Problems with popups.....control panel [Archive]

View Full Version : Problems with popups.....control panel

Cecil

2007-11-20, 21:15

Control Panel is restricted....popups galore

Computer shuts off when I tried to use Ad-Aware and Spybot....thanks for the help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:57 PM, on 11/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Media Player\mexe77798.exe
C:\WINDOWS\TEMP\win3D.tmp.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.linksys.com/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Ykimoyls\xkstxdvg.dll
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - C:\Program Files\igelvfdk\tfimdlve.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B7DCA167-648E-4509-DE2E-4AE678875B9F} - C:\WINDOWS\System32\hjxpkduv.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v5.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DBE80DC744B6CDE3F546CAC59B6
O4 - HKLM\..\Run: [ShareSearcher] C:\wsusupd.exe
O4 - HKLM\..\Run: [mexe] C:\Program Files\Windows Media Player\mexe77798.exe
O4 - HKLM\..\Run: [lanmanwrk.exe] C:\WINDOWS\System32\lanmanwrk.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win3D.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [{79-93-33-39-ZN}] c:\windows\system32\dwdsrngt.exe CHD001
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvwuj.dll,startup
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe
O4 - HKLM\..\Run: [xmjwtgtw] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\xmjwtgtw.dll"
O4 - HKLM\..\Run: [turwlcxk] rundll32.exe "C:\Program Files\turwlcxk\xifsjmfy.dll",Init
O4 - HKLM\..\Run: [hmbwhydi] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hmbwhydi.dll"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernelwind32.exe
O4 - HKLM\..\Run: [xsxazqvo] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\xsxazqvo.dll"
O4 - HKLM\..\Run: [ojmbmnob] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ojmbmnob.dll"
O4 - HKLM\..\Run: [io43mvuiw4kj] C:\WINDOWS\io43mvuiw4kj.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: .protected
O4 - Startup: findfast.exe
O4 - Global Startup: .protected
O4 - Global Startup: autorun.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Katie\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: winhld32 - C:\WINDOWS\SYSTEM32\winhld32.dll
O20 - Winlogon Notify: __c00DBF52 - C:\WINDOWS\System32\__c00DBF52.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWlsbGVyIEZhbWlseQ\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft Inet Service - Unknown owner - C:\WINDOWS\System32\_svchost.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\ComPlus Applications\rteleciso.html

--
End of file - 7287 bytes

Shaba

2007-11-22, 10:15

Hi Cecil

1. Download combofix from one of these links and save it to Desktop:
Link1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link2 (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report

Cecil

2007-11-28, 04:20

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:13 PM, on 11/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Media Player\mexe77798.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.linksys.com/
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Ykimoyls\xkstxdvg.dll
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - C:\Program Files\igelvfdk\tfimdlve.dll
O2 - BHO: (no name) - {4A54500A-65FE-4F4A-B860-20EAE2F577F9} - C:\WINDOWS\System32\qomlmlk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v5.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mexe] C:\Program Files\Windows Media Player\mexe77798.exe
O4 - HKLM\..\Run: [{79-93-33-39-ZN}] c:\windows\system32\dwdsrngt.exe CHD001
O4 - HKLM\..\Run: [io43mvuiw4kj] C:\WINDOWS\io43mvuiw4kj.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Katie\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: qomlmlk - C:\WINDOWS\SYSTEM32\qomlmlk.dll
O20 - Winlogon Notify: __c00DBF52 - C:\WINDOWS\System32\__c00DBF52.dat (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft Inet Service - Unknown owner - C:\WINDOWS\System32\_svchost.exe (file missing)

--
End of file - 5705 bytes

Cecil

2007-11-28, 04:22

Had to break this into 2 parts.....

ComboFix 07-11-19.4 - Cecil 2007-11-27 22:06:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.278 [GMT -5:00]
Running from: C:\Documents and Settings\Cecil\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.protected
C:\7.tmp
C:\9.tmp
C:\D.tmp
C:\Documents and Settings\All Users\Application Data.\hmbwhydi.dll
C:\Documents and Settings\All Users\Application Data.\ojmbmnob.dll
C:\Documents and Settings\All Users\Application Data.\xmjwtgtw.dll
C:\Documents and Settings\All Users\Application Data.\xsxazqvo.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Documents and Settings\Cecil\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\Cecil\Start Menu\Programs\Startup\findfast.exe
C:\Documents and Settings\Katie\Desktop\Find Spyware Remover.lnk
C:\Documents and Settings\Katie\Start Menu\Programs\Startup\findfast.exe
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Matt\Application Data\Ultimate Defender
C:\Documents and Settings\Matt\Desktop\searchus.exe
C:\Documents and Settings\Matt\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\Matt\Start Menu\Programs\Startup\findfast.exe
C:\Documents and Settings\Megan\Application Data\Ultimate Defender
C:\Documents and Settings\Megan\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\Megan\Start Menu\Programs\Startup\findfast.exe
C:\Documents and Settings\Zach\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\Zach\Start Menu\Programs\Startup\findfast.exe
C:\Program Files\3269.exe
C:\Program Files\AVSystemCare
C:\Program Files\AVSystemCare\Activate.exe
C:\Program Files\AVSystemCare\Config\pgs.xml
C:\Program Files\AVSystemCare\Dat\BkSites.dat
C:\Program Files\AVSystemCare\Dat\is-MPJCD.tmp
C:\Program Files\AVSystemCare\FMTR.sys
C:\Program Files\AVSystemCare\fopnl.dll
C:\Program Files\AVSystemCare\Graphics\cross.gif
C:\Program Files\AVSystemCare\Graphics\ga6p.gif
C:\Program Files\AVSystemCare\Graphics\main.ico
C:\Program Files\AVSystemCare\Graphics\mini.ico
C:\Program Files\AVSystemCare\Graphics\support.ico
C:\Program Files\AVSystemCare\Graphics\uninstall.ico
C:\Program Files\AVSystemCare\LA\License.rtf
C:\Program Files\AVSystemCare\pgs.exe
C:\Program Files\AVSystemCare\Restart.exe
C:\Program Files\AVSystemCare\rpt.dll
C:\Program Files\AVSystemCare\RTasks.exe
C:\Program Files\AVSystemCare\scnkrnl.dll
C:\Program Files\AVSystemCare\sqlite3.dll
C:\Program Files\AVSystemCare\Tools\IEFWBHO.dll
C:\Program Files\AVSystemCare\Tools\pg.dll
C:\Program Files\AVSystemCare\unins000.dat
C:\Program Files\AVSystemCare\unins000.exe
C:\Program Files\AVSystemCare\Up\gup.exe
C:\Program Files\Common Files\AVSystemCare
C:\Program Files\Common Files\AVSystemCare\ugcw.exe
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\ComPlus Applications\rteleciso.html
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\00CFAEEE.dat
C:\Program Files\inetget2
C:\Program Files\inetget2\emg.exe
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack9.exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\spamblockerutility
C:\Program Files\sstem3~1
C:\Program Files\sstem3~1\ntvdm.exe
C:\Program Files\sstem3~1\s?stem32\
C:\Program Files\Temporary
C:\Program Files\Temporary\wininstall.exe
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\Program Files\web buying
C:\Program Files\WinAble
C:\Program Files\WinAble\winable.exe
C:\Redemption.ECF
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fCOe
C:\Temp\fCOe\tOasF.log
C:\temp\tn3
C:\WINDOWS\.protected
C:\WINDOWS\avp.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b111.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\mgrs.exe
C:\WINDOWS\ppatch~1
C:\WINDOWS\shell.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\sstem~1
C:\WINDOWS\sstem~1\t?skmgr.exe
C:\WINDOWS\system32\__c00DBF52.dat
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\drivers\fmtr.sys
C:\WINDOWS\system32\fibagbia
C:\WINDOWS\system32\fibagbia\bg1.gif
C:\WINDOWS\system32\fibagbia\bgtop.gif
C:\WINDOWS\system32\fibagbia\bottom1.gif
C:\WINDOWS\system32\fibagbia\essentials.gif
C:\WINDOWS\system32\fibagbia\fibagbia1.exe
C:\WINDOWS\system32\fibagbia\fibagbia2.exe
C:\WINDOWS\system32\fibagbia\fibagbia3.exe
C:\WINDOWS\system32\fibagbia\icon1.ico
C:\WINDOWS\system32\fibagbia\install1.gif
C:\WINDOWS\system32\fibagbia\left1.gif
C:\WINDOWS\system32\fibagbia\li.gif
C:\WINDOWS\system32\fibagbia\logo.gif
C:\WINDOWS\system32\fibagbia\main.htm
C:\WINDOWS\system32\fibagbia\mainframe.htm
C:\WINDOWS\system32\fibagbia\reinstall1.gif
C:\WINDOWS\system32\fibagbia\right1.gif
C:\WINDOWS\system32\fibagbia\s1.htm
C:\WINDOWS\system32\fibagbia\s2.htm
C:\WINDOWS\system32\fibagbia\s3.htm
C:\WINDOWS\system32\fibagbia\SMTop1.gif
C:\WINDOWS\system32\fibagbia\SMTop2.gif
C:\WINDOWS\system32\fibagbia\SMTop3.gif
C:\WINDOWS\system32\fibagbia\SMTop4.gif
C:\WINDOWS\system32\fibagbia\soft1_off.gif
C:\WINDOWS\system32\fibagbia\soft1_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft1_on.gif
C:\WINDOWS\system32\fibagbia\soft1_on_ext.gif
C:\WINDOWS\system32\fibagbia\soft2_off.gif
C:\WINDOWS\system32\fibagbia\soft2_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft2_on.gif
C:\WINDOWS\system32\fibagbia\soft2_on_ext.gif
C:\WINDOWS\system32\fibagbia\soft3_off.gif
C:\WINDOWS\system32\fibagbia\soft3_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft3_on.gif
C:\WINDOWS\system32\fibagbia\soft3_on_ext.gif
C:\WINDOWS\system32\fibagbia\softbottom_off.gif
C:\WINDOWS\system32\fibagbia\softbottom_on.gif
C:\WINDOWS\system32\fibagbia\softleft_off.gif
C:\WINDOWS\system32\fibagbia\softleft_on.gif
C:\WINDOWS\system32\fibagbia\top1.gif
C:\WINDOWS\system32\fibagbia\top2.gif
C:\WINDOWS\system32\fibagbia\turnoff1.gif
C:\WINDOWS\system32\fibagbia\turnon1.gif
C:\WINDOWS\system32\g2
C:\WINDOWS\system32\hjxpkduv.dll
C:\WINDOWS\system32\i2
C:\WINDOWS\system32\icqmlib.exe
C:\WINDOWS\system32\iepref32.dll
C:\WINDOWS\system32\ierplc.dll
C:\WINDOWS\system32\ips.dll
C:\WINDOWS\system32\kernelw.sys
C:\WINDOWS\system32\lanmandrv.sys
C:\WINDOWS\system32\lanmanwrk.exe
C:\WINDOWS\system32\laprxy.dllexe
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\n8
C:\WINDOWS\system32\n8\ensts2dll.exe
C:\WINDOWS\system32\nqtss.bak1
C:\WINDOWS\system32\nqtss.ini
C:\WINDOWS\system32\ocxapi.dll
C:\WINDOWS\system32\ocxloader.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\qmopt.dll
C:\WINDOWS\system32\spoolvs.exe
C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\wcpsvit32.exe
C:\WINDOWS\system32\winhld32.dll
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\xlibgfl254.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\TWlsbGVyIEZhbWlseQ\asappsrv.dll
C:\WINDOWS\uninst2.htm
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\unist1.htm
C:\xcrashdump.dat

Cecil

2007-11-28, 04:23

Here's the rest of it....thanks again for the help

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DRIVER
-------\LEGACY_LANMANDRV
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\core
-------\Driver
-------\lanmandrv
-------\Network Monitor

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.

2007-11-20 16:53 148,593 --a------ C:\Documents and Settings\Cecil\p423ck.exe
2007-11-20 16:14 <DIR> d-------- C:\WINDOWS\system32\rMa01yy
2007-11-20 16:14 <DIR> d-------- C:\WINDOWS\system32\cc1
2007-11-20 16:14 <DIR> d-------- C:\Temp\abW9
2007-11-20 16:14 533,387 --a------ C:\Temp\u900Y714.exe
2007-11-20 16:14 36,864 --a------ C:\WINDOWS\system32\qomlmlk.dll
2007-11-20 15:12 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-20 14:02 <DIR> d-------- C:\VundoFix Backups
2007-11-20 13:24 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-11-20 13:24 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-11-20 13:24 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-11-20 13:24 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-11-20 13:24 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-20 13:21 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-11-20 12:49 150,016 --a--c--- C:\WINDOWS\system32\dllcache\winzm.ime
2007-11-20 12:49 150,016 --a--c--- C:\WINDOWS\system32\dllcache\winsp.ime
2007-11-20 12:49 150,016 --a--c--- C:\WINDOWS\system32\dllcache\winpy.ime
2007-11-20 12:49 74,752 --a--c--- C:\WINDOWS\system32\dllcache\winar30.ime
2007-11-20 12:49 69,120 --a--c--- C:\WINDOWS\system32\dllcache\wingb.ime
2007-11-20 12:49 61,952 --a--c--- C:\WINDOWS\system32\dllcache\winime.ime
2007-11-20 12:49 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2007-11-20 12:49 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2007-11-20 12:48 98,304 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.dll
2007-11-20 12:47 240,640 --a--c--- C:\WINDOWS\system32\dllcache\httpext.dll
2007-11-20 12:47 65,536 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
2007-11-20 12:47 54,272 --a--c--- C:\WINDOWS\system32\dllcache\httpod51.dll
2007-11-20 12:47 43,520 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_fcachdll.dll
2007-11-20 12:47 24,632 --a--c--- C:\WINDOWS\system32\dllcache\fpadmcgi.exe
2007-11-20 12:47 20,541 --a--c--- C:\WINDOWS\system32\dllcache\fpadmdll.dll
2007-11-20 12:47 14,848 --a--c--- C:\WINDOWS\system32\dllcache\flattemp.exe
2007-11-20 12:47 13,312 --a--c--- C:\WINDOWS\system32\dllcache\exstrace.dll
2007-11-20 12:47 7,680 --a--c--- C:\WINDOWS\system32\dllcache\httpmb51.dll
2007-11-20 12:47 7,168 --a--c--- C:\WINDOWS\system32\dllcache\f3ahvoas.dll
2007-11-20 12:46 188,494 --a--c--- C:\WINDOWS\system32\dllcache\fpcount.exe
2007-11-20 12:46 70,144 --a--c--- C:\WINDOWS\system32\dllcache\logui.ocx
2007-11-20 12:46 59,392 --a--c--- C:\WINDOWS\system32\dllcache\iisext51.dll
2007-11-20 12:46 20,536 --a--c--- C:\WINDOWS\system32\dllcache\shtml.dll
2007-11-20 12:46 16,437 --a--c--- C:\WINDOWS\system32\dllcache\shtml.exe
2007-11-20 12:46 7,168 --a--c--- C:\WINDOWS\system32\dllcache\wamregps.dll
2007-11-20 12:44 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-11-20 12:44 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2007-11-20 12:44 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2007-11-20 12:44 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2007-11-20 12:44 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2007-11-20 12:43 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll
2007-11-20 12:38 117,248 --a------ C:\WINDOWS\system32\ksproxy.ax
2007-11-20 12:38 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-11-20 12:35 2,049,999 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2007-11-20 12:35 1,086,182 --a--c--- C:\WINDOWS\system32\dllcache\NTPRINT.CAT
2007-11-20 12:35 797,189 --a--c--- C:\WINDOWS\system32\dllcache\NT5IIS.CAT
2007-11-20 12:35 657,548 --a--c--- C:\WINDOWS\system32\dllcache\CLASSES.CAT
2007-11-20 12:35 451,856 --a--c--- C:\WINDOWS\system32\dllcache\NT5INF.CAT
2007-11-20 12:35 56,081 --a--c--- C:\WINDOWS\system32\dllcache\DAJAVAC.CAT
2007-11-20 12:35 31,405 --a--c--- C:\WINDOWS\system32\dllcache\FP4.CAT
2007-11-20 12:35 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-11-20 12:35 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-11-20 12:35 13,608 --a--c--- C:\WINDOWS\system32\dllcache\IMS.CAT
2007-11-20 12:35 13,472 --a--c--- C:\WINDOWS\system32\dllcache\HPCRDP.CAT
2007-11-20 12:35 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-11-20 12:35 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-11-20 12:35 7,382 --a--c--- C:\WINDOWS\system32\dllcache\OEMBIOS.CAT
2007-11-20 12:07 <DIR> d-------- C:\Documents and Settings\Megan\Application Data\ultra
2007-11-20 12:07 25,600 --a------ C:\Documents and Settings\Megan\Application Data\mcrupdate.exe
2007-11-20 10:15 150,576 --a------ C:\Documents and Settings\Matt\Application Data\spyguard.exe
2007-11-19 23:02 20,480 --a------ C:\WINDOWS\quit.exe
2007-11-19 22:26 104,448 --a------ C:\WINDOWS\system32\drvwuj.dll
2007-11-19 21:52 <DIR> d-------- C:\Program Files\E404 Helper
2007-11-19 21:43 <DIR> d-------- C:\Program Files\Ykimoyls
2007-11-19 21:42 <DIR> d-------- C:\Documents and Settings\Katie\Application Data\Gtek
2007-11-19 21:40 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-19 21:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-19 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-19 21:29 <DIR> d-------- C:\Program Files\Evhyinuz
2007-11-19 21:29 174,559 --ahs---- C:\WINDOWS\system32\7736A00c__.ini
2007-11-19 15:33 148,593 --a------ C:\Documents and Settings\Megan\p4ck.exe
2007-11-19 09:13 161,344 --a------ C:\Documents and Settings\Matt\Application Data\trant.exe
2007-11-19 00:18 3 --a------ C:\WINDOWS\system32\RunOnce.tmp
2007-11-18 18:07 <DIR> d-------- C:\Program Files\MalwareAlarm
2007-11-18 16:50 <DIR> d-------- C:\Documents and Settings\Matt\Application Data\ultra
2007-11-18 16:50 25,600 --a------ C:\Documents and Settings\Matt\Application Data\mcrupdate.exe
2007-11-18 13:15 <DIR> d-------- C:\Program Files\turwlcxk
2007-11-18 13:15 <DIR> d-------- C:\Program Files\Ftwaugze
2007-11-18 13:15 36,352 --a------ C:\WINDOWS\system32\nnnkihg.dll
2007-11-18 12:00 <DIR> d-------- C:\Program Files\igelvfdk
2007-11-18 10:56 9,728 --------- C:\Program Files\xloader10181.exe
2007-11-18 10:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-11-18 10:52 174,439 --ahs---- C:\WINDOWS\system32\1E7C800c__.ini
2007-11-18 10:52 102,912 --a------ C:\WINDOWS\system32\drvkev.dll
2007-11-18 10:51 0 --a------ C:\wndsoft.exe
2007-11-18 10:50 <DIR> d-------- C:\WINDOWS\system32\oTt11e
2007-11-18 10:50 <DIR> d-------- C:\Temp
2007-11-18 10:50 18,144 --------- C:\sysxtgw.exe
2007-11-18 10:50 7,713 --a------ C:\WINDOWS\system32\ldcore.dll
2007-11-18 10:49 9,728 --a------ C:\Program Files\hlpsrv.exe
2007-11-17 22:35 4,286 --a------ C:\WINDOWS\system32\everybodybets.32x32.4.ico
2007-11-14 16:20 77,824 --a------ C:\WINDOWS\MicroSoft.pif
2007-11-14 16:20 198 --a------ C:\WINDOWS\MicroSoft.vbs
2007-11-12 15:58 <DIR> d--hs---- C:\WINDOWS\TWlsbGVyIEZhbWlseQ
2007-11-11 21:31 4,286 --a------ C:\WINDOWS\system32\MobileSidewalk.ico
2007-11-11 18:57 29,995 --a------ C:\wndgqgn.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 22:10 10 ----a-w C:\Program Files\.autoreg
2007-11-04 20:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-24 22:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-24 22:36 --------- d-----w C:\Program Files\Nancy Drew
2007-10-24 22:36 --------- d-----w C:\Program Files\Barbie(TM)
2007-10-19 01:42 --------- d-----w C:\Program Files\Common Files\Borland Shared
2007-10-19 01:40 --------- d-----w C:\Program Files\Corel
2007-10-18 00:36 --------- d-----w C:\Program Files\QuickTime
2007-10-18 00:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-10-17 21:05 --------- d-----w C:\Documents and Settings\Zach\Application Data\Sierra
2007-10-17 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
2007-10-14 22:59 --------- d-----w C:\Program Files\LimeWire
2007-10-14 02:42 --------- d-----w C:\Program Files\Java
2007-10-14 02:40 --------- d-----w C:\Program Files\Common Files\Java
2007-10-11 17:27 --------- d-----w C:\Program Files\Creative
2007-10-11 16:15 --------- d-----w C:\Program Files\Analog Devices
2007-10-11 02:57 --------- d-----w C:\Program Files\Google
2007-10-11 01:29 --------- d-----w C:\Program Files\Common Files\Vivendi Universal Games
2007-10-11 00:02 --------- d-----w C:\Program Files\Activision Value
2007-10-10 22:06 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-04 09:46 142 ----a-w C:\Program Files\page.html
2007-09-12 18:52 53,248 ----a-w C:\WINDOWS\hg173.exe
2007-09-12 18:50 53,248 ----a-w C:\WINDOWS\df87173.exe
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
2006-12-03 01:05 2,522 ----a-w C:\Program Files\func.js
2006-11-25 07:57 482 ----a-w C:\Program Files\Del.js
2006-06-08 07:02 2,048 ----a-w C:\Program Files\func.exe
2005-07-29 21:24 472 --sha-r C:\WINDOWS\TWlsbGVyIEZhbWlseQ\nq5Pv3pVKHt1vq5Pyk.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}]
2007-11-19 21:43 114688 --a------ C:\Program Files\Ykimoyls\xkstxdvg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}]
2007-11-18 12:00 110592 --a------ C:\Program Files\igelvfdk\tfimdlve.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A54500A-65FE-4F4A-B860-20EAE2F577F9}]
2007-11-20 16:14 36864 --a------ C:\WINDOWS\System32\qomlmlk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]
2007-10-27 14:37 192512 --a------ C:\Program Files\QdrDrive\QdrDrive8.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
2007-11-19 21:52 18432 --a------ C:\Program Files\E404 Helper\e404.v5.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"= C:\WINDOWS\System32\WinNB58.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}]
[HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 11:01]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-12 11:11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-10-19 07:59]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-10-19 07:59]
"CTSysVol"="C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 09:43]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-17 19:36]
"mexe"="C:\Program Files\Windows Media Player\mexe77798.exe" [2007-08-07 15:30]
"{79-93-33-39-ZN}"="c:\windows\system32\dwdsrngt.exe" []
"io43mvuiw4kj"="C:\WINDOWS\io43mvuiw4kj.exe" []
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [1999-10-10 20:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-12 11:11]

C:\Documents and Settings\Megan\Start Menu\Programs\Startup\
msn_0711_upd182301.exe [2007-11-19 15:37:25]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4A54500A-65FE-4F4A-B860-20EAE2F577F9}"= C:\WINDOWS\System32\qomlmlk.dll [2007-11-20 16:14 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomlmlk]
qomlmlk.dll 2007-11-20 16:14 36864 C:\WINDOWS\system32\qomlmlk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00DBF52]
C:\WINDOWS\System32\__c00DBF52.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\ldcore.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\sstqn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll

S2 Microsoft Inet Service;Microsoft Inet Service;C:\WINDOWS\System32\_svchost.exe -A
S3 i740;i740;C:\WINDOWS\System32\DRIVERS\i740nt5.sys
S3 P17;Sound Blaster Live! 24-bit;C:\WINDOWS\System32\drivers\P17.sys

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 22:14:09
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-27 22:14:51 - machine was rebooted
.
--- E O F ---

Shaba

2007-11-28, 10:48

Hi

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/doc/1) - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Ykimoyls\xkstxdvg.dll
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - C:\Program Files\igelvfdk\tfimdlve.dll
O2 - BHO: (no name) - {4A54500A-65FE-4F4A-B860-20EAE2F577F9} - C:\WINDOWS\System32\qomlmlk.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v5.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll (file missing)
O4 - HKLM\..\Run: [mexe] C:\Program Files\Windows Media Player\mexe77798.exe
O4 - HKLM\..\Run: [{79-93-33-39-ZN}] c:\windows\system32\dwdsrngt.exe CHD001
O4 - HKLM\..\Run: [io43mvuiw4kj] C:\WINDOWS\io43mvuiw4kj.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: qomlmlk - C:\WINDOWS\SYSTEM32\qomlmlk.dll
O20 - Winlogon Notify: __c00DBF52 - C:\WINDOWS\System32\__c00DBF52.dat (file missing)
O23 - Service: Microsoft Inet Service - Unknown owner - C:\WINDOWS\System32\_svchost.exe (file missing)

Close all windows including browser and press fix checked.

Reboot.

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Documents and Settings\Cecil\p423ck.exe
C:\WINDOWS\system32\qomlmlk.dll
C:\sysxtgw.exe
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\nnnkihg.dll
C:\Program Files\xloader10181.exe
C:\WINDOWS\system32\drvkev.dll
C:\wndsoft.exe
C:\WINDOWS\system32\1E7C800c__.ini
C:\WINDOWS\MicroSoft.pif
C:\WINDOWS\MicroSoft.vbs
C:\wndgqgn.exe
C:\WINDOWS\hg173.exe
C:\WINDOWS\df87173.exe
C:\Documents and Settings\Megan\Start Menu\Programs\Startup\msn_0711_upd182301.exe

Folder::
C:\WINDOWS\system32\cc1
C:\WINDOWS\system32\rMa01yy
C:\Temp
C:\Program Files\E404 Helper
C:\Program Files\Ykimoyls
C:\Program Files\Evhyinuz
C:\WINDOWS\TWlsbGVyIEZhbWlseQ
C:\Program Files\MalwareAlarm
C:\Program Files\turwlcxk
C:\Program Files\Ftwaugze
C:\Program Files\igelvfdk
C:\WINDOWS\system32\oTt11e

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Shaba

2007-12-05, 11:19

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.