cmdservice [Archive] - Safer-Networking Forums

View Full Version : cmdservice

redtriforce

2007-12-06, 04:42

so yea i have this cmdservice or command service bug thing and i have tried over and over with other posts but i can't get it away. i would love some help if that could be possible.

thank you,
REDTRIFORCE

..............................................................

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:25:57 PM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\U3VzYW4gU3RlcGhlbnNvbg\command.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\s?stem32\m?iexec.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\HJT\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: 0 - {189C6B97-7B32-483F-1FA5-23CB2588CD3B} - C:\Program Files\Online Services\lacus620.dll
O2 - BHO: (no name) - {252332e1-87dc-40cc-9f30-8ca7bf21834f} - C:\WINDOWS\system32\fyxwmmi.dll
O2 - BHO: (no name) - {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} - C:\WINDOWS\system32\jkkhedc.dll
O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
O2 - BHO: (no name) - {75A12E54-0D4A-4058-8860-45C81E738B86} - C:\Program Files\Internet Explorer\hoqezijoq83122.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7C922AC2-9186-4423-9263-A20144D8CC59} - C:\WINDOWS\system32\jkhhg.dll
O2 - BHO: (no name) - {9AE14B2A-127C-4459-A869-6B6794E40A83} - C:\Program Files\Internet Explorer\hoqezijoq4444.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BAAEF336-608D-3974-DE5F-3AE600860CC4} - C:\WINDOWS\system32\mwr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.6\webbuying.exe
O4 - HKCU\..\Run: [Tair] "C:\WINDOWS\CURITY~1\cmd.exe" -vt yazb
O4 - HKCU\..\Run: [Pcbib] "C:\Program Files\Common Files\s?stem32\m?iexec.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O20 - Winlogon Notify: jkkhedc - C:\WINDOWS\SYSTEM32\jkkhedc.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U3VzYW4gU3RlcGhlbnNvbg\command.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\prolyhd.html

--
End of file - 7843 bytes

..............................................................

Wednesday, December 05, 2007 9:20:38 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/12/2007
Kaspersky Anti-Virus database records: 473542

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 72598
Number of viruses found 17
Number of infected objects 41
Number of suspicious objects 2
Duration of the scan process 00:42:34

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.6/wbuninst.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\James Stephenson\Application Data\acccore\nss\cert8.db Object is locked skipped

C:\Documents and Settings\James Stephenson\Application Data\acccore\nss\key3.db Object is locked skipped

C:\Documents and Settings\James Stephenson\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\James Stephenson\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped

C:\Documents and Settings\James Stephenson\Local Settings\Application Data\AOL OCP\AIM\Storage\data\redtriforce@gmail.com\localStorage\common.cls Object is locked skipped

C:\Documents and Settings\James Stephenson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\James Stephenson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\James Stephenson\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\James Stephenson\Local Settings\History\History.IE5\MSHist012007120520071206\index.dat Object is locked skipped

C:\Documents and Settings\James Stephenson\Local Settings\Temp\~DF35F8.tmp Object is locked skipped

C:\Documents and Settings\James Stephenson\Local Settings\Temporary Internet Files\Content.IE5\01UF052F\83122[1].exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\Documents and Settings\James Stephenson\Local Settings\Temporary Internet Files\Content.IE5\01UF052F\83122[1].exe/data0005 Infected: Trojan-Clicker.HTML.IFrame.dn skipped

C:\Documents and Settings\James Stephenson\Local Settings\Temporary Internet Files\Content.IE5\01UF052F\83122[1].exe NSIS: infected - 2 skipped

C:\Documents and Settings\James Stephenson\Local Settings\Temporary Internet Files\Content.IE5\01UF052F\TTC-4444[1].exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\Documents and Settings\James Stephenson\Local Settings\Temporary Internet Files\Content.IE5\01UF052F\TTC-4444[1].exe NSIS: infected - 1 skipped

C:\Documents and Settings\James Stephenson\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\James Stephenson\Local Settings\Temporary Internet Files\Content.IE5\U289AANN\tk58[1].exe Infected: Trojan.Win32.BHO.ab skipped

C:\Documents and Settings\James Stephenson\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\James Stephenson\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Internet Explorer\hoqezijoq4444.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\Program Files\Internet Explorer\hoqezijoq83122.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\Program Files\Online Services\lacus.dll Infected: Trojan.Win32.BHO.ab skipped

C:\Program Files\Online Services\lacus620.dll Infected: Trojan.Win32.BHO.ab skipped

C:\Program Files\Online Services\lacus943.dll Infected: Trojan.Win32.BHO.ab skipped

C:\Program Files\Online Services\prolyhd.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped

C:\Program Files\Outerinfo\FF\components\FF.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped

C:\Program Files\TTC.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{6B8BF05F-EEFE-4A41-96AD-B82E393DA7FC}\RP92\A0012108.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped

C:\System Volume Information\_restore{6B8BF05F-EEFE-4A41-96AD-B82E393DA7FC}\RP92\A0012117.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped

C:\System Volume Information\_restore{6B8BF05F-EEFE-4A41-96AD-B82E393DA7FC}\RP92\A0012120.exe Infected: Trojan-Downloader.Win32.Adload.ni skipped

C:\System Volume Information\_restore{6B8BF05F-EEFE-4A41-96AD-B82E393DA7FC}\RP92\A0012121.exe Infected: Trojan.Win32.Agent.crf skipped

C:\System Volume Information\_restore{6B8BF05F-EEFE-4A41-96AD-B82E393DA7FC}\RP92\A0012126.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{6B8BF05F-EEFE-4A41-96AD-B82E393DA7FC}\RP92\A0012126.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{6B8BF05F-EEFE-4A41-96AD-B82E393DA7FC}\RP92\A0012127.exe Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{6B8BF05F-EEFE-4A41-96AD-B82E393DA7FC}\RP92\A0012130.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{6B8BF05F-EEFE-4A41-96AD-B82E393DA7FC}\RP92\A0012148.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{6B8BF05F-EEFE-4A41-96AD-B82E393DA7FC}\RP92\A0012148.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{6B8BF05F-EEFE-4A41-96AD-B82E393DA7FC}\RP92\A0012149.exe Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{6B8BF05F-EEFE-4A41-96AD-B82E393DA7FC}\RP92\change.log Object is locked skipped

C:\WINDOWS\b122.exe Infected: Trojan-Downloader.Win32.Agent.erf skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\cbxvvuu.dll Infected: Trojan.Win32.Obfuscated.lf skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\efcyawu.dll Infected: Trojan.Win32.Obfuscated.lf skipped

C:\WINDOWS\system32\fccayab.dll Infected: Trojan.Win32.Obfuscated.lf skipped

C:\WINDOWS\system32\fyxwmmi.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\jkkhedc.dll Infected: Trojan.Win32.Obfuscated.lf skipped

C:\WINDOWS\system32\mwr.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped

C:\WINDOWS\system32\rev1\logidndr1.exe Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\WINDOWS\system32\v2\swdrv83122.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\WINDOWS\system32\v2\swdrv83122.exe NSIS: infected - 1 skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\tk58.exe Infected: Trojan.Win32.BHO.ab skipped

C:\WINDOWS\TTC-4444.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\WINDOWS\TTC-4444.exe NSIS: infected - 1 skipped

C:\WINDOWS\U3VzYW4gU3RlcGhlbnNvbg\asappsrv.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\WINDOWS\U3VzYW4gU3RlcGhlbnNvbg\command.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\ѕеcurity\cmd.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

Scan process completed.

ndmmxiaomayi

2007-12-06, 11:16

Hi redtriforce,

I see that you are using the Beta version of HijackThis. As this is a Beta program, it may not be stable and may cause problems for your computer. Please remove this version and download the stable version from here (http://downloads.malwareremoval.com/hijackthis_sfx1991.exe). Do Not run it directly via a browser. Save it to your desktop.

Step 1

Go to Start > Control Panel. Double click on Add/Remove Programs. Locate HijackThis 2.0.0 from the list of installed programs and click on the Change/Remove button to uninstall it. Close Add/Remove Programs and Control Panel.
Double click on hijackthis_sfx1991.exe to run it.
Click on the Unzip button. It will install HijackThis to C:\Program Files\HijackThis.
Double click on HijackThis.exe to run it.
Select Do a system scan and save a logfile. Please post back this log in your next reply.

Do not fix anything you see as not all entries are harmful and are needed for the normal functioning of Windows.

Step 2

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Please download Combofix from Bleeping Computer (http://download.bleepingcomputer.com/sUBs/ComboFix.exe). Save it to your desktop.

If you can't download it, please try these 2 alternative sites:

Forospyware (http://www.forospyware.com/sUBs/ComboFix.exe)
Geeks to Go (http://subs.geekstogo.com/ComboFix.exe)

Double click to run it. Follow the prompts. Once done, it will reboot and a log will be produced. Please post that log and a new HijackThis log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

Step 3

Open HijackThis.
Click on the Open the Misc Tools section button.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please post this log in your next reply.

In your next reply, please post:

Combofix log (C:\Combofix.txt)
A new HijackThis log
The Uninstall list

redtriforce

2007-12-06, 22:44

thank you so much for taking some time to help me with this.
but the uninstall list wouldn't save.

Logfile of HijackThis v1.99.1
Scan saved at 3:07:37 PM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\U3VzYW4gU3RlcGhlbnNvbg\command.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\tjpsewaa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\pdbcopy.exe,
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\nqfrgdla.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E728F9FC17D446BC57D5375FB0FB68AD6
O4 - HKLM\..\Run: [d8460028] rundll32.exe "C:\WINDOWS\system32\vncfnsmi.dll",b
O4 - HKLM\..\Run: [qpipsfoj] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\qpipsfoj.dll"
O4 - HKLM\..\Run: [ChkDsk32] c:\winyres.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.6\webbuying.exe
O4 - HKCU\..\Run: [Tair] "C:\WINDOWS\CURITY~1\cmd.exe" -vt ndrv
O4 - HKCU\..\Run: [Pcbib] "C:\Program Files\Common Files\s?stem32\m?iexec.exe"
O4 - HKCU\..\Run: [Pbuyl] C:\WINDOWS\system32\??curity\?hkntfs.exe
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\JAMESS~1\LOCALS~1\Temp\winlogon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U3VzYW4gU3RlcGhlbnNvbg\command.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\tjpsewaa.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GSCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe" "WUSB54GSC.exe (file missing)

