebytes.org/rr-update/rr-free-
Double-click on rr-free-setup.exe to start the installation of RogueRemover
Click Next then click I agree and finally click Install
Untick Show Readme and click Finish
This will now launch RogueRemover
Close the help window
Click Check for updates
If there are any updates found click Download
Wait for any updates to finish downloading/installing, then click Close in the update window
Click on Scan
If nothing is found, then close RogueRemover
If RogueRemover did find something, it will present a list of detected items
Click Remove selected
Click YES at the prompt
Click Ok when it informs you it's saved a logfile
Wait for removal to complete & then close RogueRemover
Use notepad to open this file
C:\Program Files\RogueRemover\RRLog******.txt
Note: ****** is the time when you ran RogueRemover
Post the contents of that file as a reply to this topic


Post the two logs above and a new hijackthis log please
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 17-07-2007, 11:33 AM
Full Member
New Recruit
  
Join Date: Jan 2006
Posts: 71
thepHaZeD1 Is a beginner here at D-A-L
Re: Getting Pwned by Spyware , plz help asap
Sorry Neal , ive been out of the country for awhile.
but i started where we left off , but when i tried to d/l the RougeRemover program i got a 404 Not Found message... but heres a new HJT log to let u know where we're at , cause my pc is still acting pretty slow...


HJT log..


Logfile of HijackThis v1.99.1
Scan saved at 05:32, on 2007-07-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wnupdate.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1159663210\ee\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hailey\Desktop\HJT\foolyou.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1600BDFA-8C02-4F06-A20C-3B9AEA26BE22} - C:\WINDOWS\system32\ugluonyv.dll (file missing)
O2 - BHO: (no name) - {2252CC30-2908-4697-B044-79865A700FBE} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\Documents and Settings\Hailey\52383811.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: (no name) - {97DBA374-80B1-4C0B-9463-5B2DB78ADE06} - C:\WINDOWS\system32\ugluonyv.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelp er.dll (file missing)
O2 - BHO: (no name) - {E4749367-DEEC-4BAC-9D1A-BA8703BDE1B0} - C:\WINDOWS\system32\vtutu.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZICORN] C:\WINDOWS\System32\ZICORN
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\iwocqr.exe reg_run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159663210\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B34E699-3C62-4074-9350-AC324996B627}: NameServer = 68.12.16.25,68.12.16.30
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Network DDE DSDM NetDDEdsdmxmlprov (NetDDEdsdmxmlprov) - Unknown owner - c:\squix.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WinUpdate - ZSoft - C:\WINDOWS\system32\wnupdate.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 17-07-2007, 08:47 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Getting Pwned by Spyware , plz help asap
Delete the version of SDFix that you have and use this newer version:

http://downloads.andymanchesta.com/R...ools/SDFix.zip


Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log


New hijackthis log please.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 27-07-2007, 06:24 AM
Full Member
New Recruit
  
Join Date: Jan 2006
Posts: 71
thepHaZeD1 Is a beginner here at D-A-L
Re: Getting Pwned by Spyware , plz help asap
sorry my net got turned off for a while but heres the logs


SDfix log:


SDFix: Version 1.94

Run by Owner on Thu 07/26/2007 at 11:32 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Hailey\Desktop\SDFIX

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\svchost.exe - Deleted
C:\WINDOWS\system32\help.txt - Deleted
C:\WINDOWS\winlogon32.dll - Deleted

Could Not Remove C:\WINDOWS\csrss.exe


Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1159663210\\ee\\aolsoftware.exe"="C:\\ Program Files\\Common Files\\AOL\\1159663210\\ee\\aolsoftware.exe:*:Enab led:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1159663210\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1159663210\\ee\\aim6.exe:*:Enabled:AIM "
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*isabled:Kodak Software Updater"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger"
"C:\\[eX]MIRC\\mirc.exe"="C:\\[eX]MIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------
C:\WINDOWS\csrss.exe Found

Backups Folder: - C:\DOCUME~1\Hailey\Desktop\SDFIX\backups\backups.z ip

Files with Hidden Attributes:

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP980\A0510495.sys
C:\Documents and Settings\Hailey\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp
C:\Documents and Settings\Hailey\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp
C:\Documents and Settings\Hailey\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp
C:\Documents and Settings\Hailey\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@R19F6.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@R19F8.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@R19FA.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@R19FC.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@R19FE.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@R1A00.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@S19F7.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@S19F9.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@S19FB.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@S19FD.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@S19FF.tmp
C:\Documents and Settings\Hailey\Local Settings\Temp\Z@S1A01.tmp
C:\WINDOWS\SYSTEM32\ututv.tmp
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.tmp.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SAM.tmp.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.tmp.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.tmp.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.tmp.LOG

Finished



HJT:

Logfile of HijackThis v1.99.1
Scan saved at 00:22, on 2007-07-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wnupdate.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\notepad.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Tnpphhuk\yoafidrd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Hailey\Desktop\HJT\foolyou.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1600BDFA-8C02-4F06-A20C-3B9AEA26BE22} - C:\WINDOWS\system32\ugluonyv.dll (file missing)
O2 - BHO: (no name) - {2252CC30-2908-4697-B044-79865A700FBE} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6F2C9C90-529E-8145-2E89-06A7789C150D} - C:\Program Files\Komkclsf\jfklkhtj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: (no name) - {97DBA374-80B1-4C0B-9463-5B2DB78ADE06} - C:\WINDOWS\system32\ugluonyv.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelp er.dll (file missing)
O2 - BHO: (no name) - {E4749367-DEEC-4BAC-9D1A-BA8703BDE1B0} - C:\WINDOWS\system32\vtutu.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZICORN] C:\WINDOWS\System32\ZICORN
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\iwocqr.exe reg_run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [gbkratcx] rundll32.exe "C:\Program Files\bwbifmfe\nozunmjk.dll",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [yoafidrd] C:\Program Files\Tnpphhuk\yoafidrd.exe
O4 - HKLM\..\Run: [idndrunj] C:\Program Files\Mqwwzjdp\idndrunj.exe
O4 - HKLM\..\Run: [tqzmpqfq] rundll32.exe "C:\Program Files\olmdqjix\mxqjurin.dll",Init
O4 - HKLM\..\Run: [uxkzcjax] rundll32.exe "C:\Program Files\uxkzcjax\qfwpszuh.dll",Init
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B34E699-3C62-4074-9350-AC324996B627}: NameServer = 68.12.16.25,68.12.16.30
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Network DDE DSDM NetDDEdsdmxmlprov (NetDDEdsdmxmlprov) - Unknown owner - c:\squix.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WinUpdate - ZSoft - C:\WINDOWS\system32\wnupdate.exe



there u go
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Notebook please please help asap! PleaseHelpMe Windows XP Help 1 06-11-2008 07:36 PM
please help me asap!! big_man123 General Internet Issues and Questions 0 20-02-2008 09:20 PM
I need some help asap Jacques16 Windows XP Help 2 15-07-2007 05:08 PM
Plz Help Asap Tumelo Windows XP Help 4 15-03-2007 06:38 PM
Need Help Serious Asap djbabygirl54 General Internet Issues and Questions 0 18-06-2006 05:15 AM


All times are GMT +1. The time now is 01:34 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav