Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > Trojan horse BHO.BHJ removal

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Trojan horse BHO.BHJ removal

Reply to Message Icon

Name: robertjok
Date: October 10, 2007 at 14:50:58 Pacific
OS: Windows XP SP2
CPU/Ram: 2.4 Ghz/512 MB
Product: TigerTV/Venture X P4
Comment:

Please help remove Trojan horse BHO.BHJ which has infected file: C:\WINDOWS\system32\comca.dll AVG scan provided a heal option but it still appears each time windows is reopened.

I have hijackthis logs and smitfraudfix repport.txt if needed.

You help would be most appreciated.

rjk



Sponsored Link
Ads by Google

Response Number 1
Name: jabuck
Date: October 10, 2007 at 15:25:35 Pacific
Reply:

Please post your Hijack This log and the smitfruad option#1 report please.


0

Response Number 2
Name: robertjok
Date: October 11, 2007 at 13:36:17 Pacific
Reply:

Please finds my Hijack This log and smitfraudfix report as requested:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:55 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\LEXPPS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\1154800874\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy_name:8080
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\DR. KOLIMAS\Application Data\Mozilla\Profiles\default\znfnd5if.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DR. KOLIMAS\Application Data\Mozilla\Profiles\default\znfnd5if.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {151B44B9-629E-451A-A31D-06DB583F4694} - C:\WINDOWS\system32\xxyvs.dll (file missing)
O2 - BHO: {cd15f094-a3bc-c369-be64-3c65d2890742} - {2470982d-56c3-46eb-963c-cb3a490f51dc} - C:\WINDOWS\system32\mmdlpehm.dll (file missing)
O2 - BHO: (no name) - {29ECBCB3-4E21-4C1A-B322-EB6A4284CDB6} - C:\WINDOWS\system32\fcyvt.dll (file missing)
O2 - BHO: (no name) - {2C7D372B-8983-4EB0-9941-077EA9E53CF7} - C:\WINDOWS\system32\iifcd.dll (file missing)
O2 - BHO: (no name) - {3D1E5AAC-DD31-4835-B2FE-A11E70BDEF04} - C:\WINDOWS\system32\cbxut.dll (file missing)
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {667C4577-782C-4669-B52E-0FC554F099CE} - C:\WINDOWS\system32\comca.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7B3E3A09-FC5F-4DDC-9107-A03FAC7EB77C} - C:\WINDOWS\system32\ddcyy.dll (file missing)
O2 - BHO: (no name) - {822BF3E1-9E8A-4EF4-A581-AF1EB44065EE} - C:\WINDOWS\system32\xxyax.dll (file missing)
O2 - BHO: (no name) - {9FC8884C-06B4-4EEC-9832-4D0AB6EEFAE9} - C:\WINDOWS\system32\tuvtu.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {BD0E4820-3411-4467-9297-19A4535DF814} - C:\WINDOWS\system32\iiiih.dll (file missing)
O2 - BHO: (no name) - {C5757524-7A83-4CA4-B468-A3C3ED7438DC} - C:\WINDOWS\system32\tusqp.dll (file missing)
O2 - BHO: (no name) - {C982FD88-7033-4ACC-9F64-3A97B295615F} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: (no name) - {D0661C73-7BDB-44F5-AE7B-D1A9AF479158} - C:\WINDOWS\system32\ljhef.dll (file missing)
O2 - BHO: (no name) - {E9ACC15B-565F-474B-968A-B7DECD74D868} - C:\WINDOWS\system32\efebb.dll (file missing)
O2 - BHO: (no name) - {EB301D81-C7B8-47E0-A256-8BC033CE4657} - C:\WINDOWS\system32\xxyxw.dll (file missing)
O2 - BHO: (no name) - {FC42E563-F1AC-4F3C-8412-DB501F785FFF} - C:\WINDOWS\system32\ddcdd.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.exe"
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154800874\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.co...
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/...
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://H:\components\Liquid.ocx
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://wproxy.bcm.tmc.edu/brain/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.sanctuarydsante.com/imag...
O24 - Desktop Component 1: (no name) - http://www.andrewg.ca/images/backgr...
O24 - Desktop Component 10: (no name) - http://www.wfu.edu/images/bg-sub.gif
O24 - Desktop Component 2: (no name) - http://cdn-channels.netscape.com/ga...
O24 - Desktop Component 3: (no name) - http://www.ramadabeach.com/images/b...
O24 - Desktop Component 4: (no name) - http://driversed.com/images/home/ba...
O24 - Desktop Component 5: (no name) - http://www.amplandmovies.com/images...
O24 - Desktop Component 6: (no name) - http://www.princetonreview.com/imag...
O24 - Desktop Component 7: (no name) - http://www.consumerhealthdigest.com...
O24 - Desktop Component 8: (no name) - http://img.ultimate-guitar.com/_img...
O24 - Desktop Component 9: (no name) - http://www.horizonfamilymedical.com...

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\LEXPPS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\1154800874\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dr. Kolimas


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dr. Kolimas\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DRE33C~1.KOL\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.sanctuarydsante.com/images/header13.jpg"
"SubscribedURL"="http://www.sanctuarydsante.com/images/header13.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://www.andrewg.ca/images/background.jpg"
"SubscribedURL"="http://www.andrewg.ca/images/background.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="http://cdn-channels.netscape.com/gallery/i/j/jolie/AngelinaJo_Weeks_3890432_Ma.jpg"
"SubscribedURL"="http://cdn-channels.netscape.com/gallery/i/j/jolie/AngelinaJo_Weeks_3890432_Ma.jpg"
"FriendlyName"=""

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock

xpdx detected, use a Rootkit scanner
pe386 detected, use a Rootkit scanner
lzx32 detected, use a Rootkit scanner


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA VT6105M Rhine III Management Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{42118BC0-7B7F-484A-982A-9FE018F2C700}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{42118BC0-7B7F-484A-982A-9FE018F2C700}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{42118BC0-7B7F-484A-982A-9FE018F2C700}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

rjk


0

Response Number 3
Name: jabuck
Date: October 11, 2007 at 14:49:55 Pacific
Reply:

Please download SDFix by AndyManchesta and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following:
Restart your computer.
After hearing your computer beep once during startup, but just before the Windows icon appears, tap the F8 key continually.
Instead of Windows loading as normal, a menu with options should appear.
Select the first option, to run Windows in "Safe Mode", then press "Enter".
Choose your usual account.


Once in Safe Mode, please do the following:
In Safe Mode, right-click the SDFix.zip folder and choose Extract All.
Open the extracted folder and double-click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt

Ru Hijack This, close all windows and browsers except Hijack This, placea check to the left of the following items and press "fix checked":

O2 - BHO: (no name) - {151B44B9-629E-451A-A31D-06DB583F4694} - C:\WINDOWS\system32\xxyvs.dll (file missing)

O2 - BHO: {cd15f094-a3bc-c369-be64-3c65d2890742} - {2470982d-56c3-46eb-963c-cb3a490f51dc} - C:\WINDOWS\system32\mmdlpehm.dll (file missing)

O2 - BHO: (no name) - {29ECBCB3-4E21-4C1A-B322-EB6A4284CDB6} - C:\WINDOWS\system32\fcyvt.dll (file missing)

O2 - BHO: (no name) - {2C7D372B-8983-4EB0-9941-077EA9E53CF7} - C:\WINDOWS\system32\iifcd.dll (file missing)

O2 - BHO: (no name) - {3D1E5AAC-DD31-4835-B2FE-A11E70BDEF04} - C:\WINDOWS\system32\cbxut.dll (file missing)

O2 - BHO: (no name) - {667C4577-782C-4669-B52E-0FC554F099CE} - C:\WINDOWS\system32\comca.dll

O2 - BHO: (no name) - {7B3E3A09-FC5F-4DDC-9107-A03FAC7EB77C} - C:\WINDOWS\system32\ddcyy.dll (file missing)

O2 - BHO: (no name) - {822BF3E1-9E8A-4EF4-A581-AF1EB44065EE} - C:\WINDOWS\system32\xxyax.dll (file missing)

O2 - BHO: (no name) - {9FC8884C-06B4-4EEC-9832-4D0AB6EEFAE9} - C:\WINDOWS\system32\tuvtu.dll (file missing)

O2 - BHO: (no name) - {BD0E4820-3411-4467-9297-19A4535DF814} - C:\WINDOWS\system32\iiiih.dll (file missing)

O2 - BHO: (no name) - {C5757524-7A83-4CA4-B468-A3C3ED7438DC} - C:\WINDOWS\system32\tusqp.dll (file missing)

O2 - BHO: (no name) - {C982FD88-7033-4ACC-9F64-3A97B295615F} - C:\WINDOWS\system32\awtqn.dll (file missing)

O2 - BHO: (no name) - {D0661C73-7BDB-44F5-AE7B-D1A9AF479158} - C:\WINDOWS\system32\ljhef.dll (file missing)

O2 - BHO: (no name) - {E9ACC15B-565F-474B-968A-B7DECD74D868} - C:\WINDOWS\system32\efebb.dll (file missing)

O2 - BHO: (no name) - {EB301D81-C7B8-47E0-A256-8BC033CE4657} - C:\WINDOWS\system32\xxyxw.dll (file missing)

O2 - BHO: (no name) - {FC42E563-F1AC-4F3C-8412-DB501F785FFF} - C:\WINDOWS\system32\ddcdd.dll (file missing)

Exit Hijack This.

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces along with a new Hijack This log.



0

Response Number 4
Name: robertjok
Date: October 14, 2007 at 20:02:33 Pacific
Reply:

Please find the requested file and log results:

SDFix file Report.txt

SDFix: Version 1.108

Run by (robertjok) on Sun 10/14/2007 at 09:07 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\DRE33C~1.KOL\Desktop\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

ComboFix log

C:\WINDOWS\cookies.ini

.
((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.

2007-10-14 21:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 21:06 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-13 10:20 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-10-12 13:03 <DIR> d-------- C:\Documents and Settings\Cathy K\Application Data\EAST Technologies
2007-10-12 12:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\EAST Technologies
2007-10-10 15:29 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-10 15:16 3,348 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-10 15:15 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-10 15:15 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-10 15:15 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-10 15:15 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-10 15:15 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-09 13:20 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 02:52 <DIR> d-------- C:\sdel
2007-10-08 22:09 <DIR> d-------- C:\Program Files\SpywareDetector
2007-10-08 22:09 270,336 --a------ C:\WINDOWS\system32\CheckDll.dll
2007-10-08 22:09 67,024 --a------ C:\WINDOWS\system32\CloseAll.exe
2007-10-08 22:09 11,728 --a------ C:\WINDOWS\system32\SDEarlyDelete.exe
2007-10-08 21:23 123 --a------ C:\WINDOWS\system\SysSD.dll
2007-10-08 21:22 7,362,440 --a------ C:\Program Files\spywaredetectorb.exe
2007-10-08 18:06 <DIR> d-------- C:\Documents and Settings\Dr. Kolimas\Application Data\Systweak
2007-10-08 18:05 <DIR> d-------- C:\Program Files\Advanced System Optimizer
2007-10-08 18:03 11,433,232 --a------ C:\Program Files\aso_setup.exe
2007-10-07 08:42 <DIR> d-------- C:\Documents and Settings\(robertjok)\.housecall6.6
2007-10-02 11:40 14,373 ---hs---- C:\WINDOWS\system32\fehjl.bak2
2007-10-01 20:44 6,440 ---hs---- C:\WINDOWS\system32\fehjl.bak1
2007-10-01 07:09 6,440 ---hs---- C:\WINDOWS\system32\xayxx.bak1
2007-09-30 16:25 6,480 ---hs---- C:\WINDOWS\system32\utvut.bak1
2007-09-30 02:35 6,440 ---hs---- C:\WINDOWS\system32\wxyxx.bak1
2007-09-28 12:00 36,352 --a------ C:\WINDOWS\system32\dpseria.dll
2007-09-28 12:00 17,664 C:\WINDOWS\system32\drivers\jlrnwdyj.dat
2007-09-28 12:00 5,120 C:\WINDOWS\system32\drivers\iwotkxbw.dat
2007-09-28 11:59 104,612 --a------ C:\WINDOWS\system32\comca.dll
2007-09-28 11:56 24,370 ---hs---- C:\WINDOWS\system32\yycdd.bak1
2007-09-28 03:25 6,440 ---hs---- C:\WINDOWS\system32\bbefe.bak1
2007-09-28 00:49 6,440 ---hs---- C:\WINDOWS\system32\tvycf.bak1
2007-09-27 07:08 6,440 ---hs---- C:\WINDOWS\system32\tuxbc.bak1
2007-09-26 08:22 15,189 ---hs---- C:\WINDOWS\system32\pqsut.bak1
2007-09-25 12:58 6,440 ---hs---- C:\WINDOWS\system32\dcfii.bak1
2007-09-25 12:53 <DIR> d-------- C:\Documents and Settings\Cathy K\Application Data\AVG7
2007-09-23 18:51 6,462 ---hs---- C:\WINDOWS\system32\svyxx.bak1
2007-09-22 16:42 6,480 ---hs---- C:\WINDOWS\system32\nqtwa.bak1
2007-09-22 06:32 6,480 ---hs---- C:\WINDOWS\system32\ddcdd.bak1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-22 13:12 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 13:12 658,944 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 13:12 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 13:12 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 13:12 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 13:12 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 13:12 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 13:12 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 13:12 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 13:12 3,058,176 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 13:12 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 13:12 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 13:12 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 13:12 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 13:12 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 13:12 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 13:12 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 13:12 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:30 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2006-03-04 15:30 3,684 ----a-w C:\Documents and Settings\Robert Kolimas\winmail.dat
2005-10-15 13:52 383,504 ----a-w C:\Program Files\reference.exe
2005-09-11 02:12 3,220,608 ----a-w C:\Program Files\rminstall.exe
2005-07-15 01:22 10,768,584 ----a-w C:\Program Files\Install_MSN_Messenger.exe
2005-07-09 07:10 7,364,808 ----a-w C:\Program Files\INSTALL_MSN_MESSENGER_DL.exe
2005-06-25 12:50 20,798,256 ----a-w C:\Program Files\AdbeRdr70_enu_full.exe
2005-06-17 00:27 227,190,984 ----a-w C:\Program Files\OfficeSTD.exe
2005-06-02 01:17 5,245,352 ----a-w C:\Program Files\MSN Messenger6.2SetupDl.exe
2004-11-16 07:19 295,120 ----a-w C:\Program Files\NSSetup.exe
2004-11-13 17:47 560 ----a-w C:\Documents and Settings\Cathy K\PCDOC.BAT
2004-11-13 11:33 1,418,304 ----a-w C:\Program Files\j2re-1_4_2_05-windows-i586-p-iftw.exe
2004-11-07 23:13 412 ----a-w C:\Program Files\Shortcut to PC MighytMax v1.lnk
2004-10-26 01:50 2,611,017 ----a-w C:\Program Files\PC_DocSetup.exe
2004-10-25 02:03 586,903 ----a-w C:\Program Files\PCBugDoctor_newsetup.exe
2004-10-25 01:35 120,112 ----a-w C:\Program Files\Windows-KB873018-ENU-V1.exe
2001-01-02 23:09 560 ----a-w C:\Documents and Settings\(robertjok)\PCDOC.BAT
2001-01-01 16:23 56,719 ----a-w C:\Program Files\Numb Linkin Park Jay-Z.htm
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{151B44B9-629E-451A-A31D-06DB583F4694}]
C:\WINDOWS\system32\xxyvs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2470982d-56c3-46eb-963c-cb3a490f51dc}]
C:\WINDOWS\system32\mmdlpehm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29ECBCB3-4E21-4C1A-B322-EB6A4284CDB6}]
C:\WINDOWS\system32\fcyvt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C7D372B-8983-4EB0-9941-077EA9E53CF7}]
C:\WINDOWS\system32\iifcd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D1E5AAC-DD31-4835-B2FE-A11E70BDEF04}]
C:\WINDOWS\system32\cbxut.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{667C4577-782C-4669-B52E-0FC554F099CE}]
2007-10-02 11:46 104612 --a------ C:\WINDOWS\system32\comca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B3E3A09-FC5F-4DDC-9107-A03FAC7EB77C}]
C:\WINDOWS\system32\ddcyy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{822BF3E1-9E8A-4EF4-A581-AF1EB44065EE}]
C:\WINDOWS\system32\xxyax.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FC8884C-06B4-4EEC-9832-4D0AB6EEFAE9}]
C:\WINDOWS\system32\tuvtu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD0E4820-3411-4467-9297-19A4535DF814}]
C:\WINDOWS\system32\iiiih.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5757524-7A83-4CA4-B468-A3C3ED7438DC}]
C:\WINDOWS\system32\tusqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C982FD88-7033-4ACC-9F64-3A97B295615F}]
C:\WINDOWS\system32\awtqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0661C73-7BDB-44F5-AE7B-D1A9AF479158}]
C:\WINDOWS\system32\ljhef.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9ACC15B-565F-474B-968A-B7DECD74D868}]
C:\WINDOWS\system32\efebb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB301D81-C7B8-47E0-A256-8BC033CE4657}]
C:\WINDOWS\system32\xxyxw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC42E563-F1AC-4F3C-8412-DB501F785FFF}]
C:\WINDOWS\system32\ddcdd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2001-12-23 18:02 C:\WINDOWS\system32\carpserv.exe]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-06-24 21:11]
"QuickFinder Scheduler"="C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.exe" [2001-10-02 01:36]
"PPMemCheck"="c:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 07:53]
"PestPatrol Control Center"="c:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 11:49]
"CookiePatrol"="c:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 09:35]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2005-04-18 13:39]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2005-01-20 19:47]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 16:54]
"PCDRealtime"="C:\WINDOWS\realtime.exe" [2004-08-29 13:07]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-11-30 01:19]
"DeadAIM"="C:\PROGRA~1\AIM\\DeadAIM.ocm" [2003-02-24 16:11]
"HostManager"="C:\Program Files\Common Files\AOL\1154800874\ee\AOLSoftware.exe" [2006-03-08 13:38]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-03-27 10:57]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-24 19:24]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 08:32]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-03 18:13]
"SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [2007-09-17 13:40]
"SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [2007-09-17 13:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mozilla Quick Launch"="C:\Program Files\Netscape\Netscape\Netscp.exe" [2004-08-04 16:41]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [2004-06-18 22:04]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-03-11 10:48:38]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 2007-08-22 15:25 167936 C:\Program Files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R0 ptuihmdc;ptuihmdc;C:\WINDOWS\system32\drivers\jlrnwdyj.dat
R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"

.
Contents of the 'Scheduled Tasks' folder
"2007-10-15 02:40:06 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 21:38:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-14 21:40:53 - machine was rebooted
.
--- E O F ---

new Hijack This log

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\LEXPPS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1154800874\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy_name:8080
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\(robertjok)\Application Data\Mozilla\Profiles\default\znfnd5if.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\(robertjok)\Application Data\Mozilla\Profiles\default\znfnd5if.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {151B44B9-629E-451A-A31D-06DB583F4694} - C:\WINDOWS\system32\xxyvs.dll (file missing)
O2 - BHO: {cd15f094-a3bc-c369-be64-3c65d2890742} - {2470982d-56c3-46eb-963c-cb3a490f51dc} - C:\WINDOWS\system32\mmdlpehm.dll (file missing)
O2 - BHO: (no name) - {29ECBCB3-4E21-4C1A-B322-EB6A4284CDB6} - C:\WINDOWS\system32\fcyvt.dll (file missing)
O2 - BHO: (no name) - {2C7D372B-8983-4EB0-9941-077EA9E53CF7} - C:\WINDOWS\system32\iifcd.dll (file missing)
O2 - BHO: (no name) - {3D1E5AAC-DD31-4835-B2FE-A11E70BDEF04} - C:\WINDOWS\system32\cbxut.dll (file missing)
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {667C4577-782C-4669-B52E-0FC554F099CE} - C:\WINDOWS\system32\comca.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7B3E3A09-FC5F-4DDC-9107-A03FAC7EB77C} - C:\WINDOWS\system32\ddcyy.dll (file missing)
O2 - BHO: (no name) - {822BF3E1-9E8A-4EF4-A581-AF1EB44065EE} - C:\WINDOWS\system32\xxyax.dll (file missing)
O2 - BHO: (no name) - {9FC8884C-06B4-4EEC-9832-4D0AB6EEFAE9} - C:\WINDOWS\system32\tuvtu.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {BD0E4820-3411-4467-9297-19A4535DF814} - C:\WINDOWS\system32\iiiih.dll (file missing)
O2 - BHO: (no name) - {C5757524-7A83-4CA4-B468-A3C3ED7438DC} - C:\WINDOWS\system32\tusqp.dll (file missing)
O2 - BHO: (no name) - {C982FD88-7033-4ACC-9F64-3A97B295615F} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: (no name) - {D0661C73-7BDB-44F5-AE7B-D1A9AF479158} - C:\WINDOWS\system32\ljhef.dll (file missing)
O2 - BHO: (no name) - {E9ACC15B-565F-474B-968A-B7DECD74D868} - C:\WINDOWS\system32\efebb.dll (file missing)
O2 - BHO: (no name) - {EB301D81-C7B8-47E0-A256-8BC033CE4657} - C:\WINDOWS\system32\xxyxw.dll (file missing)
O2 - BHO: (no name) - {FC42E563-F1AC-4F3C-8412-DB501F785FFF} - C:\WINDOWS\system32\ddcdd.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.exe"
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154800874\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.co...
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/...
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://H:\components\Liquid.ocx
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://wproxy.bcm.tmc.edu/brain/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.sanctuarydsante.com/imag...
O24 - Desktop Component 1: (no name) - http://www.andrewg.ca/images/backgr...
O24 - Desktop Component 10: (no name) - http://www.wfu.edu/images/bg-sub.gif
O24 - Desktop Component 2: (no name) - http://cdn-channels.netscape.com/ga...
O24 - Desktop Component 3: (no name) - http://www.ramadabeach.com/images/b...
O24 - Desktop Component 4: (no name) - http://driversed.com/images/home/ba...
O24 - Desktop Component 5: (no name) - http://www.amplandmovies.com/images...
O24 - Desktop Component 6: (no name) - http://www.princetonreview.com/imag...
O24 - Desktop Component 7: (no name) - http://www.consumerhealthdigest.com...
O24 - Desktop Component 8: (no name) - http://img.ultimate-guitar.com/_img...
O24 - Desktop Component 9: (no name) - http://www.horizonfamilymedical.com...

--
End of file - 14934 bytes

rjk


0

Response Number 5
Name: jabuck
Date: October 15, 2007 at 13:00:25 Pacific
Reply:

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\fehjl.bak2
C:\WINDOWS\system32\fehjl.bak1
C:\WINDOWS\system32\xayxx.bak1
C:\WINDOWS\system32\utvut.bak1
C:\WINDOWS\system32\wxyxx.bak1
C:\WINDOWS\system32\dpseria.dll
C:\WINDOWS\system32\drivers\jlrnwdyj.dat
C:\WINDOWS\system32\drivers\iwotkxbw.dat
C:\WINDOWS\system32\comca.dll
C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\bbefe.bak1
C:\WINDOWS\system32\tvycf.bak1
C:\WINDOWS\system32\tuxbc.bak1
C:\WINDOWS\system32\pqsut.bak1
C:\WINDOWS\system32\dcfii.bak1
C:\WINDOWS\system32\svyxx.bak1
C:\WINDOWS\system32\nqtwa.bak1
C:\WINDOWS\system32\ddcdd.bak1
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Run Hijack This, close all windows and browsers except Hijack This, place a check in the box to the left of the following items and press "fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_...

O2 - BHO: (no name) - {151B44B9-629E-451A-A31D-06DB583F4694} - C:\WINDOWS\system32\xxyvs.dll (file missing)

O2 - BHO: {cd15f094-a3bc-c369-be64-3c65d2890742} - {2470982d-56c3-46eb-963c-cb3a490f51dc} - C:\WINDOWS\system32\mmdlpehm.dll (file missing)

O2 - BHO: (no name) - {29ECBCB3-4E21-4C1A-B322-EB6A4284CDB6} - C:\WINDOWS\system32\fcyvt.dll (file missing)

O2 - BHO: (no name) - {2C7D372B-8983-4EB0-9941-077EA9E53CF7} - C:\WINDOWS\system32\iifcd.dll (file missing)

O2 - BHO: (no name) - {3D1E5AAC-DD31-4835-B2FE-A11E70BDEF04} - C:\WINDOWS\system32\cbxut.dll (file missing)

O2 - BHO: (no name) - {667C4577-782C-4669-B52E-0FC554F099CE} - C:\WINDOWS\system32\comca.dll

O2 - BHO: (no name) - {7B3E3A09-FC5F-4DDC-9107-A03FAC7EB77C} - C:\WINDOWS\system32\ddcyy.dll (file missing)

O2 - BHO: (no name) - {822BF3E1-9E8A-4EF4-A581-AF1EB44065EE} - C:\WINDOWS\system32\xxyax.dll (file missing)

O2 - BHO: (no name) - {9FC8884C-06B4-4EEC-9832-4D0AB6EEFAE9} - C:\WINDOWS\system32\tuvtu.dll (file missing)

O2 - BHO: (no name) - {BD0E4820-3411-4467-9297-19A4535DF814} - C:\WINDOWS\system32\iiiih.dll (file missing)

O2 - BHO: (no name) - {C5757524-7A83-4CA4-B468-A3C3ED7438DC} - C:\WINDOWS\system32\tusqp.dll (file missing)

O2 - BHO: (no name) - {C982FD88-7033-4ACC-9F64-3A97B295615F} - C:\WINDOWS\system32\awtqn.dll (file missing)

O2 - BHO: (no name) - {D0661C73-7BDB-44F5-AE7B-D1A9AF479158} - C:\WINDOWS\system32\ljhef.dll (file missing)

O2 - BHO: (no name) - {E9ACC15B-565F-474B-968A-B7DECD74D868} - C:\WINDOWS\system32\efebb.dll (file missing)

O2 - BHO: (no name) - {EB301D81-C7B8-47E0-A256-8BC033CE4657} - C:\WINDOWS\system32\xxyxw.dll (file missing)

O2 - BHO: (no name) - {FC42E563-F1AC-4F3C-8412-DB501F785FFF} - C:\WINDOWS\system32\ddcdd.dll (file missing)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Exit Hijack This.

Post a new Combofix log and a new Hijack This log please.



0

Related Posts

See More



Response Number 6
Name: robertjok
Date: October 18, 2007 at 10:12:47 Pacific
Reply:

Please find new Combofix and Hijack This logs as requested.

FILE::
C:\WINDOWS\system32\bbefe.bak1
C:\WINDOWS\system32\comca.dll
C:\WINDOWS\system32\dcfii.bak1
C:\WINDOWS\system32\ddcdd.bak1
C:\WINDOWS\system32\dpseria.dll
C:\WINDOWS\system32\drivers\iwotkxbw.dat
C:\WINDOWS\system32\drivers\jlrnwdyj.dat
C:\WINDOWS\system32\fehjl.bak1
C:\WINDOWS\system32\fehjl.bak2
C:\WINDOWS\system32\nqtwa.bak1
C:\WINDOWS\system32\pqsut.bak1
C:\WINDOWS\system32\svyxx.bak1
C:\WINDOWS\system32\tuxbc.bak1
C:\WINDOWS\system32\tvycf.bak1
C:\WINDOWS\system32\utvut.bak1
C:\WINDOWS\system32\wxyxx.bak1
C:\WINDOWS\system32\xayxx.bak1
C:\WINDOWS\system32\yycdd.bak1
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bbefe.bak1
C:\WINDOWS\system32\dcfii.bak1
C:\WINDOWS\system32\ddcdd.bak1
C:\WINDOWS\system32\fehjl.bak1
C:\WINDOWS\system32\fehjl.bak2
C:\WINDOWS\system32\nqtwa.bak1
C:\WINDOWS\system32\pqsut.bak1
C:\WINDOWS\system32\svyxx.bak1
C:\WINDOWS\system32\tuxbc.bak1
C:\WINDOWS\system32\tvycf.bak1
C:\WINDOWS\system32\utvut.bak1
C:\WINDOWS\system32\wxyxx.bak1
C:\WINDOWS\system32\xayxx.bak1
C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\comca.dll . . . . failed to delete
C:\WINDOWS\system32\drivers\iwotkxbw.dat . . . . failed to delete
C:\WINDOWS\system32\drivers\jlrnwdyj.dat . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2007-09-18 to 2007-10-18 )))))))))))))))))))))))))))))))
.

2007-10-14 21:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 21:06 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-13 10:20 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-10-12 13:03 <DIR> d-------- C:\Documents and Settings\CK\Application Data\EAST Technologies
2007-10-12 12:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\EAST Technologies
2007-10-10 15:29 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-10 15:16 3,348 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-10 15:15 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-10 15:15 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-10 15:15 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-10 15:15 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-10 15:15 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-09 13:20 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 02:52 <DIR> d-------- C:\sdel
2007-10-08 22:09 <DIR> d-------- C:\Program Files\SpywareDetector
2007-10-08 22:09 270,336 --a------ C:\WINDOWS\system32\CheckDll.dll
2007-10-08 22:09 67,024 --a------ C:\WINDOWS\system32\CloseAll.exe
2007-10-08 22:09 11,728 --a------ C:\WINDOWS\system32\SDEarlyDelete.exe
2007-10-08 21:23 123 --a------ C:\WINDOWS\system\SysSD.dll
2007-10-08 21:22 7,362,440 --a------ C:\Program Files\spywaredetectorb.exe
2007-10-08 18:06 <DIR> d-------- C:\Documents and Settings\robertjok\Application Data\Systweak
2007-10-08 18:05 <DIR> d-------- C:\Program Files\Advanced System Optimizer
2007-10-08 18:03 11,433,232 --a------ C:\Program Files\aso_setup.exe
2007-10-07 08:42 <DIR> d-------- C:\Documents and Settings\robertjok\.housecall6.6
2007-09-28 12:00 17,664 C:\WINDOWS\system32\drivers\jlrnwdyj.dat
2007-09-28 12:00 5,120 C:\WINDOWS\system32\drivers\iwotkxbw.dat
2007-09-28 11:59 104,612 --a------ C:\WINDOWS\system32\comca.dll
2007-09-25 12:53 <DIR> d-------- C:\Documents and Settings\CK\Application Data\AVG7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-22 13:12 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 13:12 658,944 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 13:12 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 13:12 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 13:12 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 13:12 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 13:12 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 13:12 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 13:12 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 13:12 3,058,176 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 13:12 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 13:12 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 13:12 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 13:12 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 13:12 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 13:12 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 13:12 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 13:12 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:30 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2006-03-04 15:30 3,684 ----a-w C:\Documents and Settings\robertjok\winmail.dat
2005-10-15 13:52 383,504 ----a-w C:\Program Files\reference.exe
2005-09-11 02:12 3,220,608 ----a-w C:\Program Files\rminstall.exe
2005-07-15 01:22 10,768,584 ----a-w C:\Program Files\Install_MSN_Messenger.exe
2005-07-09 07:10 7,364,808 ----a-w C:\Program Files\INSTALL_MSN_MESSENGER_DL.exe
2005-06-25 12:50 20,798,256 ----a-w C:\Program Files\AdbeRdr70_enu_full.exe
2005-06-17 00:27 227,190,984 ----a-w C:\Program Files\OfficeSTD.exe
2005-06-02 01:17 5,245,352 ----a-w C:\Program Files\MSN Messenger6.2SetupDl.exe
2004-11-16 07:19 295,120 ----a-w C:\Program Files\NSSetup.exe
2004-11-13 17:47 560 ----a-w C:\Documents and Settings\CK\PCDOC.BAT
2004-11-13 11:33 1,418,304 ----a-w C:\Program Files\j2re-1_4_2_05-windows-i586-p-iftw.exe
2004-11-07 23:13 412 ----a-w C:\Program Files\Shortcut to PC MighytMax v1.lnk
2004-10-26 01:50 2,611,017 ----a-w C:\Program Files\PC_DocSetup.exe
2004-10-25 02:03 586,903 ----a-w C:\Program Files\PCBugDoctor_newsetup.exe
2004-10-25 01:35 120,112 ----a-w C:\Program Files\Windows-KB873018-ENU-V1.exe
2001-01-02 23:09 560 ----a-w C:\Documents and Settings\robertjok\PCDOC.BAT
2001-01-01 16:23 56,719 ----a-w C:\Program Files\Numb Linkin Park Jay-Z.htm
.

((((((((((((((((((((((((((((( snapshot@2007-10-14_21.39.48.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-18 03:03:48 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70900000002}\SC_Reader.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{151B44B9-629E-451A-A31D-06DB583F4694}]
C:\WINDOWS\system32\xxyvs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2470982d-56c3-46eb-963c-cb3a490f51dc}]
C:\WINDOWS\system32\mmdlpehm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29ECBCB3-4E21-4C1A-B322-EB6A4284CDB6}]
C:\WINDOWS\system32\fcyvt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C7D372B-8983-4EB0-9941-077EA9E53CF7}]
C:\WINDOWS\system32\iifcd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D1E5AAC-DD31-4835-B2FE-A11E70BDEF04}]
C:\WINDOWS\system32\cbxut.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{667C4577-782C-4669-B52E-0FC554F099CE}]
2007-10-02 11:46 104612 --a------ C:\WINDOWS\system32\comca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B3E3A09-FC5F-4DDC-9107-A03FAC7EB77C}]
C:\WINDOWS\system32\ddcyy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{822BF3E1-9E8A-4EF4-A581-AF1EB44065EE}]
C:\WINDOWS\system32\xxyax.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FC8884C-06B4-4EEC-9832-4D0AB6EEFAE9}]
C:\WINDOWS\system32\tuvtu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD0E4820-3411-4467-9297-19A4535DF814}]
C:\WINDOWS\system32\iiiih.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5757524-7A83-4CA4-B468-A3C3ED7438DC}]
C:\WINDOWS\system32\tusqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C982FD88-7033-4ACC-9F64-3A97B295615F}]
C:\WINDOWS\system32\awtqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0661C73-7BDB-44F5-AE7B-D1A9AF479158}]
C:\WINDOWS\system32\ljhef.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9ACC15B-565F-474B-968A-B7DECD74D868}]
C:\WINDOWS\system32\efebb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB301D81-C7B8-47E0-A256-8BC033CE4657}]
C:\WINDOWS\system32\xxyxw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC42E563-F1AC-4F3C-8412-DB501F785FFF}]
C:\WINDOWS\system32\ddcdd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2001-12-23 18:02 C:\WINDOWS\system32\carpserv.exe]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-06-24 21:11]
"QuickFinder Scheduler"="C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.exe" [2001-10-02 01:36]
"PPMemCheck"="c:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 07:53]
"PestPatrol Control Center"="c:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 11:49]
"CookiePatrol"="c:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 09:35]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2005-04-18 13:39]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2005-01-20 19:47]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 16:54]
"PCDRealtime"="C:\WINDOWS\realtime.exe" [2004-08-29 13:07]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-11-30 01:19]
"DeadAIM"="C:\PROGRA~1\AIM\\DeadAIM.ocm" [2003-02-24 16:11]
"HostManager"="C:\Program Files\Common Files\AOL\1154800874\ee\AOLSoftware.exe" [2006-03-08 13:38]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-03-27 10:57]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-24 19:24]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 08:32]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-03 18:13]
"SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [2007-09-17 13:40]
"SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [2007-09-17 13:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mozilla Quick Launch"="C:\Program Files\Netscape\Netscape\Netscp.exe" [2004-08-04 16:41]
"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [2004-06-18 22:04]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-03-11 10:48:38]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 2007-08-22 15:25 167936 C:\Program Files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R0 ptuihmdc;ptuihmdc;C:\WINDOWS\system32\drivers\jlrnwdyj.dat
R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"

.
Contents of the 'Scheduled Tasks' folder
"2007-10-18 16:20:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-18 11:22:24
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-18 11:24:37 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-14 21:40
.
--- E O F ---


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\LEXPPS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1154800874\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy_name:8080
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\DR. KOLIMAS\Application Data\Mozilla\Profiles\default\znfnd5if.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DR. KOLIMAS\Application Data\Mozilla\Profiles\default\znfnd5if.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {151B44B9-629E-451A-A31D-06DB583F4694} - C:\WINDOWS\system32\xxyvs.dll (file missing)
O2 - BHO: {cd15f094-a3bc-c369-be64-3c65d2890742} - {2470982d-56c3-46eb-963c-cb3a490f51dc} - C:\WINDOWS\system32\mmdlpehm.dll (file missing)
O2 - BHO: (no name) - {29ECBCB3-4E21-4C1A-B322-EB6A4284CDB6} - C:\WINDOWS\system32\fcyvt.dll (file missing)
O2 - BHO: (no name) - {2C7D372B-8983-4EB0-9941-077EA9E53CF7} - C:\WINDOWS\system32\iifcd.dll (file missing)
O2 - BHO: (no name) - {3D1E5AAC-DD31-4835-B2FE-A11E70BDEF04} - C:\WINDOWS\system32\cbxut.dll (file missing)
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {667C4577-782C-4669-B52E-0FC554F099CE} - C:\WINDOWS\system32\comca.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7B3E3A09-FC5F-4DDC-9107-A03FAC7EB77C} - C:\WINDOWS\system32\ddcyy.dll (file missing)
O2 - BHO: (no name) - {822BF3E1-9E8A-4EF4-A581-AF1EB44065EE} - C:\WINDOWS\system32\xxyax.dll (file missing)
O2 - BHO: (no name) - {9FC8884C-06B4-4EEC-9832-4D0AB6EEFAE9} - C:\WINDOWS\system32\tuvtu.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {BD0E4820-3411-4467-9297-19A4535DF814} - C:\WINDOWS\system32\iiiih.dll (file missing)
O2 - BHO: (no name) - {C5757524-7A83-4CA4-B468-A3C3ED7438DC} - C:\WINDOWS\system32\tusqp.dll (file missing)
O2 - BHO: (no name) - {C982FD88-7033-4ACC-9F64-3A97B295615F} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: (no name) - {D0661C73-7BDB-44F5-AE7B-D1A9AF479158} - C:\WINDOWS\system32\ljhef.dll (file missing)
O2 - BHO: (no name) - {E9ACC15B-565F-474B-968A-B7DECD74D868} - C:\WINDOWS\system32\efebb.dll (file missing)
O2 - BHO: (no name) - {EB301D81-C7B8-47E0-A256-8BC033CE4657} - C:\WINDOWS\system32\xxyxw.dll (file missing)
O2 - BHO: (no name) - {FC42E563-F1AC-4F3C-8412-DB501F785FFF} - C:\WINDOWS\system32\ddcdd.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.exe"
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154800874\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.co...
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/...
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://H:\components\Liquid.ocx
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://wproxy.bcm.tmc.edu/brain/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.sanctuarydsante.com/imag...
O24 - Desktop Component 1: (no name) - http://www.andrewg.ca/images/backgr...
O24 - Desktop Component 10: (no name) - http://www.wfu.edu/images/bg-sub.gif
O24 - Desktop Component 2: (no name) - http://cdn-channels.netscape.com/ga...
O24 - Desktop Component 3: (no name) - http://www.ramadabeach.com/images/b...
O24 - Desktop Component 4: (no name) - http://driversed.com/images/home/ba...
O24 - Desktop Component 5: (no name) - http://www.amplandmovies.com/images...
O24 - Desktop Component 6: (no name) - http://www.princetonreview.com/imag...
O24 - Desktop Component 7: (no name) - http://www.consumerhealthdigest.com...
O24 - Desktop Component 8: (no name) - http://img.ultimate-guitar.com/_img...
O24 - Desktop Component 9: (no name) - http://www.horizonfamilymedical.com...

--
End of file - 14642 bytes


rjk


0

Response Number 7
Name: jabuck
Date: October 18, 2007 at 20:56:29 Pacific
Reply:

It appears that you are using two antivirus programs. These programs will conflict causing problems. You should decide which av program you want to use then uninstall the other.

Run Hijack This, close all windows and browsers except Hijack this, place a check to the left of the following items and press "fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_...