redtriforce

2007-12-06, 22:46

ComboFix 07-12-02.6 - James Stephenson 2007-12-06 15:12:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.544 [GMT -6:00]
Running from: C:\Documents and Settings\James Stephenson\Local Settings\Temporary Internet Files\Content.IE5\IFONQL8J\ComboFix[1].exe
* Created a new restore point
.
ADS - svchost.exe: deleted 24064 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.\documents\settings\abc32.dll
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\All Users\Application Data.\qpipsfoj.dll
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\James Stephenson\~tmp1174.exe
C:\Documents and Settings\James Stephenson\Desktop\Find Spyware Remover.lnk
C:\Documents and Settings\James Stephenson\Desktop\Free Online Dating.lnk
C:\Documents and Settings\James Stephenson\Desktop\Go to Casino.lnk
C:\Documents and Settings\James Stephenson\Desktop\Live Safety Center.lnk
C:\Documents and Settings\James Stephenson\Desktop\Online Security Guide.lnk
C:\Documents and Settings\James Stephenson\Favorites\Online Security Guide.lnk
C:\Documents and Settings\James Stephenson\Start Menu\Programs\Outerinfo
C:\Documents and Settings\James Stephenson\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\James Stephenson\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\sstem3~1
C:\Program Files\Common Files\sstem3~1\m?iexec.exe
C:\Program Files\inetget2
C:\Program Files\Internet Explorer\hoqezijoq4444.dll
C:\Program Files\Internet Explorer\hoqezijoq83122.dll
C:\Program Files\Online Services\lacus.dll
C:\Program Files\Online Services\lacus620.dll
C:\Program Files\Online Services\lacus943.dll
C:\Program Files\Online Services\prolyhd.html
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\avp.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b111.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\curity~1
C:\WINDOWS\curity~1\??curity\
C:\WINDOWS\curity~1\cmd.exe
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\__c001D2F2.dat
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\bjfsmtae.dll
C:\WINDOWS\system32\cbxvvuu.dll
C:\WINDOWS\system32\curity~1
C:\WINDOWS\system32\curity~1\?hkntfs.exe
C:\WINDOWS\system32\drivers\protect.sys
C:\WINDOWS\system32\efcyawu.dll
C:\WINDOWS\system32\fccayab.dll
C:\WINDOWS\system32\fyxwmmi.dll
C:\WINDOWS\system32\gghjmdfj.ini
C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\ghhkj.ini2
C:\WINDOWS\system32\imsnfcnv.ini
C:\WINDOWS\system32\jfdmjhgg.dll
C:\WINDOWS\system32\jkkhedc.dll
C:\WINDOWS\system32\nqfrgdla.dllbox
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rev1
C:\WINDOWS\system32\rev1\logidndr1.exe
C:\WINDOWS\system32\rsrmcpdg.dll
C:\WINDOWS\system32\t21
C:\WINDOWS\system32\upwfogw.dll
C:\WINDOWS\system32\v2
C:\WINDOWS\system32\v2\swdrv83122.exe
C:\WINDOWS\system32\vncfnsmi.dll
C:\WINDOWS\system32\wapiisv.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\U3VzYW4gU3RlcGhlbnNvbg\
C:\WINDOWS\U3VzYW4gU3RlcGhlbnNvbg\\asappsrv.dll
C:\WINDOWS\U3VzYW4gU3RlcGhlbnNvbg\\command.exe
C:\WINDOWS\U3VzYW4gU3RlcGhlbnNvbg\\oapWsqb0oal5w315vBhSv0.vbs
C:\WINDOWS\U3VzYW4gU3RlcGhlbnNvbg\command.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_PROTECT
-------\LEGACY_SYSLIBRARY
-------\cmdService
-------\DomainService
-------\FCI
-------\protect
-------\SysLibrary

((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.

2007-12-06 15:26 . 2007-12-06 15:28 20,810 ---hs---- C:\WINDOWS\system32\nqfrgdla.dllbox
2007-12-06 15:04 . 2007-12-06 15:04 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-06 15:03 . 2007-12-06 15:03 36,928 --a------ C:\WINDOWS\system32\qerboxse.dll
2007-12-06 15:00 . 2007-12-06 15:00 36,928 --a------ C:\WINDOWS\system32\xprmokfx.dll
2007-12-06 15:00 . 2007-12-06 15:00 36,928 --a------ C:\WINDOWS\system32\dowwbaje.dll
2007-12-06 14:57 . 2007-12-06 14:57 36,928 --a------ C:\WINDOWS\system32\lcwfdrge.dll
2007-12-06 14:57 . 2007-12-06 14:57 36,928 --a------ C:\WINDOWS\system32\hluvaxnh.dll
2007-12-06 14:54 . 2007-12-06 14:54 36,928 --a------ C:\WINDOWS\system32\jcetkkew.dll
2007-12-06 14:54 . 2007-12-06 14:54 36,928 --a------ C:\WINDOWS\system32\cflcsvex.dll
2007-12-06 14:51 . 2007-12-06 14:51 74,304 --a------ C:\WINDOWS\system32\tjpsewaa.exe
2007-12-06 09:49 . 2007-12-06 09:49 <DIR> d-------- C:\tempo
2007-12-06 09:48 . 2007-12-06 09:48 66,048 --a------ C:\22B1.tmp
2007-12-06 09:48 . 2007-12-06 09:48 7,923 --a------ C:\WINDOWS\system32\DefLib.sys
2007-12-06 09:48 . 2007-12-06 09:48 1 --a------ C:\22B3.tmp
2007-12-06 08:55 . 2007-12-06 08:55 <DIR> d-------- C:\Program Files\E404 Helper
2007-12-06 08:55 . 2007-12-06 08:55 9,216 --a------ C:\Program Files\avp.exe
2007-12-05 23:33 . 2007-12-05 23:33 <DIR> d-------- C:\WINDOWS\sifmulfd
2007-12-05 23:33 . 2007-12-05 23:33 <DIR> d-------- C:\WINDOWS\PerfInfo
2007-12-05 23:33 . 2007-12-05 23:33 <DIR> d-------- C:\WINDOWS\KBOpt
2007-12-05 23:33 . 2007-12-05 23:33 71,680 --a------ C:\WINDOWS\efuzwvwr.dll
2007-12-05 23:33 . 2007-12-05 23:33 31,744 --a------ C:\winyres.exe
2007-12-05 23:33 . 2007-12-05 23:33 8,711 --a------ C:\winfkea.exe
2007-12-05 22:25 . 2007-12-05 22:25 145,984 --a------ C:\WINDOWS\system32\prlblcrd.dll
2007-12-05 22:25 . 2007-12-05 22:25 145,984 --a------ C:\WINDOWS\system32\nqfrgdla.dll
2007-12-05 16:18 . 2007-12-05 16:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-05 16:18 . 2007-12-05 16:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-05 16:13 . 2007-12-05 21:25 <DIR> d-------- C:\HJT
2007-12-05 16:06 . 2007-12-05 16:06 4,286 --a------ C:\WINDOWS\system32\MobileSidewalk.ico
2007-12-04 22:24 . 2007-12-04 22:24 331,872 --a------ C:\WINDOWS\system32\jkhhg.dll
2007-12-04 22:24 . 2007-12-04 22:24 35,840 --a------ C:\WINDOWS\17PHolmes572.exe
2007-12-04 22:19 . 2007-12-04 22:19 <DIR> d-------- C:\WINDOWS\system32\daSgo01
2007-12-04 22:19 . 2007-12-04 22:19 <DIR> d-------- C:\Temp\bkR11
2007-12-04 22:19 . 2007-12-06 15:22 <DIR> d-------- C:\Temp
2007-12-03 20:56 . 2007-12-03 20:56 <DIR> d-------- C:\Documents and Settings\James Stephenson\Application Data\acccore
2007-12-03 20:41 . 2007-12-03 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-03 20:41 . 2007-12-03 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-03 20:41 . 2007-12-03 20:41 21 --a------ C:\WINDOWS\atid.ini
2007-12-03 20:40 . 2007-12-03 20:41 <DIR> d-------- C:\Program Files\Viewpoint
2007-12-03 20:40 . 2007-12-03 20:40 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-12-03 20:40 . 2007-12-03 20:41 <DIR> d-------- C:\Program Files\AIM6
2007-12-03 20:40 . 2007-12-03 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-12-03 20:40 . 2007-12-03 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-12-03 20:40 . 2007-12-03 20:41 817 --ah----- C:\IPH.PH
2007-11-26 21:17 . 2007-11-26 21:19 <DIR> d-------- C:\Program Files\Smart PDF Converter Pro
2007-11-26 21:17 . 2007-11-26 21:18 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-25 12:46 . 2007-11-25 12:46 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-11-25 12:45 . 2007-11-25 12:45 <DIR> d-------- C:\WINDOWS\Sun
2007-11-24 12:14 . 2007-11-30 15:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-11-23 20:49 . 2007-11-23 20:49 <DIR> d---s---- C:\Documents and Settings\James Stephenson\UserData
2007-11-07 11:33 . 2007-11-07 11:33 <DIR> d-------- C:\Program Files\Cox
2007-11-07 11:20 . 2007-11-07 11:20 <DIR> d-------- C:\Program Files\Winspy
2007-11-07 11:20 . 2001-04-10 00:04 7,380 --a------ C:\WINDOWS\system32\winspy.tlb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 15:49 8,576 ----a-w C:\WINDOWS\system32\drivers\aec.sys
2007-12-06 15:48 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2007-12-05 12:34 --------- d-----w C:\Program Files\Steam
2007-12-05 05:01 --------- d-----w C:\Documents and Settings\James Stephenson\Application Data\LimeWire
2007-12-03 04:10 --------- d-----w C:\Documents and Settings\James Stephenson\Application Data\gtk-2.0
2007-11-18 20:24 --------- d-----w C:\Program Files\Common Files\Authentium Shared
2007-11-08 04:35 --------- d-----w C:\Program Files\TubeSucker
2007-10-31 19:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-10-06 20:16 --------- d-----w C:\Documents and Settings\Aaron Stephenson\Application Data\Apple Computer
2007-09-10 17:55 692,224 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47D160BD-3FF1-4D72-8D6E-E939F33130DD}]
2007-12-04 22:24 331872 --a------ C:\WINDOWS\system32\jkhhg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-12-05 22:25 145984 --a------ C:\WINDOWS\system32\nqfrgdla.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7FEA434-618D-372E-D85F-3AE600860292}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ed322492-1dd1-11b2-97dd-8ffbd4161bb8}]
2007-12-05 23:33 71680 --a------ C:\WINDOWS\efuzwvwr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
2007-12-06 08:55 17920 --a------ C:\Program Files\E404 Helper\e404.v5.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\nqfrgdla.dll [2007-12-05 22:25 145984]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\nqfrgdla.dll [2007-12-05 22:25 145984]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-11 18:13]
"Steam"="c:\program files\steam\steam.exe" [2007-11-29 16:43]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 09:20]
"Tair"="C:\WINDOWS\CURITY~1\cmd.exe" []
"Pcbib"="C:\Program Files\Common Files\s?stem32\m?iexec.exe" []
"Pbuyl"="C:\WINDOWS\system32\??curity\?hkntfs.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 16:42]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 18:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"ChkDsk32"="c:\winyres.exe" [2007-12-05 23:33]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-11 18:13]

C:\Documents and Settings\James Stephenson\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-08-16 16:00:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\abc32reg]
C:\Documents and Settings\All Users\Documents\Settings\abc32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nqfrgdla]
nqfrgdla.dll 2007-12-05 22:25 145984 C:\WINDOWS\system32\nqfrgdla.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qerboxse]
qerboxse.dll 2007-12-06 15:03 36928 C:\WINDOWS\system32\qerboxse.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c001D2F2]
__c001D2F2.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkhhg.dll

R0 a320raid;a320raid;C:\WINDOWS\system32\DRIVERS\a320raid.sys
R0 aac;PERC 320/DC SCSI RAID Miniport Driver;C:\WINDOWS\system32\DRIVERS\aac.sys
R0 aarich;aarich;C:\WINDOWS\system32\DRIVERS\aarich.sys
R0 megasas;DELL PERC RAID Driver;C:\WINDOWS\system32\drivers\megasas.sys
S4 vmscsi;vmscsi;C:\WINDOWS\system32\drivers\vmscsi.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d8d2858-41a0-11dc-95d3-000f1fe013f6}]
\Shell\AutoRun\command - E:\LinksysConnectPC.exe

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 21:00:24 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 15:27:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-06 15:30:09 - machine was rebooted
.
--- E O F ---

ndmmxiaomayi

2007-12-08, 09:19

Hi redtriforce,

Please go to C:\Program Files\HijackThis and right click on HijackThis.exe. Select Rename.
Type in scanner and press Enter.
Double click on scanner to run it.
Click on the Open the Misc Tools section button.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please post this log in your next reply.

ndmmxiaomayi

2007-12-14, 15:28

Hi redtriforce,

How's it going? Are you facing problems? Please let me know.