O2 - BHO: (no name) - {151B44B9-629E-451A-A31D-06DB583F4694} - C:\WINDOWS\system32\xxyvs.dll (file missing)

O2 - BHO: {cd15f094-a3bc-c369-be64-3c65d2890742} - {2470982d-56c3-46eb-963c-cb3a490f51dc} - C:\WINDOWS\system32\mmdlpehm.dll (file missing)

O2 - BHO: (no name) - {29ECBCB3-4E21-4C1A-B322-EB6A4284CDB6} - C:\WINDOWS\system32\fcyvt.dll (file missing)

O2 - BHO: (no name) - {2C7D372B-8983-4EB0-9941-077EA9E53CF7} - C:\WINDOWS\system32\iifcd.dll (file missing)

O2 - BHO: (no name) - {3D1E5AAC-DD31-4835-B2FE-A11E70BDEF04} - C:\WINDOWS\system32\cbxut.dll (file missing)

O2 - BHO: (no name) - {667C4577-782C-4669-B52E-0FC554F099CE} - C:\WINDOWS\system32\comca.dll

O2 - BHO: (no name) - {7B3E3A09-FC5F-4DDC-9107-A03FAC7EB77C} - C:\WINDOWS\system32\ddcyy.dll (file missing)

O2 - BHO: (no name) - {822BF3E1-9E8A-4EF4-A581-AF1EB44065EE} - C:\WINDOWS\system32\xxyax.dll (file missing)

O2 - BHO: (no name) - {9FC8884C-06B4-4EEC-9832-4D0AB6EEFAE9} - C:\WINDOWS\system32\tuvtu.dll (file missing)

O2 - BHO: (no name) - {BD0E4820-3411-4467-9297-19A4535DF814} - C:\WINDOWS\system32\iiiih.dll (file missing)

O2 - BHO: (no name) - {C5757524-7A83-4CA4-B468-A3C3ED7438DC} - C:\WINDOWS\system32\tusqp.dll (file missing)

O2 - BHO: (no name) - {C982FD88-7033-4ACC-9F64-3A97B295615F} - C:\WINDOWS\system32\awtqn.dll (file missing)

O2 - BHO: (no name) - {D0661C73-7BDB-44F5-AE7B-D1A9AF479158} - C:\WINDOWS\system32\ljhef.dll (file missing)

O2 - BHO: (no name) - {E9ACC15B-565F-474B-968A-B7DECD74D868} - C:\WINDOWS\system32\efebb.dll (file missing)

O2 - BHO: (no name) - {EB301D81-C7B8-47E0-A256-8BC033CE4657} - C:\WINDOWS\system32\xxyxw.dll (file missing)

O2 - BHO: (no name) - {FC42E563-F1AC-4F3C-8412-DB501F785FFF} - C:\WINDOWS\system32\ddcdd.dll (file missing)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Exit Hijack This.

Go to start> control panel> admistrative tools> services> scroll down to "ptuihmdc" > double click it> click stop> apply> ok.(it may not stop).
Double click it again> click the drop down arrow on the far right of "startup type">click disable> apply>ok.

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\drivers\jlrnwdyj.dat
C:\WINDOWS\system32\drivers\iwotkxbw.dat
C:\WINDOWS\system32\comca.dll
C:\Program Files\spywaredetectorb.exe
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Post a new Hijack This log and a new Combofix log please.



0

Response Number 8
Name: robertjok
Date: November 4, 2007 at 09:49:43 Pacific
Reply:

Sorry, it took me so long to remove all my virus programs but one and I was only able to complete requested tasks up to "Exit Hijack This." Please find the new Hijack This log below:
I could not locate "ptuihmdc" under services/administrative tools/control panel.
It did not resemble anything among the scrolled list and could not locate it or its meaning through help. I assume I needed to complete this task before running ComboFix and generating a new log.
Please help me complete these tasks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:01 AM, on 11/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\LEXPPS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1154800874\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy_name:8080
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\DR. KOLIMAS\Application Data\Mozilla\Profiles\default\znfnd5if.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DR. KOLIMAS\Application Data\Mozilla\Profiles\default\znfnd5if.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {667C4577-782C-4669-B52E-0FC554F099CE} - C:\WINDOWS\system32\comca.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.exe"
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154800874\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.co...
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/...
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://H:\components\Liquid.ocx
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://wproxy.bcm.tmc.edu/brain/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.sanctuarydsante.com/imag...
O24 - Desktop Component 1: (no name) - http://www.andrewg.ca/images/backgr...
O24 - Desktop Component 10: (no name) - http://www.wfu.edu/images/bg-sub.gif
O24 - Desktop Component 2: (no name) - http://cdn-channels.netscape.com/ga...
O24 - Desktop Component 3: (no name) - http://www.ramadabeach.com/images/b...
O24 - Desktop Component 4: (no name) - http://driversed.com/images/home/ba...
O24 - Desktop Component 5: (no name) - http://www.amplandmovies.com/images...
O24 - Desktop Component 6: (no name) - http://www.princetonreview.com/imag...
O24 - Desktop Component 7: (no name) - http://www.consumerhealthdigest.com...
O24 - Desktop Component 8: (no name) - http://img.ultimate-guitar.com/_img...
O24 - Desktop Component 9: (no name) - http://www.horizonfamilymedical.com...

--
End of file - 11897 bytes

rjk


0

Response Number 9
Name: robertjok
Date: November 19, 2007 at 07:06:04 Pacific
Reply:

This is request to jabuck or to whom has been responding to my messages. Please let me know if I should still expect future responses to my problem. If you are no longer able to assist me please advise - should I submit a new original request or try an alternative computer help site?

rjk


0

Sponsored Link
Ads by Google
Reply to Message Icon



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: Trojan horse BHO.BHJ removal
Cant get rid Trojan horse BHO.BHJ www.computing.net/answers/security/cant-get-rid-trojan-horse-bhobhj/21667.html

Help to remove trojan horse BHO.EOV www.computing.net/answers/security/help-to-remove-trojan-horse-bhoeov/23017.html

Trojan horse bho.x www.computing.net/answers/security/trojan-horse-bhox/23703.html